| Subject | Re: Database and application security |
|---|---|
| Author | csswa |
| Post date | 2002-07-25T14:46:21Z |
Your requirements are detailed in this document:
http://www.volny.cz/iprenosil/interbase/ip_ib_isc4.htm
Regards,
Andrew Ferguson
--- In ib-support@y..., Christhonie Geldenhuys <christhonie@w...>
wrote:
http://www.volny.cz/iprenosil/interbase/ip_ib_isc4.htm
Regards,
Andrew Ferguson
--- In ib-support@y..., Christhonie Geldenhuys <christhonie@w...>
wrote:
> Hi all,want to
>
> I am a novice if it comes to implementing database security, so I
> know;storing the
>
> Is it a bad idea to use a generic user to log into the database,
> password within the application? I was planning to have my ownuser table
> and perform authentication on the client side, hashing the passwordentered
> (with MD5) and compare it to the hashed string in the table.accounts,
>
> The alternative (I guess) would be to use individual database user
> but I want the users to be able to change their own passwords, buthow do
> you do that? I am under the impression you need to be logged in asSYSDBA
> to accomplish this. Also, I want to keep track of failed loginattempts
> with a lockout count and lockout time. I would typically use theaccounts to
> TIBSecurityService component under Delphi to add and modify user
> isc4.gdb. I don't want to hard-code the SYSDBA password in myapplication,
> so what can I do?accomplish
>
> The IB documentation does not give enough information on how to
> this. Help would be appreciated!
>
> Regards,
> Chris