Security

Security

Post by Chris Hul » Thu, 14 Dec 2000 07:24:02



I am hosting a FM4 database on a server. There are a number of customers
using the database via a web site.  The search page resides on their web
site and they are restricted to viewing only their records by usin a hidden
search based on user id.  All the customers update from their pc using the
File Host command which is run using a script.  However if they log in
manually they can access all the records and potentially delete othe users
records.

We also have the ability to edit via the web using Web security to restrict
them to their own customers only.

Is their any way that host login can be password restricted so that a
customer can only access their records.

Chris

 
 
 

Security

Post by Ronal » Tue, 19 Dec 2000 06:50:53




Quote:> I am hosting a FM4 database on a server. There are a number of customers
> using the database via a web site.  The search page resides on their web
> site and they are restricted to viewing only their records by usin a
hidden
> search based on user id.  All the customers update from their pc using the
> File Host command which is run using a script.  However if they log in
> manually they can access all the records and potentially delete othe users
> records.
> Is their any way that host login can be password restricted so that a
> customer can only access their records.

> Chris

Hi Chris,

I'm not sure, but the only way AFAIK to keep users to their own records is
by letting them do everything with scripts instead of giving them access to
the menu option (like find). This will make it possible to add their userID
to every search they make in the database. Probably you'd have to have a
auto start script aswell when the file opens to put them in situation where
no harm to records of others can be done.
It's kind-a similar as you're doing with the web-connected users. Be aware
though the altering the URL in the browser by hand (if someone knows a
little CDML) will actually give them access to ALL records!

If somebody knows a good way to secure this, please let us know !
Until then I say to my users that everything on the internet is insecure, so
don't put it on the web if a hack can really get to you or your firm.

Succes!
Ronald

 
 
 

1. Database Security and VB Front End Security

How to Control the database security in SQL Server and VB program.

For e.g.

 The user is revoke the UPDATE from Employee table, if VB is display a
dialog the Employee details, the DELETE button and UPDATE buttons is
enabled, if the user press UPDATE button, what will happen  ?

Of the reporting is using JOIN with two table, one is master and one
is details, if the SQL Server master table is not allow to do SELECT,
once the JOIN occurs what will happen in my VB program.

What is the efficiency way to control the security in this situation.

Chin Siang

2. Pages size in MS/SQL server 7

3. Application Security and NT Security Integration Questions

4. 9i (9.2.0.1.0) Install problems

5. Security ideas for row-level (entity) security

6. Help with rudimentary Visual Basic 5.0 database connectivity

7. NT Integrated Security Without SQL Security Manager ?

8. pgsql/contrib/ltree/data

9. associating front end security with back-end security

10. MSDE Security Vs Access Security

11. change from integrated security to nt only security

12. Integrated Security & Security Manager