Eclipse Community Forums: Eclipse Scout » User credential and verification

Home » Eclipse Projects » Eclipse Scout » User credential and verification(Verify the credential of the user using the database (PostgreSQL) registered role name)

User credential and verification [message #1794253]

Tue, 28 August 2018 02:01

Eclipse User

Hi all, good day.
I had a simple running system using Eclipse Scout - Photon, the system verify the user's credential by accessing the database and get the user's password from the specific table base on the provided username. I am using the database admin credentials to access (login) to the database, here's the problem: I want to use the user's credential to access to the database, or should i say i want to use the user's credential to create connection to the database. So that, in this way i can create two layers of security by (i) the user credential must be registered or belong to a certain role of database and that role is allowed to login to the database, (ii) when that credential passes the first layer then (ii) the credential will be verified again (second layer of security) using the specific table (user's credential table) of the database. In these way, i can increase security measures. By the way, i am using PostgreSQL.
I would be much happy and glad if you guys can give me a hand on how to do it.

Thank you so much in advance.

Re: User credential and verification [message #1794656 is a reply to message #1794253]

Tue, 04 September 2018 10:34

Eclipse User

Hi Mark

If I understand your scenario right, this means that for the first security layer (to check if the user is registered and belongs to a certain role in the database) you already need to connect to the database, right?
This means on the other hand that you must connect to the database with any untrusted and unverified credentials to check if the user exists and has that particular role. I am right or did I misunderstand your scenario?
Anyway I would not recommend to configure a database to accept connections for all credentials.

Please feel free to correct me if I misunderstood your scenario or question.

Kind regards
Mat

Re: User credential and verification [message #1797009 is a reply to message #1794656]

Wed, 24 October 2018 01:46

Eclipse User

Hello Sir,

Exactly, but right now we already decided to reduce our security layers into one (1) only to speed-up our design and development. Thanks for the recommendation sir, we'll consider it and re-evaluate our security designs. Sir, what's the best way or method you may recommend to us if we want to use the user's credentials (username & password) to connect to the database? It's really a big help to us if you can give us a hand sir Mat or direct us to a link(site) which addressed our related concerns.

We thank you for your time and effort to facilitate our concerns..

Best regard,

Mark

Re: User credential and verification [message #1797100 is a reply to message #1797009]

Thu, 25 October 2018 04:45

Eclipse User

Hi Mark

You can just call me Mat. No need for the sir ;-)

I have no experience in a setup that connects to the database with the real user credentials. Scout is also not prepared for this setup out of the box.

I think it is feasible to create an application with that setup but there might be some pitfalls on the way:
1. Scout does not have the password of the user available on the backend by default. You would need to send it to the backend (encrypted, e.g. https) and maybe store there in the session. Currently the Scout Service Tunnel cannot do that.
2. The Scout Connection Pool for leasing JDBC Connections to the database can probably not be used.

Hope this helps you in your concerns.

Kind regards
Mat

Previous Topic:	Exception Permission denied
Next Topic:	Hierarchical Table

Goto Forum:

-=] Back to Top [=-

Current Time: Sun Jun 22 05:53:48 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter