|
Dear all,
I am writing an app that would run natively on some client
machines that should connect to a database as a single DB user and later pretend
to be more users (there's nothing new in this approach, I think). Now my problem
is the following. Authentication is password based, that means that the app has
to know it but Joe User must not (otherwise he could do arbitrary things with
the DB). DB passwords change over time and I think recompiling the app every
time the password changes is just silly.
So: how to store the DB access password so that Joe User
doesn't see it but the admin can update it when it is necessary? Should I have
an app on the server that the client would connect to or how?
I am using stored procedures for everything but
selects (in fact - imitating object oriented programming on the PgSQL server),
but I am not quite sure I could prevent anyone from using "delete" on a table
who would use a stored function for that. How could I force people to
use my stored functions for insert, update and delete operations instead of
insert, update, delete commands in the DB?
Thanks in advance
Zoltan |
