Home > mailing lists

Re: How to allow users to log on only from my application not from pgadmin - Mailing list pgsql-general

From	Mark Walker
Subject	Re: How to allow users to log on only from my application not from pgadmin
Date	February 1, 2007 22:04:32
Msg-id	45C271EB.1@omnicode.com Whole thread Raw
In response to	Re: How to allow users to log on only from my application not from pgadmin (Paul Lambert <paul.lambert@autoledgers.com.au>)
Responses	Re: How to allow users to log on only from my application not from pgadmin (Paul Lambert <paul.lambert@autoledgers.com.au>)
List	pgsql-general

Tree view

I'm curious.  How do you feel about having a scrambling algorithm
embedded in your application, but having the scrambled password publicly
readable in a config file?  Does that seem secure?  This is what you
have to do if you want your users to connect to different databases
choosing their own password.

How would you deal with open source applications where the
scrambling/unscrambling algorithms would presumably be public?  Are
there  methodologies for developing custom algorithms that could be
triggered during builds?

>
> If it is encrypted within the source code then the only way to steal
> the credentials would be to reverse engineer the application.

pgsql-general by date:

From: Magnus Hagander
Date: 01 February 2007, 22:04:00
Subject: Re: I "might" have found a bug on 8.2.1 win32

From: "Demel, Jeff"
Date: 01 February 2007, 22:07:06
Subject: Re: Subqueries - performance and use question

Re: How to allow users to log on only from my application not from pgadmin - Mailing list pgsql-general

Previous

Next