On Fri, May 20, 2005 at 08:40:26 +0200,
"BARTKO, Zoltán" <bartko.zoltan@pobox.sk> wrote:
> Hello folks,
>
> Problem:
>
> I would need some help with the system I am working on. It is an
> information system built on PgSQL 8 and after searching all over the
> net I found no function I could use to determine where the request to
> the DB (select...) came from. I need it to prevent using fake user ID
> numbers.
The 8.1 TODO indicates such information will be saved. I don't know if
there will be a predfined function to retrieve the information, but if
not you will be able to write your own in C.
> Premises:
>
> All clients connect to the server via a single DB user. The users do
> not know the passwords of each other, but they may know each other's
> ID numbers. Any action in the system is carried out via access
> functions implemented as stored procedures on the DB and the tables
> are only accessible to select data, nothing more.
My suggestion would be to have everyone use their own username. You
are effectively maintaining this information anyway, so I wouldn't
expect it to be much harder to maintain normal postgres users instead
of or in addition to your current ids.