| From: | <korryd(at)enterprisedb(dot)com> |
|---|---|
| To: | "Andrus" <kobruleht2(at)hot(dot)ee> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: How to allow users to log on only from my application |
| Date: | 2007-02-01 18:43:51 |
| Message-ID: | 1170355431.6941.193.camel@sakai.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> >> My application implements field and row level security.
> >> I have custom table of users where user privileges are described.
> >>
> >> However user can login directly to database using pgAdmin. This bypasses
> >> the security.
> >>
> >> How to allow users to login only from my application ?
> >> I think I must create server-side pgsql procedure for login validation.
Say that your application offers a way for each user to set/change his
own password.
When I (using your application) change my password, you could combine my
new password with a secret value and then send the result to the PG
server (so now the PG server thinks that my password is my_password
+your_secret).
Then each time I log into your application (and I provide a password),
you combine my password with the same secret before sending the login
request to the PG server.
Every user can have his/her own account (in the PG server) but they
won't be able to log into the server without going through your
application first.
Does that help?
-- Korry
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Wormley | 2007-02-01 18:51:11 | Re: What's the best way to index this table for speed? |
| Previous Message | Carl Lerche | 2007-02-01 18:42:30 | What's the best way to index this table for speed? |