Thanks Andrew, that was...WOW...fast! Just what I needed!


-----Original Message-----
From: csswa [mailto:csswa@...]
Sent: 25 July 2002 16:46
To: ib-support@yahoogroups.com
Subject: [ib-support] Re: Database and application security



Your requirements are detailed in this document:

http://www.volny.cz/iprenosil/interbase/ip_ib_isc4.htm

Regards,
Andrew Ferguson


--- In ib-support@y..., Christhonie Geldenhuys <christhonie@w...>
wrote:

> Hi all,
>
> I am a novice if it comes to implementing database security, so I

want to

> know;
>
> Is it a bad idea to use a generic user to log into the database,

storing the

> password within the application? I was planning to have my own

user table

> and perform authentication on the client side, hashing the password

entered

> (with MD5) and compare it to the hashed string in the table.
>
> The alternative (I guess) would be to use individual database user

accounts,

> but I want the users to be able to change their own passwords, but

how do

> you do that? I am under the impression you need to be logged in as

SYSDBA

> to accomplish this. Also, I want to keep track of failed login

attempts

> with a lockout count and lockout time. I would typically use the
> TIBSecurityService component under Delphi to add and modify user

accounts to

> isc4.gdb. I don't want to hard-code the SYSDBA password in my

application,

> so what can I do?
>
> The IB documentation does not give enough information on how to

accomplish

> this. Help would be appreciated!
>
> Regards,
> Chris

Yahoo! Groups Sponsor
ADVERTISEMENT



To unsubscribe from this group, send an email to:
ib-support-unsubscribe@egroups.com



Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.