Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1wIueK-0000UK-1Z
	for pgsql-general@arkaria.postgresql.org;
	Fri, 01 May 2026 20:39:48 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1wIuSf-00CQf5-1Q
	for pgsql-general@arkaria.postgresql.org;
	Fri, 01 May 2026 20:27:45 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <mmoncure@gmail.com>)
	id 1wIuSe-00CQew-3A
	for pgsql-general@lists.postgresql.org;
	Fri, 01 May 2026 20:27:45 +0000
Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <mmoncure@gmail.com>)
	id 1wIuSc-00000003kmI-37M8
	for pgsql-general@postgresql.org;
	Fri, 01 May 2026 20:27:44 +0000
Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-505a1789a27so11021761cf.3
        for <pgsql-general@postgresql.org>; Fri, 01 May 2026 13:27:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1777667262; cv=none;
        d=google.com; s=arc-20240605;
        b=lEfcmEORamutyLopSFPYlIn0JFXF6TjGyHcpZCXYNf5WeyNAGn0cYsJB91dCjUbSCF
         t37cXkxoUcpNXBb+dz5Xv6lFIsPS3pzOg3qECmjdfJlFxZ769ZJnnO0mGbB2xuzqtmLn
         vRgMR697cHxcOZWDYX3tNjtwFvNhzX7CW2s7POvwXnuGxX/xpLAUbVU0POgsx8a4S2qo
         7tRi2nv6ynC5v5RJ8yuidzWFRVX0rNSGCroNA4itlDda2TeDuB59Va4L3J9LHH/4ipLE
         Zyavw9O01qJqngDG5qMw/VG5wKJOtPkTOHneNjoDFJli6jK9QWdvQYj99S3v0jTPNAz1
         segw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=5TdWcRI+u6+MVZuxFglO1MJ+aJ9KkM6YiYUp1D5oe3w=;
        fh=uacWkajKKK7j3sW6phBQDvKM/HEeQp/W2kuDzMeKxM0=;
        b=SLm8vA3KFkZpAjebnzMG1YNz+zkeMkxRUgCAb3FW+rLg4976HdIthOoKQ6+skdQxi1
         4Ko3ZTjueuXycBgIZ9VTHrP+gL+hxG7Gn2PvGu3zsG1ed3+azBhKvm95FiVTdcDvcLI1
         25iSrESi5oj1JyXJUsFSWN/ORAjfqDwgFhDeMLeciqQ8oE5FkfOu3+Gu1p8CibcxGpHf
         1PkiDYhiFHVhpxqcMRFw7mrwBA0nfE59ERvNfwE5+qmsvTpzvN8uCyjgdgpxeWV5M3Uc
         Tx7A+XLT01hHoZ6k88V1aEwXo/723MpMQNzGIzOlnuFUxGYrobYr+ldcDd3WEb5eFEql
         4iqQ==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1777667262; x=1778272062; darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=5TdWcRI+u6+MVZuxFglO1MJ+aJ9KkM6YiYUp1D5oe3w=;
        b=CWaidUxcwL+sBGOXTDyxdpLTUs44OpcpNJk6XKJAokzUFqLvwvvrhNiqQwnWaJuJMb
         oHmfB5YMM+IDbUbMsxdXy02d2Z5EZs++dxxQ29XcvKKlsJjKJaxGJY+Azg0oB0tAtI8y
         KMtTzeCkE4PDrY3F7Q4e/bry/cGwm4ARCjDhiaMPS86RyocFqKsFQk2+Gi6m8SMB6n64
         FHrcXLcADNN+Z1Rv2t1bY0x37YEljhJXHYJN7gSmQ9/ww9dKdYdfwNNBTDSMOaXqJsRE
         lLcHmBG/5utiUI9g639y0Bpb120nE7+RLC2xm+gddt6z0EJo4lZLacjcIZYOB0OhYpAh
         vf2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777667262; x=1778272062;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=5TdWcRI+u6+MVZuxFglO1MJ+aJ9KkM6YiYUp1D5oe3w=;
        b=S6v4nWqbzxnEYs4pW2EynVi8NgFY32SsnU0mEBi1yGR0gTGoNlcdjvkUGr1Acc+U5B
         tYGJZNMUOsYWSYcW0brhW/dtvaeQAf6ocslNCh1gBYKJYxHKTzzOZCkk3M5uOmw/hqyh
         HR8jzsNfX/l3M7jJTZAbK+q4Gv532hCwEDk6Cf3h0wWRQUU2lFp54yKf3NGCIDKlEot1
         6E/mLMTJvKyF8ypUWks/pkXZHRZGItgjpXn3m5b/vapPzu/Io10PZfHcmj94O95PC33G
         6i1fVTdSz80mTNTqO2J1O3ZZzXZ8feo7L0GxJiUPKeFopSJKL5SJor4DaLJX2tnYtaxw
         JsyQ==
X-Gm-Message-State: AOJu0YxRs/0gBWWsjuNuUG7UtoJcDcZTzt1sHqtdX67Z2816GEKIMp9U
	sip1KBwqOj10fFOLPxAQw428pp59CP1miTVzJf7oHsoLl/PaQZCAYKP5PuAEARNYvHgBJfIgcDh
	kTSWG6wUeJD0qsLHOthl9GMqgYEJpmHM=
X-Gm-Gg: AeBDiet5cn7+DPYs9Ut3yQInXcHHcDIys6+TPkPuUfiGIXIWTUn/n81Mu0Manb9I5Xg
	UgMJ1M5PYseuyp3bKUHefBbfmrKIClzHEiTlZk0acgFYUiGTUxaz2AWe5iucLdpFXUlyQKFSuO3
	+cbp74BI2tdtAM0aAWzMjtnzWrV4f49rbMqHQRxH52g7DQ7jkG10hkm727ZcDIq7EqMdxB0KvT3
	+eH77oUh0F5sLqUhJlpkO1SJHhHHkLslpr2AewcxWrqatGGxq33afsQsQ6niVLDz8Fyi5RrcZnm
	OEHFEl85miuuGGOalVpbfVvok+b1fKARoj6MZH85Fa2RMmozQXbA4kkgl+Q7rdIvognGMYOn0gs
	PJZIJiwgn
X-Received: by 2002:a05:622a:1648:b0:50e:5a33:672c with SMTP id
 d75a77b69052e-5104be89848mr13115511cf.17.1777667261993; Fri, 01 May 2026
 13:27:41 -0700 (PDT)
MIME-Version: 1.0
References: <4237964E-B88B-4F6B-AD3D-FD67C17ED480@relevantlogic.com>
In-Reply-To: <4237964E-B88B-4F6B-AD3D-FD67C17ED480@relevantlogic.com>
From: Merlin Moncure <mmoncure@gmail.com>
Date: Fri, 1 May 2026 14:27:30 -0600
X-Gm-Features: AVHnY4LXdjBdidhWFrVBUOzMCYqSXEvmjrZnh9q7jB3D3Y6NUO5DtMZ7c3U-PU0
Message-ID: <CAHyXU0yNBHF=yJG8-XAasedUagG=+PODje_RXZVuefWqhfuvdQ@mail.gmail.com>
Subject: Re: Describing the natural architecture for an internet-facing
 Postgres based app: feedback sought
To: "guyren@relevantlogic.com" <guyren@gmail.com>
Cc: PostgreSQL General <pgsql-general@postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000ae16ea0650c76944"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAHyXU0yNBHF%3DyJG8-XAasedUagG%3D%2BPODje_RXZVuefWqhfuvdQ%40mail.gmail.com>
Precedence: bulk

--000000000000ae16ea0650c76944
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 27, 2026 at 9:25=E2=80=AFPM guyren@relevantlogic.com <guyren@gm=
ail.com>
wrote:

> Coming from a Rails/PHP/etc world. All of those communities generally hol=
d
> that the database should be treated as a dumb data bucket with all the
> logic in the middleware.
>
> I=E2=80=99ve long thought someone should write up what the alternative
> architecture using Postgres to its fullest would look like. In order to
> differentiate it, I start from the security advantages and work forward.
>
> I=E2=80=99d love to get some feedback on it. Harsh criticism is most usef=
ul=E2=80=A6 :-)
>
> lydb.xyz/zero-authority-architecture
>

 I have been developing in this style for many years.  Application requests
in JSON/JSONB, and zero IQ middleware outside of caching, transport
authorization, etc.  Prior to JSON, I was doing it with composite types --
postgres has been able to do some variant of this since mid 8.x series.  I
can assure you, this style of architecture works, your core assumptions are
mostly correct, although I'd gently suggest taking a broader view on
application architecture vs authorization.  Generally speaking, it is a
very fast way to write robust applications quickly, and I've written highly
scalable enterprise applications in this style.

I'm not afraid to take things to the extreme.  If you want to see examples
backend rich coding in action, take a look at pgasync
<https://github.com/merlinm/pgasync> and especially pgflow
<https://github.com/merlinm/pgflow>, which is a airflow style orchestrator
written in a stored procedure daemon :-).

merlin

--000000000000ae16ea0650c76944
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Mon, Apr 27, 2026 at 9:25=E2=80=AFPM <=
a href=3D"mailto:guyren@relevantlogic.com">guyren@relevantlogic.com</a> &lt=
;<a href=3D"mailto:guyren@gmail.com">guyren@gmail.com</a>&gt; wrote:</div><=
div class=3D"gmail_quote gmail_quote_container"><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex"><div><span style=3D"font-size:19px">Coming from a Ra=
ils/PHP/etc world. All of those communities generally hold that the databas=
e should be treated as a dumb data bucket with all the logic in the middlew=
are.<br><br>I=E2=80=99ve long thought someone should write up what the alte=
rnative architecture using Postgres to its fullest would look like. In orde=
r to differentiate it, I start from the security advantages and work forwar=
d.<br><br>I=E2=80=99d love to get some feedback on it. Harsh criticism is m=
ost useful=E2=80=A6 :-)<br><br><a href=3D"https://lydb.xyz/zero-authority-a=
rchitecture/" target=3D"_blank"><font color=3D"#157EFB">lydb.xyz/zero-autho=
rity-architecture</font></a></span></div></blockquote><div><br></div><div>=
=C2=A0I have been developing in this style for many years.=C2=A0 Applicatio=
n requests in JSON/JSONB, and zero IQ middleware outside of caching, transp=
ort authorization, etc.=C2=A0 Prior to JSON, I was doing it with composite =
types -- postgres has been able to do some variant of this since mid 8.x se=
ries.=C2=A0 I can assure you, this style of architecture works, your core a=
ssumptions are mostly correct, although I&#39;d gently suggest taking a bro=
ader view on application architecture vs authorization.=C2=A0 Generally spe=
aking, it is a very fast way to write robust applications quickly, and I&#3=
9;ve written highly scalable enterprise applications in this style.</div><d=
iv><br></div><div>I&#39;m not afraid to take things to the extreme.=C2=A0 I=
f you want to see examples backend rich coding in action, take a look at=C2=
=A0<a href=3D"https://github.com/merlinm/pgasync">pgasync</a>=C2=A0and espe=
cially=C2=A0<a href=3D"https://github.com/merlinm/pgflow">pgflow</a>, which=
 is a airflow style orchestrator written in a stored procedure daemon :-).<=
/div><div><br></div><div>merlin</div><div><br></div><div><br></div><div><br=
></div><div><br></div><div>=C2=A0</div></div></div>

--000000000000ae16ea0650c76944--