>> My application implements field and row level security.
>> I have custom table of users where user privileges are described.
>>
>> However user can login directly to database using pgAdmin. This bypasses
>> the security.
>>
>> How to allow users to login only from my application ?
>> I think I must create server-side pgsql procedure for login validation.
Say that your application offers a way for each user to set/change his own password.
When I (using your application) change my password, you could combine my new password with a secret value and then send the result to the PG server (so now the PG server thinks that my password is my_password+your_secret).
Then each time I log into your application (and I provide a password), you combine my password with the same secret before sending the login request to the PG server.
Every user can have his/her own account (in the PG server) but they won't be able to log into the server without going through your application first.
Does that help?
-- Korry
