Subject | Re: [IBO] limiting concurrent users |
---|---|
Author | staff@belding |
Post date | 2001-07-08T07:54:16Z |
Hello Spou
----- Original Message -----
From: <spou@...>
To: <IBObjects@yahoogroups.com>
Sent: Sunday, July 08, 2001 5:45 PM
Subject: Re: [IBO] limiting concurrent users
> hey Russell!
>
> following the outline you gave me, I used this day to make such a
> functionnality.
>
> BTW, I already knew that users log into the database, not the tables,
> but I thougt that it would be the correct wording (hey, Geoff? :-) )
OK.
Each of us will likely have different requirements. My app users do not need
to know what a database is. They run the app and it logs into the database
with its own signature. You could is the IP address or Disk Serno of C:\ or
combination or other information as the login signature of the app the pc is
using to try to get a single valued signature of the pc.
>
> the only drawback I found was that the users *could* use the same
> username/password, and defeat the system. to defend myself against
> this comportment, I also log the ip adress.
I use another signature to defeat the problem you have noticed.
>
> So, I use the username + IP pair to authorize the login/access to the
> "zone". if the pair is different, that "connection" becomes a new
> user.
>
> The login and logout are done at the client. At the login, I first
> delete all connections older than 15 minutes, in case a client
> aborted. I then authorize/refuse access to the zone. A "keepalive"
> is sent every 15 minutes once the zone is entered.
>
I have used "delete users older than 16 min" to avoid bounday timing
clashes, but I am unsure if there are any boundary problems. I suspect there
are and they would be rare and they are handled by the server procedures
anyhow.
> Just in case, I log the connections data using jumblestring, except
> the keepalive timestamp. As stated in the docs, jumble is not the
> best encrypting algo, but I think it is good enough to keep even power
> users at bay. the customers rareley have real hackers in house,
> orelse, they would be doing the programming...
>
> I realize, after reading Geoff's comment about terminal servers and
> linux, that this is not the perfect solution. A problem could also
> arise if the clients are in various timezones. This is however the
> best thing I could come up with on a relative short notice. Now that
> I have something working (ie:good enough for now), it could be
> interesting to find a way to limit concurrent users (in a zone or at
> large) in a more complete and extended way.
Are there any timezone problems if you use the time in the IB Server, not
the time on the client PC? Don't think so. In order to do timing arithmetic
you must use the server time only, even if you have one only time zone.
Best wishes
Russell