Roland,
I wanted to reply to your post separately. I toyed with using pg_user to
store user information, but it did not work. I tried to use pg_user to
store user acct info and then use a 'user_detail' table to store additional
details but I got an error stating that pg_user is not a table (this
occurred when I tried to use the 'usesysid' column as a foreign key in my
user_detail table).
I think that the best solution - given the discussion thus far - is to have
a separate pg user that the web app will use to access the database, and
create a 'users' table in the db to store the web app usernames and
passwords etc...
Hth,
kevin
-----Original Message-----
From: Roland Giesler [mailto:roland@giesler.za.net]
Sent: Wednesday, January 04, 2006 12:44 PM
To: 'Kevin Crenshaw'; brew@theMode.com; pgsql-novice@postgresql.org
Subject: RE: [NOVICE] Best way to manage users
Kevin Crenshaw wrote:
> Thanks for the replies. I appreciate the advice. However, I
> think that a better way to pose my question is to ask - what
> are the pros and cons of using Postgres to handle user
> authentication for my web app?
Maybe to add to that question: Is there a way to directly authenticate a
user as a database user when using a web app? In .net, this is handeled by
a cobination of the OS (active directory - AD), the DB (SQL Server) which
can authenticate against AD, and the browser. However, how can pg get or
request the authentication from your webbrowser? Unless there is a pgsql
function that allows login as a different user from a webapp from the
webapp, I would think it's not possible to actually do this the way a
statefull app does it (under windows for example)
Some comments on this would be great, as I have a very similar requirement
and was also toying with the idea of using the pg users, instead of creating
my own tables and user authentication infrastructure.
Thanks
Roland Giesler