Subject | RE: [IBO] Setting up security |
---|---|
Author | Dion |
Post date | 2001-08-23T21:29Z |
Thanks Artur,
I'll give it a bash.
Regards,
Dion.
-----Original Message-----
From: Artur Anjos [mailto:arsoft@...]
Sent: Thursday, August 23, 2001 11:11 PM
To: IBObjects@yahoogroups.com
Subject: Re: [IBO] Setting up security
Dion:
For such a case, I suggest that you have two databases:
First Database, it will have just one table:
Create a user with no password or with a password embebed in EXE file that
have just read permissions to that table. This user will have no access to
the second database. That table will have just two fields: Code & UserName.
Second Database: Your own
In your application, the user will input a Code & Password. Connect to the
first DataBase & Pickup the username (you can build some kind of encript
scheme when reading/updating this table). Next, disconnect from this
database. Use the username you pick plus the password (the one the user
inputs) to logon to your main database.
If someone reads your exe file, he just have read access to the first
database. If you do not encript the username before post, he will know the
names of the users in the other database, but not the password.
If you want even more security, you can create another table in First
Database, wich contains the path to your main database in encrypt format
also.
It's not perfect, but it's a way. You can still use reserved words like USER
in your triggers.
Regards,
Artur
I'll give it a bash.
Regards,
Dion.
-----Original Message-----
From: Artur Anjos [mailto:arsoft@...]
Sent: Thursday, August 23, 2001 11:11 PM
To: IBObjects@yahoogroups.com
Subject: Re: [IBO] Setting up security
Dion:
For such a case, I suggest that you have two databases:
First Database, it will have just one table:
Create a user with no password or with a password embebed in EXE file that
have just read permissions to that table. This user will have no access to
the second database. That table will have just two fields: Code & UserName.
Second Database: Your own
In your application, the user will input a Code & Password. Connect to the
first DataBase & Pickup the username (you can build some kind of encript
scheme when reading/updating this table). Next, disconnect from this
database. Use the username you pick plus the password (the one the user
inputs) to logon to your main database.
If someone reads your exe file, he just have read access to the first
database. If you do not encript the username before post, he will know the
names of the users in the other database, but not the password.
If you want even more security, you can create another table in First
Database, wich contains the path to your main database in encrypt format
also.
It's not perfect, but it's a way. You can still use reserved words like USER
in your triggers.
Regards,
Artur
----- Original Message -----
From: Dion
To: IBObjects@yahoogroups.com
Sent: Wednesday, August 22, 2001 3:55 PM
Subject: [IBO] Setting up security
Hi,
If anyone has some time in hand please help me out, if not please point me
to the right user group.
I need advice with the following problem. I want to administer user rights
in a user table within a database. I basically want to store the users
rights in a field(per user). His rights will be loaded when his logon is
successful. It is here where the problem is. I will have to embed a user
name in the exe(bad idea) without a password(another one) sothat a
connection can be established in the background and validation done
against
the user table. The application will reflect the rights for this user when
they are loaded(ie menu items greyed etc). Is there a better way of
implementing user rights or permissions in this fashion. The users will
not
be able to access the db via other utilities like dbexplorer as they will
not have valid db usernames, as I have implemented my own user table.
Regards,
Dion.
Yahoo! Groups Sponsor
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
[Non-text portions of this message have been removed]
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/