On May 9, 2007, at 2:09 PM, Daniel Cristian Cruz wrote:
> It's a web application user. I was trying to make some database magic,
> hardening SQL injections... But its wrong, the application must be
> secure. Unfortunelly I can't have a database user for each web user...
I don't see the issue if users don't connect directly to the
database, only through your web application. You then have complete
control over any query executed. You should not have to worry about
SQL injection if you use prepared queries and stored procedures.
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL