Indeed, this was a very confusing conversation because of it.
If by client you mean "a web browser" then "a better approach is where there's code between the client and the database" makes perfect sense; but in the meaning of "client" where any code that calls the database is a client of the database, it's balderdash.
I honestly don't think that a "trust boundary" has anything to do with it, generally.
If by client you mean "a web browser" then "a better approach is where there's code between the client and the database" makes perfect sense; but in the meaning of "client" where any code that calls the database is a client of the database, it's balderdash.
I honestly don't think that a "trust boundary" has anything to do with it, generally.