Re: Can a user change their own password?

On Tue, 3 Feb 2004 chris@zenmgt.com wrote:

Sorry for the delay. You didn't do reply all so never got an email to me.
Just catching up with my lists today. :-)

In case you are still working on this..

> We will have a web-based application where users will login over the
> internet. They will receive their user name and password by email. When
> they first login, they will be required to change the password before they
> can start using the application. The users will have the capability to
> change their password any time after this initial password change. Since
> this application will store and retrieve data from the database, I was
> thinking I could use postgreses user name and password facilities

The short answer is yes it can be done. However I recommend you use a
single DB user and just store ID/Password for each user. You can encrypt
the passwords with whatever development language you are using (ie php).

I can think of a couple of admin issues that would come up if you tried to
use DB administration. For starters you would need to create a group and
every time you add a user add the user to the group. The group would need
to have the rights set properly for all the tables. This is much simpler
to manage with a single user.