Techly NewsGet the app

Get the latest tech news

Using JWT to establish a trusted context for Row Level Security


Using RLS can be cumbersome, because it's usually expected to rely on the user name. Could we use JWT to establish a 'trusted context'?

If the filter uses some sort of “tenant ID”, and the user can change it to an arbitrary value, that would break the RLS concept. Roles are database objects and need to be managed at that level (it’s more a task for a DBA than an app developer). The context could be generated by a separate system, to limit access to the private key and minimize the attack surface.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of JWT

JWT

Photo of Row Level Security

Row Level Security

Photo of trusted context

trusted context

« The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal
Xi’s Speech, Advanced Drones in Focus at China’s Military Parade »