Re: General Security-Question - Mailing list pgsql-general

From John Holland
Subject Re: General Security-Question
Date
Msg-id 20010618183101.A16549@tomsw.com
Whole thread Raw
In response to General Security-Question  (elwood@agouros.de (Konstantinos Agouros))
List pgsql-general
If you're going to prevent people from entering other people's accounts,
you're going to have to give them a way to get into their own - so you're
going to have to manage passwords or connect to something that manages them
for you. If these users have system IDs (on the platform you're running
postgresql on) than perhaps a C or Java function could authenticate them
against that. There should be code you can beg borrow or steal that
talks to the authentication they already use. Hopefully.

On Mon, Jun 18, 2001 at 10:26:22PM +0200, Konstantinos Agouros wrote:
> Hi,
>
> I am currently developing a software that should replace our hated excel-time-
> sheets. My problem is the following: I have an javaapplet for dataentry that
> connects to the database via jdbc. There is a table that holds the data (who
> worked what when). So far so good, but:
> Since I must grant update/insert/delete access to this table to everybody
> that can use this application, how can I stop people from updating the data
> of the others. The one thing that came to my mind was not creating database-
> users but instead use a static user, and let the application handle the logic
> who can access which lines in the database (its also a matter of dataprivacy,
> one should be allowed to watch one's own data but not of the others, the team-
> manager should see the data of the team etc). The read-access can be implemen-
> ted using views but I don't see much other way for data-entry. Somebody has an
> idea?
>
> Konstantin
> --
> Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
> Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
> ----------------------------------------------------------------------------
> "Captain, this ship will not sustain the forming of the cosmos." B'Elana Torres
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly

pgsql-general by date:

Previous
From: Joel Burton
Date:
Subject: Re: Add primary and unique keys
Next
From: Alex Pilosov
Date:
Subject: Re: aggregate function for median calculation