Обсуждение: Can a user change their own password?
I want to use postgreses user name and password capability to allow web-bases users to log in and be authenticated. I also want to go the user the capability to change their own password. Is this possible? How would it be done? Chris
On Thu, 29 Jan 2004 chris@zenmgt.com wrote: > I want to use postgreses user name and password capability to allow > web-bases users to log in and be authenticated. I also want to go the user > the capability to change their own password. Is this possible? How would > it be done? Did you get any replies.. didn't see any. Is this for a program you are writing? If so the most common way I see authentication implemented is to have a table with user/password, but only one user ID connect to the database. When a user logs in you check the table (ie users) and if you find a matching ID/pass you let them in. To change the password you simply would change the password field for the given user on the user table. If you give more details about what you are trying to do perhaps we can be more usefull. If you are an ISP and want to allow each user access to their DB then it's a different scenario. Also with schemas you can now allow multiple users to access a database, but yet only have access to their own schemas.
On Mon, 2 Feb 2004 14:24:02 +0000 (GMT), Francisco Reyes <lists@natserv.com> wrote: > Is this for a program you are writing? > If so the most common way I see authentication implemented is to have a > table with user/password, but only one user ID connect to the database. ... > If you give more details about what you are trying to do perhaps we can > be > more usefull. We will have a web-based application where users will login over the internet. They will receive their user name and password by email. When they first login, they will be required to change the password before they can start using the application. The users will have the capability to change their password any time after this initial password change. Since this application will store and retrieve data from the database, I was thinking I could use postgreses user name and password facilities especially the encrypted passwords. But what I couldn'y find was how to allow a user to only change their password in the postgresql database. If I used a table to store the passwords, would you encypt the passwords.
chris@zenmgt.com writes:
> ... what I couldn'y find was how to
> allow a user to only change their password in the postgresql database.
Ordinary users can change their own password via ALTER USER.
regards, tom lane
On Tue, 3 Feb 2004 chris@zenmgt.com wrote: Sorry for the delay. You didn't do reply all so never got an email to me. Just catching up with my lists today. :-) In case you are still working on this.. > We will have a web-based application where users will login over the > internet. They will receive their user name and password by email. When > they first login, they will be required to change the password before they > can start using the application. The users will have the capability to > change their password any time after this initial password change. Since > this application will store and retrieve data from the database, I was > thinking I could use postgreses user name and password facilities The short answer is yes it can be done. However I recommend you use a single DB user and just store ID/Password for each user. You can encrypt the passwords with whatever development language you are using (ie php). I can think of a couple of admin issues that would come up if you tried to use DB administration. For starters you would need to create a group and every time you add a user add the user to the group. The group would need to have the rights set properly for all the tables. This is much simpler to manage with a single user.