Joel Shellman wrote:
> I want to write a client for multiple users that can access the same
> database. They have to be able to read and write on the same table. Is there
> anyway to make it so that a given user can only update his own information?
> The problem is that if someone reverse engineered my client, they could get
> the username and password. Even if these were unique to him, he could still
> modify that table and other users information.
> I guess the proper way would be to write a server side process and then use
> CORBA/something to access the server side process so that user/passwords are
> never on the client. Is there any way to do it direct, though?
> Joel Shellman
> knOcean Interactive Corporation
I believe a good principle of creating clients for a public-access
database to have them go through a server interface that you have
written. Even if direct access to the database can give you the level of
control you need, there is always a possibility that you may want to
have something it does not support in the future. Plus, a mistake in the
database configuration would not automatically open up a security hole -
there will be another level of access control that the indruder would
have to break through first.