| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Doubts regarding postgres Security |
| Date: | 2017-01-22 02:18:58 |
| Message-ID: | 1c978e3f-b927-9702-a4af-617a1b2b058d@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 1/21/2017 1:37 PM, Stephen Frost wrote:
> * PAWAN SHARMA (er(dot)pawanshr0963(at)gmail(dot)com) wrote:
>> So, there is no solution for my first question, we need if users enter the
>> wrong password more than 5 times than their account gets locked and then
>> only DBA will unlock this account.
> I understood the question and there is an answer- use PAM.
>
> The other option is to not use password-based authentication with PG and
> instead use a better method such as certificate-based auth or GSSAPI.
or just don't let 'users' connect directly to the database at all.
users run an app (or browser), which talks to an app server, which has
the business logic and does the database connection and executes the
business logic specific queries.
--
john r pierce, recycling bits in santa cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Aguayo Garcia-Rada | 2017-01-22 02:43:11 | Re: PgPool or alternatives |
| Previous Message | Stephen Frost | 2017-01-21 23:10:36 | Re: Doubts regarding postgres Security |