--- In firebird-support@yahoogroups.com, Alexandre Benson Smith
<iblist@t...> wrote:

> At 01:18 09/01/2004 +0000, you wrote:
>
> >I've written a Windows application that uses Firebird v1.5. (Note:
> >I'm using C++ and the IBPP class wrappers.) I'm concerned about
> >someone using a different application or tool (e.g. isql.exe) to
> >modify the content of my database. This seems very easy to do

given

> >the Firebird Embedded version that allows a database to be open
> >without needing a username/password.
> >
> >Therefore, I'm looking for a technique to determine if my database
> >has been modified by another application. Here's what I've thought
> >of so far, all having some hurdle to get over:
> >
> >1. I was thinking of storing the database file-time in a .ini file
> >and compare that before I connect to the database, but this

approach

> >requires file-level access to the database file, which I may not

have

> >in a multi-user setup.
> >
> >2. I was also looking at the header checksum and the header
> >generation fields, but can I read those somehow? Also, is the

header

> >guaranteed to be updated if a table gets updated?
> >
> >3. Lastly, I was thinking about having a trigger update a counter

in

> >a user defined table. But how do I guarantee that trigger gets

fired

> >each time the database is opened by any application (is there some
> >update on a system-level table each time a database is opened)?
> >Using this technique, I could store the counter in a local ini and
> >compare it when I open the database.
> >
> >Any and all input will be appreciated. Thanks!
> >
> >Joe A.
>
>
> Hi Joe !
>
> I have read a good article by Ivan Prenosil sometime ago about

simulating

> an On Connect trigger by some hacks on isc4.gdb, take a look at this
>
> http://www.volny.cz/iprenosil/interbase/ip_ib_isc4.htm
>
>
> Did you say about multi-user enviroment and FB Embebbed, I supose

you will

> have diferent scenarios right ?
>
> You could revoke update to tables and grant only to SP's this can

help that

> only your code modify the table data.
>
> You could encrypt the data, so nobody can read or update the table

contents.

>
> I suppose that the control you want is nothing so sophisticated

since one

> of your thoughts is to store the counter/timestamp/etc in a INI

file, so I

> think these very simple sollutions can help.
>
> If you just want to know and do not mind if someone else is messing

around

> with your data, you could put triggers on insert, delete, update

for all

> tables that logs the last time something was changed to a "log

table" and

> when your application starts compares the timestamp stored in

your "log

> table" with the timestamp of the last time your application run

(finalized)

> stored somewhere else.
>
> If you want something very very very simple to prevent a "basic

user" to

> modify your data direct with isql for example you could put a

trigger on

> before insert, delete, update to check if a value in some flag

table is set

> and if not abort the statement. When your application starts set

the flag

> to true, when closes sets it to false. As you can see not "rock

solid" ;-)

> but can help a little bit. I think the time spent in some solution

may

> depend on the importance of someone messing with your data.
>
>
> HTH
>
>
> Alexandre Benson Smith
> Development
> THOR Software e Comercial Ltda.
> Santo Andre - Sao Paulo - Brazil
> www.thorsoftware.com.br
>
> ----------
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.558 / Virus Database: 350 - Release Date: 02/01/2004
>
>
> [Non-text portions of this message have been removed]