On Sun, Dec 16, 2012 at 05:51:23PM +0100, Peter Bex wrote: > The best solution I can come up with is not provide a web UI at all > but let the user connect directly to the database using a secure > method (e.g. SSL client certs, GSSAPI etc). Speaking of which, a custom implementation of the GSSAPI might be feasible. I don't have experience with the API, but presumably you can accept a password once, generate a GSSAPI ticket and store *that* in the user's session file or cookie. Any succesful attack will only be able to get that one ticket. If the server is compromised you can revoke all currently active tickets. Assuming you're using HTTPS and store cookies with the "secure" attribute, this could be a safe way to do things. It's probably not easy or available out-of-the-box though! I think the Postgres docs could use some improvement on how to use GSSAPI; they're pretty terse! If I understand the Kerberos section correctly, it's even possible to avoid passwords altogether by using mod_auth_kerb and a browser extension that allows talking to this module. That would be even better, but might not be acceptable if you want to allow users to connect using vanilla webbrowsers. Cheers, Peter -- http://sjamaan.ath.cx -- "The process of preparing programs for a digital computer is especially attractive, not only because it can be economically and scientifically rewarding, but also because it can be an aesthetic experience much like composing poetry or music." -- Donald Knuth -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
