>> My application implements field and row level security.
>> I have custom table of users where user privileges are described.
>> However user can login directly to database using pgAdmin. This bypasses
>> the security.
>> How to allow users to login only from my application ?
>> I think I must create server-side pgsql procedure for login validation.
> What role are your users using to login via PgAdmin?
Users should always login form my application only.
pgAdmin login is reserved only for sysadmins who login as user postgres
> Why not simply deny them access in pg_hba.conf?
I have 5432 port opened to public internet and users use my application from
pg_hba doesn't allow access per application basics.
Denying acces from pg_hba.conf also denies access from my application.
In response to
pgsql-general by date
|Next:||From: Jorge Godoy||Date: 2007-01-30 10:30:11|
|Subject: Re: PostgreSQL 9.0|
|Previous:||From: Richard Huxton||Date: 2007-01-30 09:38:05|
|Subject: Re: Unauthorized users can see db schema and read functions|