Search Postgresql Archives

Re: How to allow users to log on only from my application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>> My application implements field and row level security.
>> I have custom table of users where user privileges are described.
>>
>> However user can login directly to database using pgAdmin. This bypasses
>> the security.
>>
>> How to allow users to login only from my application ?
>> I think I must create server-side pgsql procedure for login validation.

Say that your application offers a way for each user to set/change his own password.

When I (using your application) change my password, you could combine my new password with a secret value and then send the result to the PG server (so now the PG server thinks that my password is my_password+your_secret).

Then each time I log into your application (and I provide a password), you combine my password with the same secret before sending the login request to the PG server.

Every user can have his/her own account (in the PG server) but they won't be able to log into the server without going through your application first.

Does that help?


            -- Korry


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux