> >> My application implements field and row level security.
> >> I have custom table of users where user privileges are described.
> >>
> >> However user can login directly to database using pgAdmin. This bypasses
> >> the security.
> >>
> >> How to allow users to login only from my application ?
> >> I think I must create server-side pgsql procedure for login validation.
Say that your application offers a way for each user to set/change his
own password.
When I (using your application) change my password, you could combine my
new password with a secret value and then send the result to the PG
server (so now the PG server thinks that my password is my_password
+your_secret).
Then each time I log into your application (and I provide a password),
you combine my password with the same secret before sending the login
request to the PG server.
Every user can have his/her own account (in the PG server) but they
won't be able to log into the server without going through your
application first.
Does that help?
-- Korry
