PostgreSQL数据库安全——用户标识和认证

最新推荐文章于 2025-08-01 11:12:37 发布
原创 最新推荐文章于 2025-08-01 11:12:37 发布 · 1.3k 阅读 · 1 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#postgresql #big data #数据库

本文详细解读了PostgreSQL如何通过pg_hba.conf配置文件进行客户端身份认证,包括认证步骤、SSL检查及不同认证方法的处理。了解PostgreSQL如何确保只有授权用户访问数据库资源。

PostgreSQL通过用户标识和认证为系统提供最外层的安全保护措施。在客户端访问数据库资源之前,服务器首先需要通过身份认证模块来验证用户的合法身份,从而在数据库系统的前后端之间建立安全的通信信道,防止非法用户连接数据库,保证只有合法的用户才能访问数据库资源。一次完整的客户端认证过程:

  1. 客户端和服务器端的Postmaster进程建立连接
  2. 客户端发送请求信息到守护进程Postmaster
  3. Postmaster根据请求信息检查配置文件pg_hba.conf是否允许该客户端连接,并把认证方式和必要信息发送到客户端
  4. 客户端根据收到的不同认证方式,发送相应的认证信息给Postmaster
  5. Postmaster调用认证模块对客户端送来的认证信息进行认证。如果认证通过,初始化一个Postgres进程与客户端进程通信;否则拒绝继续会话,关闭连接

Postmaster根据请求信息检查配置文件pg_hba.conf是否允许该客户端连接

Postmaster根据请求信息检查配置文件pg_hba.conf是否允许该客户端连接流程在ClientAuthentication函数(src/backend/utils/init/postinit.c)
BackgroundWorkerInitializeConnection --> InitPostgres --> PerformAuthentication(Port *port) --> ClientAuthentication(port)
BackgroundWorkerInitializeConnectionByOid --> InitPostgres --> PerformAuthentication(Port *port) --> ClientAuthentication(port)
*PostgresMain --> InitPostgres --> PerformAuthentication(Port port) --> ClientAuthentication(port)
因此检查配置文件pg_hba.conf是否允许该客户端连接流程应该是相应服务进程postgres进行处理的,即这里的PostgresMain。

 /* PostgresMain postgres main loop -- all backends, interactive or otherwise start here */
void PostgresMain(int argc, char *argv[], const char *dbname, const char *username) {
    ...
	/* General initialization.
	 * NOTE: if you are tempted to add code in this vicinity, consider putting
	 * it inside InitPostgres() instead.  In particular, anything that
	 * involves database access should be there, not here. */
	InitPostgres(dbname, InvalidOid, username, InvalidOid, NULL, false);
	...
}
void InitPostgres(const char *in_dbname, Oid dboid, const char *username,
			 Oid useroid, char *out_dbname, bool override_allow_connections) {
	bool		bootstrap = IsBootstrapProcessingMode();
	bool		am_superuser;
	char	   *fullpath;
	char		dbname[NAMEDATALEN];
	elog(DEBUG3, "InitPostgres");
	/* Add my PGPROC struct to the ProcArray. Once I have done this, I am visible to other backends! */
	InitProcessPhase2();	
	...
			 
	else
	{
		/* normal multiuser case */
		Assert(MyProcPort != NULL);
		PerformAuthentication(MyProcPort);
		InitializeSessionUserId(username, useroid);
		am_superuser = superuser();
	}
}

PerformAuthentication的输入参数MyProcPort是定义在src/backend/utils/init/globals.c中的全局变量。会在fork出来服务客户端的子进程调用的BackendInitialize函数中使用postmaster父进程创建的port进行初始化。

struct Port *MyProcPort;
static void BackendInitialize(Port *port) {
	int			status;
	int			ret;
	char		remote_host[NI_MAXHOST];
	char		remote_port[NI_MAXSERV];
	char		remote_ps_data[NI_MAXHOST];
	/* Save port etc. for ps status */
	MyProcPort = port;

PerformAuthentication函数认证远程客户端,开启statement_timeout,调用ClientAuthentication函数,关闭statement_timeout。

/* PerformAuthentication -- authenticate a remote client
 * returns: nothing.  Will not return at all if there's any failure. */
static void PerformAuthentication(Port *port) {
	/* This should be set already, but let's make sure */
	ClientAuthInProgress = true;	/* limit visibility of log messages */
	/* In EXEC_BACKEND case, we didn't inherit the contents of pg_hba.conf
	 * etcetera from the postmaster, and have to load them ourselves.
	 * FIXME: [fork/exec] Ugh.  Is there a way around this overhead? */
#ifdef EXEC_BACKEND
	/* load_hba() and load_ident() want to work within the PostmasterContext,
	 * so create that if it doesn't exist (which it won't).  We'll delete it
	 * again later, in PostgresMain. */
	if (PostmasterContext == NULL)
		PostmasterContext = AllocSetContextCreate(TopMemoryContext, "Postmaster", ALLOCSET_DEFAULT_SIZES);
	if (!load_hba()) {
		/* It makes no sense to continue if we fail to load the HBA file, since there is no way to connect to the database in this case. */
		ereport(FATAL, (errmsg("could not load pg_hba.conf")));
	}
	if (!load_ident()) {
		/* It is ok to continue if we fail to load the IDENT file, although it
		 * means that you cannot log in using any of the authentication
		 * methods that need a user name mapping. load_ident() already logged
		 * the details of error to the log. */
	}
#endif

	/* Set up a timeout in case a buggy or malicious client fails to respond
	 * during authentication.  Since we're inside a transaction and might do
	 * database access, we have to use the statement_timeout infrastructure. */
	enable_timeout_after(STATEMENT_TIMEOUT, AuthenticationTimeout * 1000);
	/* Now perform authentication exchange. */
	ClientAuthentication(port); /* might not return, if failure */
	/* Done with authentication.  Disable the timeout, and log if needed. */
	disable_timeout(STATEMENT_TIMEOUT, false);
	if (Log_connections){
		StringInfoData logmsg;
		initStringInfo(&logmsg);
		if (am_walsender)
			appendStringInfo(&logmsg, _("replication connection authorized: user=%s"), port->user_name);
		else
			appendStringInfo(&logmsg, _("connection authorized: user=%s"), port->user_name);
		if (!am_walsender)
			appendStringInfo(&logmsg, _(" database=%s"), port->database_name);
		if (port->application_name != NULL)
			appendStringInfo(&logmsg, _(" application_name=%s"), port->application_name);
#ifdef USE_SSL
		if (port->ssl_in_use)
			appendStringInfo(&logmsg, _(" SSL enabled (protocol=%s, cipher=%s, bits=%d, compression=%s)"), be_tls_get_version(port), be_tls_get_cipher(port), be_tls_get_cipher_bits(port), be_tls_get_compression(port) ? _("on") : _("off"));
#endif
#ifdef ENABLE_GSS
		if (port->gss) {
			const char *princ = be_gssapi_get_princ(port);
			if (princ)
				appendStringInfo(&logmsg, _(" GSS (authenticated=%s, encrypted=%s, principal=%s)"), be_gssapi_get_auth(port) ? _("yes") : _("no"), be_gssapi_get_enc(port) ? _("yes") : _("no"), princ);
			else
				appendStringInfo(&logmsg,_(" GSS (authenticated=%s, encrypted=%s)"), be_gssapi_get_auth(port) ? _("yes") : _("no"), be_gssapi_get_enc(port) ? _("yes") : _("no"));
		}
#endif
		ereport(LOG, errmsg_internal("%s", logmsg.data));
		pfree(logmsg.data);
	}
	set_ps_display("startup", false);
	ClientAuthInProgress = false;	/* client_min_messages is active now */
}

加载配置文件pg_hba.conf和pg_ident.conf

typedef struct Port {
    ...
    /* Information that needs to be held during the authentication cycle. */
	HbaLine    *hba;
	/* GSSAPI structures. */
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
	/* If GSSAPI is supported and used on this connection, store GSSAPI
	 * information.  Even when GSSAPI is not compiled in, store a NULL pointer
	 * to keep struct offsets the same (for extension ABI compatibility). */
	pg_gssinfo *gss;
#else
	void	   *gss;
#endif
	/* SSL structures. */
	bool		ssl_in_use;
	char	   *peer_cn;
	bool		peer_cert_valid;
	/* OpenSSL structures. (Keep these last so that the locations of other fields are the same whether or not you build with OpenSSL.) */
#ifdef USE_OPENSSL
	SSL		   *ssl;
	X509	   *peer;
#endif
} Port;

Port结构体存储着客户端的相关信息(如客户端主机名、端口、用户名、数据库名等),与HBA相关的结构体成员HbaLine *hba,load_hba()和load_ident()负责加载hba成员。

ClientAuthentication

函数的执行流程如下:
调用hba_getauthmethod,检查客户端地址、所连接数据库、用户名在文件HBA中是否有能匹配的HBA记录。如果能找到匹配的HBA记录,则将Port结构中的相关认证方法的字段设置为HBA记录中的参数,同时返回状态值STATUS_OK.

/* Client authentication starts here.  If there is an error, this
 * function does not return and the backend process is terminated. */
void ClientAuthentication(Port *port) {
	int			status = STATUS_ERROR;
	char	   *logdetail = NULL;
	/* Get the authentication method to use for this frontend/database
	 * combination.  Note: we do not parse the file at this point; this has
	 * already been done elsewhere.  hba.c dropped an error message into the
	 * server logfile if parsing the hba config file failed. */
	hba_getauthmethod(port);
	CHECK_FOR_INTERRUPTS();

基于hba选项进行初步检测,如果编译时选择了使用SSL,在这里先要检查客户端是否已提供一个有效的证书(通过Port结构中hba字段的clientcert字段的值来判断)

	/* This is the first point where we have access to the hba record for the
	 * current connection, so perform any verifications based on the hba
	 * options field that should be done *before* the authentication here. */
	if (port->hba->clientcert != clientCertOff) {
		/* If we haven't loaded a root certificate store, fail */
		if (!secure_loaded_verify_locations())
			ereport(FATAL, (errcode(ERRCODE_CONFIG_FILE_ERROR), errmsg("client certificates can only be checked if a root certificate store is available")));
		/* If we loaded a root certificate store, and if a certificate is
		 * present on the client, then it has been verified against our root
		 * certificate store, and the connection would have been aborted
		 * already if it didn't verify ok. */
		if (!port->peer_cert_valid)
			ereport(FATAL, (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), errmsg("connection requires a valid client certificate")));
	}

根据不同的认证方法,进行相应的认证过程

	/* Now proceed to do the actual authentication check */
	switch (port->hba->auth_method) {
		case uaReject: {
			/* An explicit "reject" entry in pg_hba.conf.  This report exposes
			 * the fact that there's an explicit reject entry, which is
			 * perhaps not so desirable from a security standpoint; but the
			 * message for an implicit reject could confuse the DBA a lot when
			 * the true situation is a match to an explicit reject.  And we
			 * don't want to change the message for an implicit reject.  As
			 * noted below, the additional information shown here doesn't
			 * expose anything not known to an attacker. */		
				char		hostinfo[NI_MAXHOST];
				const char *encryption_state;
				pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,hostinfo, sizeof(hostinfo),NULL, 0,NI_NUMERICHOST);
				encryption_state =
#ifdef ENABLE_GSS
					(port->gss && port->gss->enc) ? _("GSS encryption") :
#endif
#ifdef USE_SSL
					port->ssl_in_use ? _("SSL on") :
#endif
					_("SSL off");
				if (am_walsender)
					ereport(FATAL,(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),/* translator: last %s describes encryption state */errmsg("pg_hba.conf rejects replication connection for host \"%s\", user \"%s\", %s",hostinfo, port->user_name,encryption_state)));
				else
					ereport(FATAL, (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), /* translator: last %s describes encryption state */ errmsg("pg_hba.conf rejects connection for host \"%s\", user \"%s\", database \"%s\", %s", hostinfo, port->user_name, port->database_name, encryption_state)));
				break;
			}
		case uaImplicitReject: {
			/* No matching entry, so tell the user we fell through.
			 * NOTE: the extra info reported here is not a security breach,
			 * because all that info is known at the frontend and must be
			 * assumed known to bad guys.  We're merely helping out the less
			 * clueful good guys. */
			
				char		hostinfo[NI_MAXHOST];
				const char *encryption_state;
				pg_getnameinfo_all(&port->raddr.addr, port->raddr.salen,hostinfo, sizeof(hostinfo),NULL, 0,NI_NUMERICHOST);
				encryption_state =
#ifdef ENABLE_GSS
					(port->gss && port->gss->enc) ? _("GSS encryption") :
#endif
#ifdef USE_SSL
					port->ssl_in_use ? _("SSL on") :
#endif
					_("SSL off");
#define HOSTNAME_LOOKUP_DETAIL(port) (port->remote_hostname ? (port->remote_hostname_resolv == +1 ? errdetail_log("Client IP address resolved to \"%s\", forward lookup matches.", port->remote_hostname) : port->remote_hostname_resolv == 0 ? errdetail_log("Client IP address resolved to \"%s\", forward lookup not checked.", port->remote_hostname) : port->remote_hostname_resolv == -1 ? errdetail_log("Client IP address resolved to \"%s\", forward lookup does not match.", port->remote_hostname) : port->remote_hostname_resolv == -2 ? errdetail_log("Could not translate client host name \"%s\" to IP address: %s.", port->remote_hostname, gai_strerror(port->remote_hostname_errcode)) : 0) : (port->remote_hostname_resolv == -2 ? errdetail_log("Could not resolve client IP address to a host name: %s.",  gai_strerror(port->remote_hostname_errcode)) : 0))
				if (am_walsender)
					ereport(FATAL,(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),/* translator: last %s describes encryption state */errmsg("no pg_hba.conf entry for replication connection from host \"%s\", user \"%s\", %s",hostinfo, port->user_name,encryption_state),HOSTNAME_LOOKUP_DETAIL(port)));
				else
					ereport(FATAL,(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),/* translator: last %s describes encryption state */errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",hostinfo, port->user_name,port->database_name,encryption_state),HOSTNAME_LOOKUP_DETAIL(port)));
				break;
			}
		case uaGSS:
#ifdef ENABLE_GSS
			/* We might or might not have the gss workspace already */
			if (port->gss == NULL)
				port->gss = (pg_gssinfo *)MemoryContextAllocZero(TopMemoryContext,sizeof(pg_gssinfo));
			port->gss->auth = true;
			/* If GSS state was set up while enabling encryption, we can just
			 * check the client's principal.  Otherwise, ask for it. */
			if (port->gss->enc) status = pg_GSS_checkauth(port);
			else{
				sendAuthRequest(port, AUTH_REQ_GSS, NULL, 0);
				status = pg_GSS_recvauth(port);
			}
#else
			Assert(false);
#endif
			break;

		case uaSSPI:
#ifdef ENABLE_SSPI
			if (port->gss == NULL)
				port->gss = (pg_gssinfo *)MemoryContextAllocZero(TopMemoryContext,sizeof(pg_gssinfo));
			sendAuthRequest(port, AUTH_REQ_SSPI, NULL, 0);
			status = pg_SSPI_recvauth(port);
#else
			Assert(false);
#endif
			break;

		case uaPeer:
#ifdef HAVE_UNIX_SOCKETS
			status = auth_peer(port);
#else
			Assert(false);
#endif
			break;
		case uaIdent:
			status = ident_inet(port);
			break;
		case uaMD5:
		case uaSCRAM:
			status = CheckPWChallengeAuth(port, &logdetail);
			break;
		case uaPassword:
			status = CheckPasswordAuth(port, &logdetail);
			break;
		case uaPAM:
#ifdef USE_PAM
			status = CheckPAMAuth(port, port->user_name, "");
#else
			Assert(false);
#endif							/* USE_PAM */
			break;
		case uaBSD:
#ifdef USE_BSD_AUTH
			status = CheckBSDAuth(port, port->user_name);
#else
			Assert(false);
#endif							/* USE_BSD_AUTH */
			break;
		case uaLDAP:
#ifdef USE_LDAP
			status = CheckLDAPAuth(port);
#else
			Assert(false);
#endif
			break;
		case uaRADIUS:
			status = CheckRADIUSAuth(port);
			break;
		case uaCert:
			/* uaCert will be treated as if clientcert=verify-full (uaTrust) */
		case uaTrust:
			status = STATUS_OK;
			break;
	}

	if ((status == STATUS_OK && port->hba->clientcert == clientCertFull) || port->hba->auth_method == uaCert) {
		/* Make sure we only check the certificate if we use the cert method
		 * or verify-full option. */
#ifdef USE_SSL
		status = CheckCertAuth(port);
#else
		Assert(false);
#endif
	}
	if (ClientAuthentication_hook)
		(*ClientAuthentication_hook) (port, status);
	if (status == STATUS_OK)
		sendAuthRequest(port, AUTH_REQ_OK, NULL, 0);
	else
		auth_failed(port, status, logdetail);
}

SendAuthRequest函数

SendAuthRequest函数向客户端发送认证请求

PostgreSQL源码分析——CHECKPOINT
内核思考
06-18 1114
在此之前的WAL日志,对应的Buffer中的脏页需要全部刷盘,也就是说,在此位置之前的WAL日志是不需要进行回放的,因为页已经落盘了。关于重做点,重做点其实就是当前WAL日志的插入点,或者说当前WAL日志记录的终点位置,从这个位置开始,之前的所有WAL日志对应的脏页刷盘,然后清理WAL日志,在进行checkpoint的过程中,其实业务是不停的,还会继续源源不断的产生WAL日志,后续产生的WAL日志就是从重做点开始的,而这部分WAL日志对于的脏页并没有被刷盘,所以崩溃恢复时,需要从这个重做点开始进行回放。
PostgreSQL源码分析——WAL日志(一)
内核思考
06-19 1618
WAL日志对数据库故障恢复,物理备份,事务处理等至关重要,这里我们分析一下WAL日志的相关内容。如果没有WAL日志文件,那么数据库需要在每次更新页面后,刷盘持久化才能提交,频繁的进行刷盘,并且是随机写,而且是整页的写,代价很大。对此,设计了WAL,每次只将对数据页的修改抽象成WAL日志记录,顺序写入WAL日志文件中,这就将随机写变为了顺序写入,并且文件的大小也有所减少,因为绝大部分情况不用整页写入了,减少了刷盘的代价。
postgresql内核源码分析-认证流程
一个追逐梦想的码农
10-26 944
postgresql 内核原码 认证
GBASE 8s 用户标示与鉴别
因为吃过天津一家超好吃的八珍豆腐从而改名为八珍豆腐的博客
07-26 1258
用户或应用向数据库系统出示自己的,最常见的用户标识是输入用户密码。用户标识用于唯一标识进入数据库系统的每个用户或应用的身份,因此必须保证标识具有。用户鉴别是指数据库系统检查并验证用户身份合法性的过程用户标识与鉴别的功能保证了只有合法的用户才可以进入数据库系统、访问数据库资源。用户标识是系统用于鉴别声明用户为系统合法用户的口令字串。在数据库管理系统注册时会获得一个用户名,系统会首先确认提交访问请求的用户名是否合法,如果合法,则进一步鉴别用户身份。用户鉴别是证明声明用户为系统合法用户过程。...
【一文读懂 PostgreSQL 三大认证体系:PG、PGCH、PGAI】
最新发布
weixin_63349582的博客
08-01 840
PostgreSQL专业认证体系包括PG、PGCHPGAI三大方向,为技术人员提供全方位成长路径。PG认证涵盖基础管理到高级应用,分PGCA、PGCE、PGCM三级;PGCH专注内核开发,分初级到高级三个层次;PGAI则聚焦AI与数据库融合应用。这些认证体系从基础运维、内核开发到AI前沿应用,为不同需求的从业者提供清晰的成长阶梯,助力企业数字化转型数据库技术发展。
通过数据库标识名、数据库用户数据库用户密码进行登陆
05-05
通过数据库标识名、数据库用户数据库用户密码,运行SQL语句查询
postgresql.conf ssl_cert_file
baidu_24377669的博客
05-31 173
PostgreSQL 10.1 手册_部分 III. 服务器管理_第 20 章 客户端认证_20.1. pg_hba.conf文件...
weixin_34239592的博客
10-03 278
20.1.pg_hba.conf文件 客户端认证是由一个配置文件(通常名为pg_hba.conf并被存放在数据库集簇目录中)控制(HBA表示基于主机的认证)。在initdb初始化数据目录时,它会安装一个默认的pg_hba.conf文件。不过我们也可以把认证配置文件放在其它地方; 参阅hba_file配置参数。 pg_hba.conf文件的常用格式...
PostgreSQL数据库学习DAY1——数据库与数据表的基本操作、数据类型与运算符
weixin_62985761的博客
03-13 447
本文为我的PostgreSQL的自学日记,我努力在7天之内学习并整理完PGSQL的所有基础内容,内容参考《PostgreSQL从入门到精通》
PostgreSQL源码分析——pg_control
内核思考
06-19 1072
pg_control是PostgreSQL中一个很重要的文件,我们之前讲到过PostgreSQL的启动过程,启动过程中很重要的一项工作就是故障恢复,启动startup进程,回放WAL日志进行故障恢复,而从哪里开始进行回放呢?这个位置的保存一定是在磁盘中,而不是在内存中,假设数据库因故障崩溃,内存中的数据会丢失,所以,只有checkpointer进程在做checkpoint操作时不断的更新pg_control文件,使之持久化保存,数据库启动进行故障恢复时,读取该文件,获得故障恢复的起始位置。
postgreSQL源码分析——索引的建立与使用——B-Tree索引(1)
m0_53446118的博客
10-24 5801
目录nbtree算法介绍二级目录三级目录 nbtree算法介绍 // nbtree.c var foo = 'bar'; 二级目录 三级目录
数据库原理】用户身份鉴别
m0_74093057的博客
11-26 1629
通过使用多种身份验证方法,如密码、双因素认证、生物识别等,可以有效增强数据库的安全性,防止未授权的访问潜在的数据泄露。用户身份鉴别(User Authentication)是数据库安全管理中的第一道防线,其主要目标是验证用户的身份,确保只有经过合法授权的用户才能访问数据库系统。身份鉴别通常是通过对用户提交的凭证进行验证来实现的,凭证可能是用户名、密码、指纹、智能卡等。• 概述:基于证书的身份验证依赖于公钥基础设施(PKI)数字证书,数字证书包含用户的身份信息公钥,可以用来验证用户的身份。
PostgreSQL客户端认证配置
雪辉博客
09-08 1532
文章目录1.1 连接方式TYPE1.2 数据库DATABASE1.3 用户名1.4 IP地址掩码1.5 身份验证模式   PostgreSQL的客户端认证是由一个配置文件pg_hba.conf控制的,该文件默认存放在数据目录下。   pg_hba.conf文件的格式如下: TYPE DATABASE USER ADDRESS METHOD local database user auth-method [auth-options] host databa
Postgresql - Client Authentication
chuckchen1222的博客
11-06 740
登录认证信息。 PG管理客户端登录主要是通过pg_hba.conf配置文件中的。   1. pg_hba.conf 文件。   Each record specifies a connection type, a client IP address range (if relevant for the connection type), a database name, a user n...
如何查看postgresql数据库用户?
热门推荐
塨的博客
01-17 4万+
postgres=# \du                              List of roles  Role name |                   Attributes                   | Member of  -----------+------------------------------------------------+-----
postgresql 10 ssl 双向认证
dna911的专栏
09-23 2734
一、服务器端的操作 #在server端生成三个文件 #root.crt中(受信任的根证书) #server.crt这(服务器证书) #server.key(私钥) #以上三个文件放在/path/to/data/目录下   #生成私钥(要提供密码) openssl genrsa -des3 -out server.key 2048   #删除密码 openssl rsa -in...
mysql如何创建用户标识_14.7.1.2 MySQL创建用户句法
weixin_28795271的博客
02-10 563
14.7.1.2 CREATE USER Syntax以下是MySQL 5.7.6及以上版本的CREATE USER句法CREATE USER [IF NOT EXISTS]user [auth_option] [, user [auth_option]] ...[REQUIRE {NONE | tls_option [[AND] tls_option] ...}][WITH resource_o...
关于 数据库中的标识
greenerycn的专栏
01-27 5892
今天练手写了一个投票管理系统.遇到一个问题,就是我数据库中的Votes表的主键是VotdID,我想让他自动产生ID,且递增.刚开始没注意,弄了半天也没弄好.原来在SQLServer 2005中,主要把数据类型的"标识规范"下面的 "标识增量","标识种子"设置一下就行了.PS:在SQL Server数据库中为标识(IDENTITY)列插入值但有的情况我们需要手动插入标识列的值,
PostgreSQL数据库用户认证
weixin_34248023的博客
10-23 200
PostgreSQL是现在比较流行的数据库之一,这个起源于伯克利(BSD)的数据库研究计划目前已经衍生成一项国际开发项目,并且有非常广泛的用户。据我了解国内四大国产数据库,其中三个都是基于PostgreSQL开发的。并且,因为许可证的灵活,任何人都可以以任何目的免费使用,修改,分发 PostgreSQL, 不管是私用,商用,还是学术研究使用。本文只是简单介绍一下post...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值