|
|
|
|
|
|
by SahAssar
1420 days ago
|
|
|
I've experimented with this as an alternative API layer. When using role-based RLS in postgresql and being strict with what is exposed to application users it can be quite nice, but it also brings in a lot of additional considerations. Things like rate-limiting, caching, timeouts, access logging, etc. are all very much standard practice on a HTTP or RPC layer, but not so much for a SQL interface. When using postgrest (a REST layer on top of postgresql) I've considered just exposing the same API over SQL since I already have the authZ fully implemented in the DB but I still don't know if I want to implement everything else that goes along with a api in the DB. |
|
|