I’m not sure if I’m wording this correctly, since most of my google results seem to show articles on how to set up https to a db, but basically I’m wondering on the proper design principles for securing access to a database in the following setup:
Currently I have one account on my db for my backend web server. My front end server then interacts with the backend via an API, but I was thinking how should I properly scope my API calls or data to ensure users can’t access other users data? I’m using Postgres, and was thinking every table should have a column with a userID so that the data can be scoped to a user, or should I be creating a user in my db for every user in my app and use row level permissions, then have my backend server authenticate to the db server as that role?
submitted by /u/plunk2000
[link] [comments]
from Software Development – methodologies, techniques, and tools. Covering Agile, RUP, Waterfall + more! https://ift.tt/3yiBcZr
Ameer Academy 