| From: | Richard Troy <rtroy(at)ScienceTools(dot)com> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
| Cc: | <pgsql-general(at)postgresql(dot)org>, Andrus <kobruleht2(at)hot(dot)ee> |
| Subject: | Re: Password encryption method |
| Date: | 2007-01-23 17:01:56 |
| Message-ID: | Pine.LNX.4.33.0701230858050.24768-100000@denzel.in |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 22 Jan 2007, Bruno Wolff III wrote:
> On Mon, Jan 22, 2007 at 20:25:48 +0100,
> Bertram Scharpf <lists(at)bertram-scharpf(dot)de> wrote:
> >
> > What I want to do is the following:
> >
> > 1. Login in from a program on a client as a particualar user.
>
> For this case you shouldn't need to do anything tricky as long as the user
> is login in as themselves. Just prompt the user for their password and use it
> when you open a connection to the database. If you are trying to have the
> program login without the user being able to steal or borrow the credentials,
> then you have a serious design flaw.
I'm quite certain I missed the start of this thread, but just looking at
the above paragraph as it stands:
Design flaw? Perhaps an _incomplete_ design, but it's only a design flaw
if not finished off properly. One way to do this cleanly is to use a
program that has the suid bit set so it runs as the program's file owner
(optionally group), and this program accesses the password and provides
the database access.
Richard
--
Richard Troy, Chief Scientist
Science Tools Corporation
510-924-1363 or 202-747-1263
rtroy(at)ScienceTools(dot)com, http://ScienceTools.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Erick Papadakis | 2007-01-23 17:18:20 | Re: Installing PostgreSQL under Cpanel |
| Previous Message | Merlin Moncure | 2007-01-23 17:01:04 | Re: CREATE FUNCTION Fails with an Insert Statement in it |