| From: | Bryan Montgomery <monty(at)english(dot)net> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Authenticating from a web service call |
| Date: | 2012-03-16 18:39:07 |
| Message-ID: | CAPTJ3=e0Vq_kRUtxe9Jqot4hbwjGoJnSbtKXwq0uvZhqmVOo=Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
We are looking at implementing a web service that basically makes calls to
the database.
I have been thinking about ways to secure the web service based on the
database.
I initially thought about just connecting to the database as the user with
parameters passed through the web service - however I don't know how to do
that other than clear text passwords.
So, is it possible for clients to encrypt their password and pass that
through the web service to the database? I was looking at the way postgres
stores the users passwords but first of all I'm not sure if that is
something the client could do. Then, if they could, how to go about
connecting as a system user and verifying that the userid and password
provided by the client are correct.
I could just provide another table with an encrypted password using a
specified encryption process that the client can replicate and provide
through the web service.
Hopefully this makes sense :)
Bryan.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Raymond O'Donnell | 2012-03-16 18:54:55 | Re: Authenticating from a web service call |
| Previous Message | Peter Bex | 2012-03-16 17:04:42 | Re: Zero-length character breaking query? |