Re: Disallow access from psql, or allow access only from specific client app

From: Chris Travers <chris(dot)travers(at)gmail(dot)com>
To: Mario Puntin <mariomop(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Disallow access from psql, or allow access only from specific client app
Date: 2011-07-24 21:52:29
Message-ID: CAKt_Zft-VQDTXq08bcUZVrJabh808Kbpr22AS7i+HQbX7+hRBA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Sun, Jul 24, 2011 at 2:36 PM, Mario Puntin <mariomop(at)gmail(dot)com> wrote:
>
> Hi everybody:
> I searched the web trying to find an answer to this, but found none. I have
> a postgresql server and a database, and I granted access to some users.
> However I want them to access the data only through some specific client
> application. I do not want them to have access through psql or some other
> kind of client app. But, as I created them a user/pass they could use them.
> What would you do?
> Thanks in advance.
>
>
The key thing is that you are going to have to have some way to
restrict access. The protocol itself does not include any way of
authenticating the application per se to be an approved one (and that
is a challenging task if attempted, probably impossible to do
securely).

So what that leaves is the ability to restrict access based on
incoming connection characteristics. This probably means some sort of
middleware serving the app, and other connections being denied in the
pg_hba.conf

Best Wishes,
Chris Travers

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Chris Curvey 2011-07-24 22:21:30 Re: Disallow access from psql, or allow access only from specific client app
Previous Message Lonni J Friedman 2011-07-24 21:48:31 Re: Disallow access from psql, or allow access only from specific client app