I'm writing the database backend to a web application. Being paranoid I
want to limit the damage/exposure that the application can do.
One way would be to create a database user for each application user
(i.e. login name) and to create views for each user, not giving them any
permissions on sensitive tables but only letting them see their own data
through the views. How would that affect the database as the number of
users climbs through the hundreds to the thousands? Would the thousands
of views slow the database down? Is there an upper limit to the number
of views?
--
Bruce
Bitterly it mathinketh me, that I spent mine wholle lyf in the lists
against the ignorant.
-- Roger Bacon, "Doctor Mirabilis"