Re: Password encryption method

From: Richard Troy <rtroy(at)ScienceTools(dot)com>
To: Bruno Wolff III <bruno(at)wolff(dot)to>
Cc: <pgsql-general(at)postgresql(dot)org>, Andrus <kobruleht2(at)hot(dot)ee>
Subject: Re: Password encryption method
Date: 2007-01-23 17:01:56
Message-ID: Pine.LNX.4.33.0701230858050.24768-100000@denzel.in
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general


On Mon, 22 Jan 2007, Bruno Wolff III wrote:
> On Mon, Jan 22, 2007 at 20:25:48 +0100,
> Bertram Scharpf <lists(at)bertram-scharpf(dot)de> wrote:
> >
> > What I want to do is the following:
> >
> > 1. Login in from a program on a client as a particualar user.
>
> For this case you shouldn't need to do anything tricky as long as the user
> is login in as themselves. Just prompt the user for their password and use it
> when you open a connection to the database. If you are trying to have the
> program login without the user being able to steal or borrow the credentials,
> then you have a serious design flaw.

I'm quite certain I missed the start of this thread, but just looking at
the above paragraph as it stands:

Design flaw? Perhaps an _incomplete_ design, but it's only a design flaw
if not finished off properly. One way to do this cleanly is to use a
program that has the suid bit set so it runs as the program's file owner
(optionally group), and this program accesses the password and provides
the database access.

Richard

--
Richard Troy, Chief Scientist
Science Tools Corporation
510-924-1363 or 202-747-1263
rtroy(at)ScienceTools(dot)com, http://ScienceTools.com/

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Erick Papadakis 2007-01-23 17:18:20 Re: Installing PostgreSQL under Cpanel
Previous Message Merlin Moncure 2007-01-23 17:01:04 Re: CREATE FUNCTION Fails with an Insert Statement in it