Skip site navigation (1) Skip section navigation (2)

client authentication towards postgresql in php?

From: Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>
To: pgsql-php(at)postgresql(dot)org
Subject: client authentication towards postgresql in php?
Date: 2003-11-09 15:52:28
Message-ID: 20031109165228.45503144.struck.d@retrovirology.lu (view raw or flat)
Thread:
Lists: pgsql-php
Hello,


I am searching for a secure way to handle client authentication in php towards postgresql.

Let me explain what I like to setup:

Client will connect to the application via Apache.
The authentication of the clients will be done over ssl and the certificates of the clients will be stored on smartcards.
(I have written a small documentation how to setup this at www.opensc.org).
Next I will read in the PHP application environment variables of apache to know if the user was correctly authenticated by apache.

In postgresql I would like to create for every client a user.
Purpose: automatically log every action like update/delete of users by rules without requiring scripts in php.

The problem I have is to authenticate the client to postgresql.
Of course I could save the passwords for the clients in a text file accessible by the php application, but I don't like the idea of this file lying around on the hard drive.

I thought about using Kerberos in this setup, sort of:

1.apache authenticates the client (two way ssl with smartcards)
2. client receives a ticket from kerberos
3. which php could forward to postgresql.

Is this possible?

Maybe someone knows another secure way of authenticating users to postgresql in a web application?


Best regards,
Daniel Struck


-- 
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barblé
L-1210 Luxembourg

phone: +352-44116105
fax:   +352-44116113
web: http://www.retrovirology.lu
e-mail: struck(dot)d(at)retrovirology(dot)lu

Responses

pgsql-php by date

Next:From: Muhyiddin A.M HayatDate: 2003-11-10 05:50:15
Subject: View image in bytea field from php
Previous:From: Daniel StruckDate: 2003-11-09 15:37:16
Subject: Re: Reducing duplicated business rules

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group