Stephen Frost wrote:
> > Don't have a database user for each application user, but use
> > one database user for the application to connect to the database.
>
> This makes the application have to handle all of the authentication and
> authorization for the user, which certainly requires not only more code
> in the application but may also be more complex.
True, if you give administrative application users the CREATEROLE privilege,
you can map database users to application users and have the database handle
application user management.
It is something I do not see often in the wild, but that does not mean
it is a bad thing (unless you want the application to work with different DBMS).
Yours,
Laurenz Albe