One other thing. Another approach to this problem would be to have some
sort of code signing/authentication capabilities for the postgresql
server. For instance, you login as an administrator (some sort of
enhanced privs), you get to look at the databases you have permission
for. Otherwise, postgresql has to recognize the application. Has this
ever been discussed?
Paul Lambert wrote:
Andrus wrote:
Run the application on a machine you control. Then the application can
authenticate without the users being able to steal or piggyback on its
credentials.
Thank you for reply.
My application is GUI applicatio which must run in customer computer and
accesses to 5432 port in remote PostgreSQL server located in customer
side over internet.
I cannot control customer computers.
Andrus.
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
If the users have access to the database via having a
username/password then it seems to me that they could use basically
anything to connect via ODBC to the database and retrive/look
at/update data. M$ Excel, Acces, reporting things like crystal reports
etc and of course pgAdmin.
If you hide the database username and password within your application
(i.e. encrypted within the source code) so they cannot see the
credentials that you connect to the database with internally then they
have no means by which to connect to it using any other programs.
What I gather is users in your case are set up as database users
rather then having a users table on which your application
authenticates. The downside of doing it the way you are doing it is
always going to be that any user with a database username and password
can connect to the database by any means they come by. I'm no Postgres
expert, but I'm sure like any other RDBMS, postgres does not know, nor
care, what application is doing the connection but rather just accepts
an ODBC connection and the credentials that are passed to it.
Regards,
Paul.
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
