>We decided that the
> safest method was to create real users in the PostgreSQL system user
> table, and then let Postgres worry about authenticating users. Then,
> even if your PHP code is flawed, the SQL commands still execute with
> only the users permissions.
I thought that way too but now I think it is better to create users and do
the encrypting in the application layer and store logins and passwords in
regular tables. The reason is that if, by any means, someone enters the
database as user postgres or any other with total priviledges then you can
see in the pg_shadow table the paswords in clear, this is a bigger risk than
having your passwords encrypted in PHP and store them as encrypted TEXT in
any table.
Besides if you move from one postgresql server to another you have to worry
a lot about how postgresql is configured (permissions and such). If you put
it all in the application and regular tables you can go to any typical
postgresql installation and install the database and application quickly and
safely.
At least that's what I think.
Adrian Tineo