Re: How to allow users to log on only from my application not from pgadmin - Mailing list pgsql-general

From Bruno Wolff III
Subject Re: How to allow users to log on only from my application not from pgadmin
Date
Msg-id 20070201150745.GA17094@wolff.to
Whole thread Raw
In response to Re: How to allow users to log on only from my application not from pgadmin  (Paul Lambert <paul.lambert@autoledgers.com.au>)
Responses Re: How to allow users to log on only from my application not from pgadmin
List pgsql-general
On Thu, Feb 01, 2007 at 10:24:51 +0900,
  Paul Lambert <paul.lambert@autoledgers.com.au> wrote:
>
> If you hide the database username and password within your application
> (i.e. encrypted within the source code) so they cannot see the
> credentials that you connect to the database with internally then they
> have no means by which to connect to it using any other programs.

This is not real security. Encrypting the data in the application only works
if the application is running on a computer you control. If the "customer"
can get their own copy of the client and run it on a computer they control
then they can steal or borrow the applications credentials.

You want to either run the app on a computer you control or have a contract
with the customers prohibiting them from connecting to the database other than
by using the app.

pgsql-general by date:

Previous
From: "A. Kretschmer"
Date:
Subject: Re: Time Input with format HH.MM.SS
Next
From: "A. Kretschmer"
Date:
Subject: Re: Time Input with format HH.MM.SS