| From: | Shridhar Daithankar <shridhar_daithankar(at)myrealbox(dot)com> |
|---|---|
| To: | C G <csgcsg39(at)hotmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Users and session ids |
| Date: | 2003-12-11 06:55:35 |
| Message-ID: | 3FD814E7.7080105@myrealbox.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
C G wrote:
> Dear All,
>
> I wonder if anyone can advise me with this problem.
>
> 1. A user logs into the database (through web, webservice, some other
> piece of software) - connect(user="joe",passwd="blogs")
> 2. We generate a random session key which will expire in 1 hour. Put
> this in table (user, SessKey, time).
> 3. Give key to user.
> 4. User wants to do something else, so passes us the session key.
> 5. How do we use this session key to log the user into the database,
> i.e. how do we get the username and passwd to enable:
> connect(user="joe",passwd="blogs").
It is involved at multiple steps.
1. Use a connection pool, all connecting as superuser
2. Authenticate user with opening a new connection
3. Store a map of user session key v/s username/userid in application.
4. Use set session authorization after verifying the key.
It could have been good if postgresql could authenticate over an existing
connection or make set session authorisation accept username/password. But
anyways.. that is not such a big hassle except for the fact that each
authorisation costs starting/killing one connection
HTH
Shridhar
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Gibson | 2003-12-11 08:42:01 | Storing Snapshot Data |
| Previous Message | CSN | 2003-12-11 06:44:01 | sequences not renamed with tables |