Fwd: How to allow users to log on only from my application - Mailing list pgsql-general

From John D. Burger
Subject Fwd: How to allow users to log on only from my application
Date
Msg-id 5E5F980C-7493-4B01-9386-1F86EE4A9D71@mitre.org
Whole thread Raw
List pgsql-general
<korryd@enterprisedb.com> wrote:

> Say that your application offers a way for each user to set/change
> his own password.
>
> When I (using your application) change my password, you could
> combine my new password with a secret value and then send the
> result to the PG server (so now the PG server thinks that my
> password is my_password+your_secret).

This is a special case of (2,2) secret sharing:

   http://en.wikipedia.org/wiki/Secret_sharing

Here the secret is the actual password, a+b, shared into two parts, a
and b. The above scheme suffers from the problem that the user now
knows quite a lot about the secret.  If this is an issue, there are
more sophisticated combining schemes that give the user no advantage
over someone who knows neither half of the secret.

- John D. Burger
   MITRE




pgsql-general by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: possible typo on 8.2 manual
Next
From: Tom Lane
Date:
Subject: Re: I "might" have found a bug on 8.2.1 win32