Hello, We are looking at implementing a web service that basically makes calls to the database.
I have been thinking about ways to secure the web service based on the database.
I initially thought about just connecting to the database as the user with parameters passed through the web service - however I don't know how to do that other than clear text passwords.
So, is it possible for clients to encrypt their password and pass that through the web service to the database? I was looking at the way postgres stores the users passwords but first of all I'm not sure if that is something the client could do. Then, if they could, how to go about connecting as a system user and verifying that the userid and password provided by the client are correct.
I could just provide another table with an encrypted password using a specified encryption process that the client can replicate and provide through the web service.
