I make a service that monitors a table of users in the database and when an
insert or update is performed the service (running on the server) executes
all the commands necessary to make the security reflect the changes made in
this table.

The benefits of this is I get to use the table level security of
permissions, trigger checks, etc. to control the security settings. Most
importantly, I don't have to embed the SYSDBA password into the EXE of the
program in any format whatsoever. It stays in a service process running on
the server only. Totally isolated and secure.

I highly recommend people get in the habit of writing service applications.
It is amazing all of the things they make much simpler...

FWIW,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com

----- Original Message -----
From: "Geoff Worboys" <geoff@...>
To: <ib-support@egroups.com>
Sent: Monday, January 22, 2001 7:43 PM
Subject: Re: [ib-support] Changing password


> > It seems that I have to use the sysdba/masterkey password in
> > order to change a users password but that means I can't let
> > my users change their own passwords!
>
> This is correct and a real PITA. Different people handle this in
> different ways. What I do is...
>
> I grant update update access to PUBLIC on the password field (only) of
> the USERS table in ISC4.gdb. I then setup a BEFORE UPDATE trigger on
> this table that does something along the lines of...
>
> IF (USER <> 'SYSDBA') THEN BEGIN
> IF (USER <> OLD.USER_NAME) THEN
> EXCEPTION CANNOT_CHANGE_OTHERS_PWD;
> END
>
>
> Obviously there are variations on this theme depending on how
> sophisticated you want to get.
>
> HTH
>
> Geoff Worboys
> Telesis Computing
>
>
> To unsubscribe from this group, send an email to:
> ib-support-unsubscribe@egroups.com
>
>
>