On Fri, Aug 20, 2004 at 09:43:08 +0200,
Daniel Martini <dmartini@uni-hohenheim.de> wrote:
>
> No he can't:
> Only if he is able to install a program on the webserver to
> actually login with a hashed password. If he wants to log in over the
> cgi, this won't work, because the hashed value he gained by reading the
> mapping will get hashed again and this will produce a wrong value.
> Direct logins to the database from his machine won't work either, because
> the database only allows connections from the webserver.
If all user logins are done using the webserver then you can have people
authenticate to the cgi application with whatever scheme makes you happy
and then have the cgi application authenticate to postgres using some other
authentication. (Trust would probably be OK if packet spoofing isn't a
significant risk on your local network.)