Access to the DB - Mailing list pgsql-general

From BARTKO, Zoltan
Subject Access to the DB
Date
Msg-id 001401c43cfb$d4859a80$0e5d10ac@antik.org
Whole thread Raw
Responses Re: Access to the DB
List pgsql-general
Dear all,
 
I am writing an app that would run natively on some client machines that should connect to a database as a single DB user and later pretend to be more users (there's nothing new in this approach, I think). Now my problem is the following. Authentication is password based, that means that the app has to know it but Joe User must not (otherwise he could do arbitrary things with the DB). DB passwords change over time and I think recompiling the app every time the password changes is just silly.
 
So: how to store the DB access password so that Joe User doesn't see it but the admin can update it when it is necessary? Should I have an app on the server that the client would connect to or how?
 
I am using stored procedures for everything but selects (in fact - imitating object oriented programming on the PgSQL server), but I am not quite sure I could prevent anyone from using "delete" on a table who would use a stored function for that. How could I force people to use my stored functions for insert, update and delete operations instead of insert, update, delete commands in the DB?
 
Thanks in advance
 
Zoltan

pgsql-general by date:

Previous
From: "Keith Bottner"
Date:
Subject: Help! Error Compiling
Next
From: Richard Huxton
Date:
Subject: Re: Help! Error Compiling