Home > mailing lists

Re: How to allow users to log on only from my application not from pgadmin - Mailing list pgsql-general

From	Bruno Wolff III
Subject	Re: How to allow users to log on only from my application not from pgadmin
Date	February 1, 2007 14:25:07
Msg-id	20070201150745.GA17094@wolff.to Whole thread Raw
In response to	Re: How to allow users to log on only from my application not from pgadmin (Paul Lambert <paul.lambert@autoledgers.com.au>)
Responses	Re: How to allow users to log on only from my application not from pgadmin (Paul Lambert <paul.lambert@autoledgers.com.au>)
List	pgsql-general

Tree view

On Thu, Feb 01, 2007 at 10:24:51 +0900,
  Paul Lambert <paul.lambert@autoledgers.com.au> wrote:
>
> If you hide the database username and password within your application
> (i.e. encrypted within the source code) so they cannot see the
> credentials that you connect to the database with internally then they
> have no means by which to connect to it using any other programs.

This is not real security. Encrypting the data in the application only works
if the application is running on a computer you control. If the "customer"
can get their own copy of the client and run it on a computer they control
then they can steal or borrow the applications credentials.

You want to either run the app on a computer you control or have a contract
with the customers prohibiting them from connecting to the database other than
by using the app.

pgsql-general by date:

From: "A. Kretschmer"
Date: 01 February 2007, 14:13:36
Subject: Re: Time Input with format HH.MM.SS

From: "A. Kretschmer"
Date: 01 February 2007, 14:43:30
Subject: Re: Time Input with format HH.MM.SS

Re: How to allow users to log on only from my application not from pgadmin - Mailing list pgsql-general

Previous

Next