| From: | "John D(dot) Burger" <john(at)mitre(dot)org> |
|---|---|
| To: | "pgsql-general postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Fwd: How to allow users to log on only from my application |
| Date: | 2007-02-01 19:40:11 |
| Message-ID: | 5E5F980C-7493-4B01-9386-1F86EE4A9D71@mitre.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
<korryd(at)enterprisedb(dot)com> wrote:
> Say that your application offers a way for each user to set/change
> his own password.
>
> When I (using your application) change my password, you could
> combine my new password with a secret value and then send the
> result to the PG server (so now the PG server thinks that my
> password is my_password+your_secret).
This is a special case of (2,2) secret sharing:
http://en.wikipedia.org/wiki/Secret_sharing
Here the secret is the actual password, a+b, shared into two parts, a
and b. The above scheme suffers from the problem that the user now
knows quite a lot about the secret. If this is an issue, there are
more sophisticated combining schemes that give the user no advantage
over someone who knows neither half of the secret.
- John D. Burger
MITRE
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-02-01 19:41:04 | Re: I "might" have found a bug on 8.2.1 win32 |
| Previous Message | Bruce Momjian | 2007-02-01 19:20:45 | Re: possible typo on 8.2 manual |