At 03:48 PM 12/30/2001 -0500, Mike Arace wrote:

>1) a user is created with no permissions to do anything

OK.

>2) said user can log in through an application

OK

>3) some library is used to assign a predetermined role for that user which
>is only good for the current connection,

How does it decide what role to use?

> which prevents people from logging
>in through the app and then opening up a new connection directly to do their
>damage.

I don't see how they could do that... The client doesn't connect
to the database at all. The application connects so neither the
user name nor password is ever visible outside the trusted server.

>4) when the connection is closed, this role information is lost

Which connection? The connection between the application and the
client or between the application and the database.

>The system I am thinking of would be a web based application that would all
>be on trusted servers. I'm trying to handle all of the user features on the
>application level, using one database login to make the connections and
>query and insert. My concern is that someone who could figure out that one
>login could have a field day with the information in the database, if they
>could somehow reach it. As I said before, someone who can get to the box
>can do lots of other nasty things as well, which would also have to be
>protected against. I was just wondering if these facilities already exist
>in FB.
>
>Regards,
>Mike
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>
>
>
>To unsubscribe from this group, send an email to:
>ib-support-unsubscribe@egroups.com
>
>
>
>Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Regards,

Ann
www.ibphoenix.com
We have answers.