Re: Password safe web application with postgre

From: Bohdan Linda <bohdan(dot)linda(at)seznam(dot)cz>
To: Steve Manes <smanes(at)magpie(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Password safe web application with postgre
Date: 2008-05-15 16:32:10
Message-ID: 20080515163210.GA2724@bafster.baflabs.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello,

thank you everyone for the answers. I went through and I forgot add one
thing. The web-app is frontend, thus basically PL/PGSQL launcher and all
changes are audited, so common login is unwelcome.

On Thu, May 15, 2008 at 05:40:49PM +0200, Steve Manes wrote:
> I keep the user's login credentials in a TripleDES-encrypted,
> non-persistent cookie, separate from session data.
>

This is the approach I am/will be heading to. Having the cookie with login
and password encrypted on user side, HTTPS connection, and what was said
in previous emails about not storing credentials in cookies any ideas of
weak sides? Moreover if parts of decryption keys will be unique to the
sessions and stored in session on a server?

PS. Appologies for going slightly OT as this is becoming more general than
pgsql.

Thank you,
Bohdan

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Jasbinder Bali 2008-05-15 16:39:23 DB Locks
Previous Message Craig Ringer 2008-05-15 16:29:15 Re: Password safe web application with postgre