Re: [GENERAL] Limiting DB access by role after initial connection?

On Thu, Jun 08, 2017 at 22:37:34 -0700,
  Ken Tanzer <ken.tanzer@gmail.com> wrote:
>
>My approach was to have the initial connection made by the owner, and then
>after successfully authenticating the user, to switch to the role of the
>site they belong to.  After investigation, this still seems feasible but
>imperfect.  Specifically, I thought it would be possible to configure such
>that after changing to a more restricted role, it would not be possible to
>change back.  But after seeing this thread (

How are you keeping the credentials of the owner from being compromised? It
seems if you are worried about role changing, adversaries will likely also
be in a position to steal the owner's credentials or hijack the connection
before privileges are dropped.