Skip site navigation (1) Skip section navigation (2)

Re: How to allow users to log on only from my application

From: "Andrus" <kobruleht2(at)hot(dot)ee>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: How to allow users to log on only from my application
Date: 2007-01-30 09:57:54
Message-ID: epn878$733$ (view raw, whole thread or download thread mbox)
Lists: pgsql-general
>> My application implements field and row level security.
>> I have custom table of users where user privileges are described.
>> However user can login directly to database using pgAdmin. This bypasses
>> the security.
>> How to allow users to login only from my application ?
>> I think I must create server-side pgsql procedure for login validation.
> What role are your users using to login via PgAdmin?

Users should always login  form my application only.
pgAdmin login is reserved only for sysadmins who login as user postgres 

> Why not simply deny  them access in pg_hba.conf?

I have 5432 port opened to public internet and users use my application from 

pg_hba doesn't allow access per application basics.

Denying acces from pg_hba.conf  also denies access from my application.


In response to


pgsql-general by date

Next:From: Jorge GodoyDate: 2007-01-30 10:30:11
Subject: Re: PostgreSQL 9.0
Previous:From: Richard HuxtonDate: 2007-01-30 09:38:05
Subject: Re: Unauthorized users can see db schema and read functions

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group