| Subject | TIB_Connection.SQLRole doesn't verify |
|---|---|
| Author | Brian Nuckels |
| Post date | 2001-01-15T21:14:46Z |
It appears that TIB_Connection does not verify that a user is
actually a member of the SQL ROLE that was specified in the Login
Prompt. This is a big problem because I began designing my app
around ROLE security. The user of my app can select
the "administrators" role, even if they are not a member,
successfully login, and then gain access to areas of the application
they should not.
Any solution to this? It seems like a bug in IBO to me, as IBO could
easily check this at the time it is verifying the user's password.
Is there something I'm just missing?
Thanks,
Brian Nuckels
actually a member of the SQL ROLE that was specified in the Login
Prompt. This is a big problem because I began designing my app
around ROLE security. The user of my app can select
the "administrators" role, even if they are not a member,
successfully login, and then gain access to areas of the application
they should not.
Any solution to this? It seems like a bug in IBO to me, as IBO could
easily check this at the time it is verifying the user's password.
Is there something I'm just missing?
Thanks,
Brian Nuckels