` Comment on an Icetips Article
Icetips - Templates, Tools & Utilities for Clarion Developers

Templates, Tools and Utilities
for Clarion Developers

Add a comment to an Icetips Article

Please add your comments to this article. Please note that you must provide both a name and a valid email address in order for us to publish your comment. Comments are moderated and are not visible until they have been approved. Spam is never approved!

Your Name:  
Email:  
Header text/Subject:  

Please enter your comment in the box below:
Back to article list   Search Articles     Add Comment     Printer friendly     Direct link  

SQL Related Articles: Security access to SQL databases
2002-07-21 -- Michael Gould
 
Newsgroups: softvelocity.products.c55ee Dan, With our application, we have a userid that our user's never see. It has DBA rights when they first log's into the DB. Before actually logging into the db though, we put up a login window. The first thing that happens is our unseen ID logs into the db, then does a SetUser which is used by ASA to that name. At that point, it locates the user record in our security tables and validates their password. From that point on, the user only has access to the tables and views that they are given rights to via our application. On the DB side, the user id that the user originally logged in with is totally unknown to the end user. Other tools don't have access because they don't have the rights to get to the db with those other tools. We will allow read access to certain views within the db from outside programs, but we give them the "read only" id to use. Michael Gould "Dan Pressnell" wrote in message news:3d3ae779$1@news.softvelocity.com... > > "Bharat" wrote in message > news:3d3ad887@news.softvelocity.com... > > I'm looking at buying SECWIN for user access levels etc. > > > > As I will use SQL more and more is this a bad move ?? > > > > What alternative are there ?? > > Secwin might work for you, but I think more word would be involved. > > Maybe I should clarify my point. > > If you use an add-on security tool, it will secure your application fine, I > think. But if after all is said and done, your application is written so > that it tries to access tables the user can't access, template generated > code will give you one error message after another. > > One way around that is to secure just your application, but give full access > to the user logged in with the app. But by giving so much access to the > user, you have a security problem, because with MS Access, a VB program, or > many simple free query tools, that user can gain access that he can't using > your app. > > So you are between a rock and a hard place. To prevent your programs > constant "access denied" (or whatever) error messages, you give full access. > But full access leaves a security hole for other apps and tools. On the > other hand, securing the database with user permissions causes your app to > choke. > > The solution, as I said, can be messy. But it's important. > > Dan > > >

Today is November 23, 2024, 2:16 am
This article has been viewed 35435 times.
Google search has resulted in 31 hits on this article since January 25, 2004.


Back to article list   Search Articles   Add Comment   Printer friendly

Login

User Name:

Password:


Gold Subscription
Buy Now
Silver Subscription
Buy Now
Solo Subscription
Buy Now
Multiple Copy Pricing
Renew Subscription