alt Hacker NewsI have never suggested that there's something wrong with RLS nor that RLS and an application should be mutually exclusive, as I've pointed out multiple times now.
I have never suggested that there's something wrong with RLS nor that RLS and an application should be mutually exclusive, as I've pointed out multiple times now.
Right, I'm just saying that, in practice, most web applications don't use it. From what I've seen. So in a relative sense, this is an improvement. And I think that's generally how we should view security. Within the context of the threat model.