Subject Re: [IBDI] Re: Internet
Author John Culleton
> I'm not web programmer and don't know technique they use, but if I
> need high security, I place database where users have'nt file access,
> make DCOM application server placed in such directory too and work
> with database via 3-tier. Users don't know where database is, don't
> know it's name and don't know even own password on SQL server -
> appserver perform connects to database, thin client connects to
> appserver using application password. Last can be placed in database
> and retrived by appserver via additional connection.
> Community email addresses:
> Post message:
> Subscribe:
> Unsubscribe:
> List owner:
> Shortcut URL to this page:
> Your use of Yahoo! Groups is subject to
We agree. I ausggested as one form of security that the user retreive data via
an html page and a cgi program which is not available to the user
directly. This would lock users/intruders out of the dbms. Your
alternative is more elaborate but should work equally as well,
maybe better.

However this begs the question of what to do on a machine where
users need some sort of direct SQL access. In this more difficult
situation I suggested locking up the utilities like isql and
using a program modelled after "apfull" but with security features built

Perhaps the folks who are working with the Open Source version of
Interbase will take this security issue as a priority item.

John Culleton