Re: How to allow users to log on only from my application not from pgadmin - Mailing list pgsql-general

From Mark Walker
Subject Re: How to allow users to log on only from my application not from pgadmin
Date
Msg-id 45C271EB.1@omnicode.com
Whole thread Raw
In response to Re: How to allow users to log on only from my application not from pgadmin  (Paul Lambert <paul.lambert@autoledgers.com.au>)
Responses Re: How to allow users to log on only from my application not from pgadmin
List pgsql-general
I'm curious.  How do you feel about having a scrambling algorithm
embedded in your application, but having the scrambled password publicly
readable in a config file?  Does that seem secure?  This is what you
have to do if you want your users to connect to different databases
choosing their own password.

How would you deal with open source applications where the
scrambling/unscrambling algorithms would presumably be public?  Are
there  methodologies for developing custom algorithms that could be
triggered during builds?

>
> If it is encrypted within the source code then the only way to steal
> the credentials would be to reverse engineer the application.


pgsql-general by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: I "might" have found a bug on 8.2.1 win32
Next
From: "Demel, Jeff"
Date:
Subject: Re: Subqueries - performance and use question