Antonis Christofides wrote:
> But I think that checking user privileges at the database level is
> better. I think it's simpler and more secure, and if later you also
> want to create nonweb apps, you won't have any more
> authentication/privilege headaches. For this reason, in a web app
> I've made, the app connects to the database as user postgres, and
> after authenticating (receives user's password, checks with pg_shadow,
> and uses session cookie) uses "set session authorization" in order to
> lower its privileges.
What stops the user code from issuing a "RESET SESSION AUTHORIZATION"
command, say from a SQL injection, thus regaining superuser privileges?
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.