Обсуждение: Security, IP and username restrictions
Hi, I´m very new to Postgres and I need some help with following: (some how I was unable to mail to the newbie maillist, sorry..) Is it possible to restrict user rights by using both username+password and IP address. I have a situation where same user accessing the database from different locations (IP addresses) must have different user rights. This means, that same user in different locations would see different ammount of data. I know I can build this easily to the web based front-end, but I´d like to make the restriction in Postgres too. thanks! -Tuomas
On Wed, Jul 24, 2002 at 11:08:12 +0300, Tuomas Vanhanen <postgres@tuomasvanhanen.com> wrote: > Hi, > > I´m very new to Postgres and I need some help with following: (some how I > was unable to mail to the newbie maillist, sorry..) > > Is it possible to restrict user rights by using both username+password and > IP address. > > I have a situation where same user accessing the database from different > locations (IP addresses) must have different user rights. This means, that > same user in different locations would see different ammount of data. I know > I can build this easily to the web based front-end, but I´d like to make the > restriction in Postgres too. How could you use a web based front end to do this? If the user is going through a web page it will be the web page's cgi scripts accessing the database not the user. Since access rights are given out by user name, there won't be a way for a user name to have different rights when connecting from different IP addresses. You will be able to have different block rules per user in 7.3. So that you may be able to solve your problem by giving one user several user names and then restricting which user names can connect from which IP addresses.
All you can do is create a database in postgresql that has a table with: username passwd ip-address token1 token2 ... Then using perl, php, python...you create a login page that passes the username, passwd, and ip-address of the person and then verify the data. Granted that all of this can be spoofed and you need to set up security for it and make sure the verification is correct. But it can be done with some work. Then you pass the tokens back as session variables or something. I do this with LDAP a lot... -- Ray Hunter ----- Original Message ----- From: "Tuomas Vanhanen" <postgres@tuomasvanhanen.com> To: <pgsql-general@postgresql.org> Sent: Wednesday, July 24, 2002 2:08 AM Subject: [GENERAL] Security, IP and username restrictions > Hi, > > I´m very new to Postgres and I need some help with following: (some how I > was unable to mail to the newbie maillist, sorry..) > > Is it possible to restrict user rights by using both username+password and > IP address. > > I have a situation where same user accessing the database from different > locations (IP addresses) must have different user rights. This means, that > same user in different locations would see different ammount of data. I know > I can build this easily to the web based front-end, but I´d like to make the > restriction in Postgres too. > > thanks! > > -Tuomas > > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html