From: | Paul Lambert <paul(dot)lambert(at)autoledgers(dot)com(dot)au> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: How to allow users to log on only from my application not from pgadmin |
Date: | 2007-02-01 01:24:51 |
Message-ID: | 45C14163.2040408@autoledgers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Andrus wrote:
>> Run the application on a machine you control. Then the application can
>> authenticate without the users being able to steal or piggyback on its
>> credentials.
>
> Thank you for reply.
>
> My application is GUI applicatio which must run in customer computer and
> accesses to 5432 port in remote PostgreSQL server located in customer side
> over internet.
> I cannot control customer computers.
>
> Andrus.
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: In versions below 8.0, the planner will ignore your desire to
> choose an index scan if your joining column's datatypes do not
> match
>
>
If the users have access to the database via having a username/password
then it seems to me that they could use basically anything to connect
via ODBC to the database and retrive/look at/update data. M$ Excel,
Acces, reporting things like crystal reports etc and of course pgAdmin.
If you hide the database username and password within your application
(i.e. encrypted within the source code) so they cannot see the
credentials that you connect to the database with internally then they
have no means by which to connect to it using any other programs.
What I gather is users in your case are set up as database users rather
then having a users table on which your application authenticates. The
downside of doing it the way you are doing it is always going to be that
any user with a database username and password can connect to the
database by any means they come by. I'm no Postgres expert, but I'm sure
like any other RDBMS, postgres does not know, nor care, what application
is doing the connection but rather just accepts an ODBC connection and
the credentials that are passed to it.
Regards,
Paul.
--
Paul Lambert
Database Administrator
AutoLedgers
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Walker | 2007-02-01 01:51:59 | Re: How to allow users to log on only from my application not from pgadmin |
Previous Message | Tom Lane | 2007-02-01 00:42:26 | Re: Problem loading pg_dump file |