On Sun, Jan 28, 2007 at 23:46:27 +0200,
Andrus <kobruleht2@hot.ee> wrote:
> My application implements field and row level security.
> I have custom table of users where user privileges are described.
>
> However user can login directly to database using pgAdmin. This bypasses
> the security.
>
> How to allow users to login only from my application ?
> I think I must create server-side pgsql procedure for login validation.
Run the application on a machine you control. Then the application can
authenticate without the users being able to steal or piggyback on its
credentials.