Re: Application & Authentication - Mailing list pgsql-general

From Shridhar Daithankar
Subject Re: Application & Authentication
Date
Msg-id 3F18035F.6890.4DCA853@localhost
Whole thread Raw
In response to Application & Authentication  ("Sean Mullen" <smullen@optusnet.com.au>)
List pgsql-general
On 18 Jul 2003 at 16:58, Sean Mullen wrote:
> Other projects I've seen use their app for authentication/security
> and bypass/ignore the extremely 'useful' security system built into
> postgresql and build their own security/authentication system.
>
> I'm wondering if the reason for this is:
>
> A) Necessity.
> i.e. Their project frontends run on a mysql backend - and has
> to do 'everything'

That is a strong accusation.

> OR
>
> B) There is some horrible limitation that is going to ruin my day down
> the track

I designed a web app which needed authentication. However since my middleware
was using connection pooling, only way I could authenticate each user was via
pam.

Postgresql supports set session authorisation but while doing so it does not
accept password of new user.

So I was forced to use app. connecting to database as single user and
maintaining it's own authentication database. I had to give up access control
offered by postgresql..:-(

I raised this issue on hacker but it didn't achieve significance anytime. IMO
postgresql needs separate authentication APIs exposed to user where people can
use postgresql authentication in there system without using PAM etc.


Bye
 Shridhar

--
COBOL:    An exercise in Artificial Inelegance.


pgsql-general by date:

Previous
From: Ursula Lee
Date:
Subject: How to set the background color of the JPanel in Java Applet?
Next
From: "Shridhar Daithankar"
Date:
Subject: Re: How to set the background color of the JPanel in Java Applet?