|
|
|
|
|
|
by atonse
1124 days ago
|
|
|
It is highly appealing to have that defense in depth. However, when building a prototype or a product, not having experience in it causes me to worry that we will end up being stuck with a choice where it's very hard to pull ourselves out of. So instead we've stuck to having that filtering logic in the application side. The main concern is how user auth/etc works in Postgres. (lack of knowledge, not lack of trust). Because we also have complex filtering like, "let me see all the people in my team if I have this role, but if i'm a public user, only show this person" etc |
|
|