Subject Re: Internet
--- In IBDI@y..., John Culleton <service@w...> wrote:
> As a further suggestion: modify the example program apifull.c
> to give an error when the table name contains a $ and make the
> program the means of access for the end user. Do not give end user
> access to isql. Apifull allows SQL statements but does not include
> features like "SHOW TABLE".

I'm not web programmer and don't know technique they use, but if I
need high security, I place database where users have'nt file access,
make DCOM application server placed in such directory too and work
with database via 3-tier. Users don't know where database is, don't
know it's name and don't know even own password on SQL server -
appserver perform connects to database, thin client connects to
appserver using application password. Last can be placed in database
and retrived by appserver via additional connection.