Actually, through some experimentation, googling and looking at a postgres book, I found out how to encrypt the password, and to compare that to pg_shadow. However, during my research I realized the need for double encrypting as per postgres clients.
So,another option is to use encryption on the web service xml using public / private keys, or using ssl to pass the md5 hash of the clients password.
The more elegant way seems to be using the encrypted web service, but the more universal method for clients would probably be ssl.
On Tue, Mar 20, 2012 at 3:16 PM, Bryan Montgomery
<monty@english.net> wrote:
Interesting idea. However, I think this is ssl between the client and database. Given the client would be the server hosting the web service I don't think this would work for the web service client. On Fri, Mar 16, 2012 at 2:54 PM, Raymond O'Donnell
<rod@iol.ie> wrote:
On 16/03/2012 18:39, Bryan Montgomery wrote:
> Hello,
> We are looking at implementing a web service that basically makes calls
> to the database.
>
> I have been thinking about ways to secure the web service based on the
> database.
>
> I initially thought about just connecting to the database as the user
> with parameters passed through the web service - however I don't know
> how to do that other than clear text passwords.
Postgres supports connections over SSL - will this do the job?
http://www.postgresql.org/docs/9.1/static/ssl-tcp.html
Ray.
--
Raymond O'Donnell :: Galway :: Ireland
rod@iol.ie
