| Subject | Re: [IBO] TIB_Connection.SQLRole doesn't verify |
|---|---|
| Author | Jason Wharton |
| Post date | 2001-01-15T21:34:24Z |
IBO's job is to harness the capabilities of the server. I think if this
feature is to be enforced that it should be done in the server. Otherwise, I
have to make additional calls when establishing a connection and that adds
to the hit on performance significantly.
FWIW,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com
feature is to be enforced that it should be done in the server. Otherwise, I
have to make additional calls when establishing a connection and that adds
to the hit on performance significantly.
FWIW,
Jason Wharton
CPS - Mesa AZ
http://www.ibobjects.com
----- Original Message -----
From: "Brian Nuckels" <bnuckels@...>
To: <IBObjects@egroups.com>
Sent: Monday, January 15, 2001 2:14 PM
Subject: [IBO] TIB_Connection.SQLRole doesn't verify
> It appears that TIB_Connection does not verify that a user is
> actually a member of the SQL ROLE that was specified in the Login
> Prompt. This is a big problem because I began designing my app
> around ROLE security. The user of my app can select
> the "administrators" role, even if they are not a member,
> successfully login, and then gain access to areas of the application
> they should not.
>
> Any solution to this? It seems like a bug in IBO to me, as IBO could
> easily check this at the time it is verifying the user's password.
> Is there something I'm just missing?
>
> Thanks,
>
> Brian Nuckels
>
>
>
>