I'm making a website with multiple login users and I want to setup row-level-security so that my app can scale. I have a lot of many-many relations with access defined via join-tables. I don't want to have to append each db query with a very long where clause each time and I heard row-level-security was the best approach. I connect to postgres in NodeJS via the 'pg' library and query the db usingpool.query('sql string', [params]) . The user-id is safely stored and retrieved in a json-web-token, so I'm not worried about that. Questions is, how to I apply the user-id to each db query. Is prepending each query with a"SET my.some_session_variable = user_id" safe? If multiple users are querying the database at once could these multiple set session variables interfere with each other? If row-level-security is not recommended what is the best approach?
Submitted July 22, 2020 at 03:50AM by TheWebDever
No comments:
Post a Comment