Search Postgresql Archives

Re: How to allow users to log on only from my application

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Say that your application offers a way for each user to set/change  
> his own password.
>
> When I (using your application) change my password, you could  
> combine my new password with a secret value and then send the  
> result to the PG server (so now the PG server thinks that my  
> password is my_password+your_secret).

This is a special case of (2,2) secret sharing:

   http://en.wikipedia.org/wiki/Secret_sharing

Here the secret is the actual password, a+b, shared into two parts, a  
and b. The above scheme suffers from the problem that the user now  
knows quite a lot about the secret.  

Hmmm... how would the user know anything about the secret unless he could somehow get to the resulting combined password?

For example, if my password is "chocolate" and the application secret is "fudge", I can't recover any part of the combination "chocolate-fudge" unless I can:

a) see "chocolate-fudge" in the network data stream (assume that I can't because Andrus is smart enough to avoid sending cleartext passwords over the net)
b) see "chocolate-fudge" in the PG password table (again, Andrus is smart enough to use MD5 authentication so "chocolate-fudge" is never stored on the server)

If this is an issue, there are  
more sophisticated combining schemes that give the user no advantage  
over someone who knows neither half of the secret.

Absolutely, but I wanted to get the basic idea across.  Andrus' application knows the correct password for each user (or, more precisely, his application knows how to derive the correct password from the user-supplied password - Andrus doesn't have to store each password on the client side or anything like that) so his application can log in, but the users don't know any valid passwords so they can't get into the database with a tool like PgAdmin.

So, in your opinion, this isn't a crazy idea?  It should work?  But it could be made more secure if Andrus is particularly paranoid.

            -- Korry

P.S. Thanks for the feedback.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux