| Subject | previleges according to date |
|---|---|
| Author | duilio_fos <irel_llc@libero.it> |
| Post date | 2002-12-28T11:23:51Z |
I need to define 3 different roles:
1. superuser, with all privileges (no problem here)
2. coordinator, with the ability to add, delete or modify any row
3. normal_user, with the ability to add, delete or modify only rows
with field date>=today
I thought to give all previleges to coordinators only.
Normal users will be able to insert/delete/modify rows thru SPs.
These SPs will check the field date value against the current date.
However I see a big security hole: normal users could change the PC
date and modify whatever row they want.
Is there any better solution ?
TIA
Duilio Foschi
1. superuser, with all privileges (no problem here)
2. coordinator, with the ability to add, delete or modify any row
3. normal_user, with the ability to add, delete or modify only rows
with field date>=today
I thought to give all previleges to coordinators only.
Normal users will be able to insert/delete/modify rows thru SPs.
These SPs will check the field date value against the current date.
However I see a big security hole: normal users could change the PC
date and modify whatever row they want.
Is there any better solution ?
TIA
Duilio Foschi