Re: Webappication and PostgreSQL login roles

Thorsten Kraus wrote:
> No idea??

You'd need an authenticated user to call that stored procedure in the
first place. It is kind of a chicken-and-egg problem.

Usually people create a user for the webapp. This user makes the first
connection to the database.
After that you probably could define a security-definer procedure that
handles further authentication (to an actual schema, for example).

I have to admit I have never done this myself; but this is what I recall
from previous discussions on similar topics.

> Thorsten Kraus schrieb:
>> Hi,
>>
>> I designed a Java web application. The persistence layer is a
>> PostgreSQL database. The application needs user authentication.
>> I think it's a good choice to implement this authentication mechanism
>> via PostgreSQL login roles. So I can create several database login
>> roles and set the database permissions to this login roles. This is my
>> first project with the postgres database, so I don't know how I can
>> validate a login from the website. Is there a best practice to do this
>> or does PostgreSQL offers a stored procedure like
>> 'authenticateUser(String username, String password)'?
>>
>> Thanks for your help.
>>
>> Bye,
>> Thorsten

--
Alban Hertroys
alban(at)magproductions(dot)nl

magproductions b.v.

T: ++31(0)534346874
F: ++31(0)534346876
M:
I: www.magproductions.nl
A: Postbus 416
7500 AK Enschede

// Integrate Your World //