| From: | Bertram Scharpf <lists(at)bertram-scharpf(dot)de> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Cc: | Bruno Wolff III <bruno(at)wolff(dot)to>, Andrus <kobruleht2(at)hot(dot)ee> |
| Subject: | Re: Password encryption method |
| Date: | 2007-01-22 19:25:48 |
| Message-ID: | 20070122192548.GA11537@bart.bertram-scharpf.homelinux.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
Am Montag, 22. Jan 2007, 10:25:33 -0600 schrieb Bruno Wolff III:
> I didn't give an opinion on whether or not the whole approach was a good
> idea or not, since there wasn't enough detail in the original question.
What I want to do is the following:
1. Login in from a program on a client as a particualar user.
2. Login from a series of scripts run by Apache on localhost
('trust' authentication method). Of course, I won't hand the
password through web pages. Therefore I store something like a
'session cookie' in a table. Next time I log in as a superuser,
read the appropriate entry and immediately do a "set session
autorization". The first step can be done in two ways: (a) I write
a special login routine, (b) I log in as any other script and do
the password check against pg_authid using the function I proposed.
Before I decide how I will solve it: thanks a lot for your
answers and for the discussion.
Bertram
--
Bertram Scharpf
Stuttgart, Deutschland/Germany
http://www.bertram-scharpf.de
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Fitzpatrick | 2007-01-22 19:29:50 | Re: MSSQL/ASP migration |
| Previous Message | Heikki Linnakangas | 2007-01-22 19:24:20 | Re: [HACKERS] Autovacuum Improvements |