top | item 13642484

(no title)

icot | 9 years ago

Yes, we found the same issue. We worked around this by organizing our application (an admittedly basic REST API) in two layers. The external one exposed to API consumers, developed in a language/framework you may like (Python/Tornado for us), and the internal data access layer which uses Postgrest, and is only accessed locally from within the REST API application servers

discuss

rubber_duck|9 years ago

Why not just query the database using standard drivers then ? What am I missing here ?

spdionis|9 years ago

Maybe the the exposed application acts like a proxy for the internal apis, only check authentication info and pass on the request to the postgrest servers.

ruslan_talpa|9 years ago

I know the docs are lacking but have you guys looked into how roles + RLS + views can work together to solve authorization?