[prev in list] [next in list] [prev in thread] [next in thread]
List: postgresql-general
Subject: [GENERAL] Access to the DB
From: "BARTKO, Zoltan" <bartko.zoltan () pobox ! sk>
Date: 2004-05-18 17:16:13
Message-ID: 001401c43cfb$d4859a80$0e5d10ac () antik ! org
[Download RAW message or body]
Dear all,
I am writing an app that would run natively on some client machines that should \
connect to a database as a single DB user and later pretend to be more users (there's \
nothing new in this approach, I think). Now my problem is the following. \
Authentication is password based, that means that the app has to know it but Joe User \
must not (otherwise he could do arbitrary things with the DB). DB passwords change \
over time and I think recompiling the app every time the password changes is just \
silly.
So: how to store the DB access password so that Joe User doesn't see it but the admin \
can update it when it is necessary? Should I have an app on the server that the \
client would connect to or how?
I am using stored procedures for everything but selects (in fact - imitating object \
oriented programming on the PgSQL server), but I am not quite sure I could prevent \
anyone from using "delete" on a table who would use a stored function for that. How \
could I force people to use my stored functions for insert, update and delete \
operations instead of insert, update, delete commands in the DB?
Thanks in advance
Zoltan
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1250">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#d8d0c8>
<DIV><FONT face="Arial CE" size=2>
<DIV><FONT face="Arial CE" size=2>Dear all,</FONT></DIV>
<DIV><FONT face="Arial CE" size=2></FONT> </DIV>
<DIV><FONT size=2>I am writing an app that would run natively on some client
machines that should connect to a database as a single DB user and later pretend
to be more users (there's nothing new in this approach, I think). Now my problem
is the following. Authentication is password based, that means that the app has
to know it but Joe User must not (otherwise he could do arbitrary things with
the DB). DB passwords change over time and I think recompiling the app every
time the password changes is just silly.</FONT></DIV>
<DIV><FONT face="Arial CE" size=2></FONT> </DIV>
<DIV><FONT size=2>So: how to store the DB access password so that Joe User
doesn't see it but the admin can update it when it is necessary? Should I have
an app on the server that the client would connect to or how?</FONT></DIV>
<DIV><FONT face="Arial CE" size=2></FONT> </DIV>
<DIV><FONT face="Arial CE">I am using stored procedures for everything but
selects (in fact - imitating object oriented programming on the PgSQL server),
but I am not quite sure I could prevent anyone from using "delete" on a table
who would use a stored function for that. How could I force people to
use my stored functions for insert, update and delete operations instead of
insert, update, delete commands in the DB?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Thanks in advance</FONT></DIV>
<DIV><FONT face="Arial CE" size=2></FONT> </DIV>
<DIV><FONT size=2>Zoltan</FONT></DIV></FONT></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic