From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
---|---|
To: | Paul Lambert <paul(dot)lambert(at)autoledgers(dot)com(dot)au> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: How to allow users to log on only from my application not from pgadmin |
Date: | 2007-02-01 15:07:45 |
Message-ID: | 20070201150745.GA17094@wolff.to |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Thu, Feb 01, 2007 at 10:24:51 +0900,
Paul Lambert <paul(dot)lambert(at)autoledgers(dot)com(dot)au> wrote:
>
> If you hide the database username and password within your application
> (i.e. encrypted within the source code) so they cannot see the
> credentials that you connect to the database with internally then they
> have no means by which to connect to it using any other programs.
This is not real security. Encrypting the data in the application only works
if the application is running on a computer you control. If the "customer"
can get their own copy of the client and run it on a computer they control
then they can steal or borrow the applications credentials.
You want to either run the app on a computer you control or have a contract
with the customers prohibiting them from connecting to the database other than
by using the app.
From | Date | Subject | |
---|---|---|---|
Next Message | A. Kretschmer | 2007-02-01 15:13:28 | Re: Time Input with format HH.MM.SS |
Previous Message | DANTE Alexandra | 2007-02-01 14:58:08 | Time Input with format HH.MM.SS |