Re: How to allow users to log on only from my application not from pgadmin
| От | Bruno Wolff III |
|---|---|
| Тема | Re: How to allow users to log on only from my application not from pgadmin |
| Дата | |
| Msg-id | 20070201150745.GA17094@wolff.to обсуждение исходный текст |
| Ответ на | Re: How to allow users to log on only from my application not from pgadmin (Paul Lambert <paul.lambert@autoledgers.com.au>) |
| Ответы |
Re: How to allow users to log on only from my application
not from pgadmin
|
| Список | pgsql-general |
On Thu, Feb 01, 2007 at 10:24:51 +0900, Paul Lambert <paul.lambert@autoledgers.com.au> wrote: > > If you hide the database username and password within your application > (i.e. encrypted within the source code) so they cannot see the > credentials that you connect to the database with internally then they > have no means by which to connect to it using any other programs. This is not real security. Encrypting the data in the application only works if the application is running on a computer you control. If the "customer" can get their own copy of the client and run it on a computer they control then they can steal or borrow the applications credentials. You want to either run the app on a computer you control or have a contract with the customers prohibiting them from connecting to the database other than by using the app.
В списке pgsql-general по дате отправления: