| Subject | Re: [ib-support] Re: Connect to DB from Procedure ?? |
|---|---|
| Author | Damian Dowling |
| Post date | 2001-08-08T14:12:16Z |
At last i have gotten this Nondisclosure Agreement dropped. The situation
is as follows, A dev team who shall remain nameless has run into a wall
trying to add security onto a finished program (I know it is a bad idea).
The program works like this:
The program runs forms from inside packages that it loads at runtime. The
details of how and what to load are stored in a Control Database. The forms
then access through the main prog other Database files (one for each company).
Up until now security was very low, the main program logged onto the Server
and then the user entered a userid and password - this was checked against
a table to see if it was vaild. Once logged in the main program controlled
weather the user could run a package by looking up another table.
The problem is that they cannot easily log user activity, because the
server thinks the one user is doing everything. Also the Database owner
username and password is used everytime the program runs and is held in a
encoded ini file on the client.
They planned to fix the problems by having the users login to the server
properly, but how to update the user permissions on the other files while
still keeping the as much of the main program unaltered.
What i was thinking was that triggers would be added to the user and
permission tables in the Control DB that use UDFs to update the permissions
on the other files?
Anybody got a better idea? (hopefully one that keeps most of the work on
the server).
Thanks
Damian Dowling
IT Manager
Pallas Foods Ltd
Phone: + 353 69 20200
Fax: + 353 69 20201
Email: it-manager@...
is as follows, A dev team who shall remain nameless has run into a wall
trying to add security onto a finished program (I know it is a bad idea).
The program works like this:
The program runs forms from inside packages that it loads at runtime. The
details of how and what to load are stored in a Control Database. The forms
then access through the main prog other Database files (one for each company).
Up until now security was very low, the main program logged onto the Server
and then the user entered a userid and password - this was checked against
a table to see if it was vaild. Once logged in the main program controlled
weather the user could run a package by looking up another table.
The problem is that they cannot easily log user activity, because the
server thinks the one user is doing everything. Also the Database owner
username and password is used everytime the program runs and is held in a
encoded ini file on the client.
They planned to fix the problems by having the users login to the server
properly, but how to update the user permissions on the other files while
still keeping the as much of the main program unaltered.
What i was thinking was that triggers would be added to the user and
permission tables in the Control DB that use UDFs to update the permissions
on the other files?
Anybody got a better idea? (hopefully one that keeps most of the work on
the server).
Thanks
Damian Dowling
IT Manager
Pallas Foods Ltd
Phone: + 353 69 20200
Fax: + 353 69 20201
Email: it-manager@...