Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » scout » User credential and verification(Verify the credential of the user using the database (PostgreSQL) registered role name)
User credential and verification [message #1794253] Tue, 28 August 2018 06:01 Go to next message
Mark Novem Grisola is currently offline Mark Novem GrisolaFriend
Messages: 1
Registered: November 2017
Junior Member
Hi all, good day.
I had a simple running system using Eclipse Scout - Photon, the system verify the user's credential by accessing the database and get the user's password from the specific table base on the provided username. I am using the database admin credentials to access (login) to the database, here's the problem: I want to use the user's credential to access to the database, or should i say i want to use the user's credential to create connection to the database. So that, in this way i can create two layers of security by (i) the user credential must be registered or belong to a certain role of database and that role is allowed to login to the database, (ii) when that credential passes the first layer then (ii) the credential will be verified again (second layer of security) using the specific table (user's credential table) of the database. In these way, i can increase security measures. By the way, i am using PostgreSQL.
I would be much happy and glad if you guys can give me a hand on how to do it.

Thank you so much in advance.
Re: User credential and verification [message #1794656 is a reply to message #1794253] Tue, 04 September 2018 14:34 Go to previous message
Matthias Villiger is currently offline Matthias VilligerFriend
Messages: 134
Registered: September 2011
Senior Member
Hi Mark

If I understand your scenario right, this means that for the first security layer (to check if the user is registered and belongs to a certain role in the database) you already need to connect to the database, right?
This means on the other hand that you must connect to the database with any untrusted and unverified credentials to check if the user exists and has that particular role. I am right or did I misunderstand your scenario?
Anyway I would not recommend to configure a database to accept connections for all credentials.

Please feel free to correct me if I misunderstood your scenario or question.

Kind regards
Mat
Previous Topic:Eclipse Scout 8.0 (Photon) now available
Next Topic:Logout
Goto Forum:
  


Current Time: Fri Sep 21 02:30:00 GMT 2018

Powered by FUDForum. Page generated in 0.02640 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top