Search Postgresql Archives

Re: How to allow users to log on only from my application not from pgadmin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/29/07, Andrus <kobruleht2@xxxxxx> wrote:
My application implements field and row level security.
I have custom table of users where user privileges are described.

However user can login directly to database using pgAdmin. This bypasses
the security.

How to allow users to login only from my application ?
I think I must create server-side pgsql procedure for login validation.

How to implement custom authentication in server side ?

How to force PostgreSQL to call stored procedure for user logon validation
when user logins to PostgreSQL ?

1. Make sure your application does not log in as database superuser.
Grant access to all tables but do not give the super user account/pw
to your customers or your application.
2..You can disable pgadmin/psql by doing things like:

revoke select on pg_proc to public;

This will completely hose pgadmin and also make it hard to work from
psql.  It will not hurt your ability to run functions.  Keep in mind
you cannot reduce access to below what is allowed by the application,
just make it a bit harder to browse the database, etc.

merlin


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux