Security access to SQL databases (Michael Gould)

Back to article list Search Articles Add Comment Printer friendly Direct link

SQL Related Articles: Security access to SQL databases
2002-07-21 -- Michael Gould

Newsgroups: softvelocity.products.c55ee

Dan,

With our application, we have a userid that our user's never see.  It has
DBA rights when they first log's into the DB. Before actually logging into
the db though, we put up a login window.  The first thing that happens is
our unseen ID logs into the db, then does a SetUser which is used by ASA to
that name.  At that point, it locates the user record in our security tables
and validates their password.  From that point on, the user only has access
to the tables and views that they are given rights to via our application.

On the DB side, the user id that the user originally logged in with is
totally unknown to the end user.  Other tools don't have access because they
don't have the rights to get to the db with those other tools.  We will
allow read access to certain views within the db from outside programs, but
we give them the "read only" id to use.

Michael Gould

"Dan Pressnell"  wrote in message
news:3d3ae779$1@news.softvelocity.com...
>
> "Bharat"  wrote in message
> news:3d3ad887@news.softvelocity.com...
> > I'm looking at buying SECWIN for user access levels etc.
> >
> > As I will use SQL more and more is this a bad move ??
> >
> > What alternative are there ??
>
> Secwin might work for you, but I think more word would be involved.
>
> Maybe I should clarify my point.
>
> If you use an add-on security tool, it will secure your application fine,
I
> think.  But if after all is said and done, your application is written so
> that it tries to access tables the user can't access, template generated
> code will give you one error message after another.
>
> One way around that is to secure just your application, but give full
access
> to the user logged in with the app.  But by giving so much access to the
> user, you have a security problem, because with MS Access, a VB program,
or
> many simple free query tools, that user can gain access that he can't
using
> your app.
>
> So you are between a rock and a hard place.  To prevent your programs
> constant "access denied" (or whatever) error messages, you give full
access.
> But full access leaves a security hole for other apps and tools.  On the
> other hand, securing the database with user permissions causes your app to
> choke.
>
> The solution, as I said, can be messy.  But it's important.
>
> Dan
>
>
>

Today is November 21, 2024, 3:43 am
This article has been viewed 35430 times.
Google search has resulted in 31 hits on this article since January 25, 2004.

Back to article list Search Articles Add Comment Printer friendly

Templates, Tools and Utilities
for Clarion Developers

Icetips Article

Templates, Tools and Utilities for Clarion Developers
	Home Products Download Documentation Demos Support Articles About Buy ALL PRODUCTS Build Automator Checkbox Fixer Icetips Utilities Magic Buttons Magic Entries Magic Locks OutlookBar Power ToolBar Report Previewer SQL Templates TaskPanel Window Fixer XP Theme Xplore GOLD SUBSCRIPTION SILVER SUBSCRIPTION SOLO SUBSCRIPTION Compare Gold/Silver Products Documentation Demos Free SQL Stuff Other Free Stuff PAR2 files Tips & Tricks - NEW Icetips Blog Icetips News Icetips on Facebook Icetips on Twitter Icetips on Youtube All Articles Search articles Top Ten articles Articles by Category Video tutorials What is Clarion? Support Options Live Support Email & Mail Icetips Blog Icetips on Twitter Gold Subscription Silver Subscription Solo Subscription Recurring Subscription Compare Gold & Silver Renew Your Subscription Multiple Copy Pricing

Templates, Tools and Utilitiesfor Clarion Developers

Icetips Article

Templates, Tools and Utilities
for Clarion Developers