| From: | Bohdan Linda <bohdan(dot)linda(at)seznam(dot)cz> |
|---|---|
| To: | Steve Manes <smanes(at)magpie(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Password safe web application with postgre |
| Date: | 2008-05-15 16:32:10 |
| Message-ID: | 20080515163210.GA2724@bafster.baflabs.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
thank you everyone for the answers. I went through and I forgot add one
thing. The web-app is frontend, thus basically PL/PGSQL launcher and all
changes are audited, so common login is unwelcome.
On Thu, May 15, 2008 at 05:40:49PM +0200, Steve Manes wrote:
> I keep the user's login credentials in a TripleDES-encrypted,
> non-persistent cookie, separate from session data.
>
This is the approach I am/will be heading to. Having the cookie with login
and password encrypted on user side, HTTPS connection, and what was said
in previous emails about not storing credentials in cookies any ideas of
weak sides? Moreover if parts of decryption keys will be unique to the
sessions and stored in session on a server?
PS. Appologies for going slightly OT as this is becoming more general than
pgsql.
Thank you,
Bohdan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jasbinder Bali | 2008-05-15 16:39:23 | DB Locks |
| Previous Message | Craig Ringer | 2008-05-15 16:29:15 | Re: Password safe web application with postgre |