List:General Discussion« Previous MessageNext Message »
From:Sasha Pachev Date:July 18 1999 4:18pm
Subject:Re: How do you restrict access from a client
View as plain text  
Joel Shellman wrote:
> 
> I want to write a client for multiple users that can access the same
> database. They have to be able to read and write on the same table. Is there
> anyway to make it so that a given user can only update his own information?
> 
> The problem is that if someone reverse engineered my client, they could get
> the username and password. Even if these were unique to him, he could still
> modify that table and other users information.
> 
> I guess the proper way would be to write a server side process and then use
> CORBA/something to access the server side process so that user/passwords are
> never on the client. Is there any way to do it direct, though?
> 
> Joel Shellman
> knOcean Interactive Corporation
> http://corp.knOcean.com/
> 

I believe a good principle of creating clients for a public-access
database to have them go through a server interface that you have
written. Even if direct access to the database can give you the level of
control you need, there is always a possibility that you may want to
have something it does not support in the future. Plus, a mistake in the
database configuration would not automatically open up a security hole -
there will be another level of access control that the indruder would
have to break through first.



-- 
Sasha Pachev
http://www.sashanet.com
Thread
How do you restrict access from a clientJoel Shellman17 Jul
  • Re: How do you restrict access from a clientPaul DuBois17 Jul
  • Re: How do you restrict access from a clientSasha Pachev18 Jul