Skip site navigation (1) Skip section navigation (2)

How to protect Postgres password in my app?

From: Basil Bourque <basil(dot)list(at)me(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: How to protect Postgres password in my app?
Date: 2011-05-10 20:07:16
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
I'm an experienced programmer, but for the first time I'm developing an app that connects to a Postgres server over the internet. 

How do you secure the password used to connect to Postgres?

My idea is to have a single user, representing my app, defined in Postgres. Then separately I'll have my own table to track each human user. I've learned about BCrypt and Postgres' encryption functions "crypt" etc. to securely store the human user's password as a value in a row in my own "user_" table.

But how do I secure the app's password to connect to Postgres? 

a) I assume I should encrypt the connection with SSL. I'm learning about SSL certificates now. Is that the way to go? Would you consider that to be required in any serious business app connecting to Postgres over the Internets?

b) Hard-coding the app's Postgres password in the app's source code seems less than ideal to me. Is there some better way? 

-- If the app is built in Java, I've heard that Java is very easy to de-compile and thus expose the password. Other languages such as Real Studio (REALbasic) may be not suffer that vulnerability.

-- Hard-coding means I'm not free to change the password on the server. To change the password, I would have to upgrade all my users simultaneously.

c) Should I manage all my human users as Postgres users? Is trying to manage the passwords on my own a dumb idea? 



pgsql-novice by date

Next:From: Stephen CookDate: 2011-05-10 20:29:06
Subject: Re: How to protect Postgres password in my app?
Previous:From: Richard BroersmaDate: 2011-05-09 14:06:18
Subject: Re: Seed database for import

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group