This is pretty much a solution to a non-problem though.
There are -huge- problems in web-application-security for sure. Keeping A from being able to
impersonate B when A has complete read-access to the entirety of the database typically isn't
Get me right, in principle any improvement is a good thing. You'd be better off fixing
SQL-injection in the first place though, as this method primarily defends against that. And
it's not as if fixing sql-injection is difficult.