| Subject | Re: [IBO] Setting up security |
|---|---|
| Author | Artur Anjos |
| Post date | 2001-08-23T21:10:57Z |
Dion:
For such a case, I suggest that you have two databases:
First Database, it will have just one table:
Create a user with no password or with a password embebed in EXE file that have just read permissions to that table. This user will have no access to the second database. That table will have just two fields: Code & UserName.
Second Database: Your own
In your application, the user will input a Code & Password. Connect to the first DataBase & Pickup the username (you can build some kind of encript scheme when reading/updating this table). Next, disconnect from this database. Use the username you pick plus the password (the one the user inputs) to logon to your main database.
If someone reads your exe file, he just have read access to the first database. If you do not encript the username before post, he will know the names of the users in the other database, but not the password.
If you want even more security, you can create another table in First Database, wich contains the path to your main database in encrypt format also.
It's not perfect, but it's a way. You can still use reserved words like USER in your triggers.
Regards,
Artur
For such a case, I suggest that you have two databases:
First Database, it will have just one table:
Create a user with no password or with a password embebed in EXE file that have just read permissions to that table. This user will have no access to the second database. That table will have just two fields: Code & UserName.
Second Database: Your own
In your application, the user will input a Code & Password. Connect to the first DataBase & Pickup the username (you can build some kind of encript scheme when reading/updating this table). Next, disconnect from this database. Use the username you pick plus the password (the one the user inputs) to logon to your main database.
If someone reads your exe file, he just have read access to the first database. If you do not encript the username before post, he will know the names of the users in the other database, but not the password.
If you want even more security, you can create another table in First Database, wich contains the path to your main database in encrypt format also.
It's not perfect, but it's a way. You can still use reserved words like USER in your triggers.
Regards,
Artur
----- Original Message -----
From: Dion
To: IBObjects@yahoogroups.com
Sent: Wednesday, August 22, 2001 3:55 PM
Subject: [IBO] Setting up security
Hi,
If anyone has some time in hand please help me out, if not please point me
to the right user group.
I need advice with the following problem. I want to administer user rights
in a user table within a database. I basically want to store the users
rights in a field(per user). His rights will be loaded when his logon is
successful. It is here where the problem is. I will have to embed a user
name in the exe(bad idea) without a password(another one) sothat a
connection can be established in the background and validation done against
the user table. The application will reflect the rights for this user when
they are loaded(ie menu items greyed etc). Is there a better way of
implementing user rights or permissions in this fashion. The users will not
be able to access the db via other utilities like dbexplorer as they will
not have valid db usernames, as I have implemented my own user table.
Regards,
Dion.
Yahoo! Groups Sponsor
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
[Non-text portions of this message have been removed]