VServer class interface, security

[Ruslan Zasukhin]

on 5/7/03 1:30 AM, Keith DeLong at delong at redcort.com wrote:

>>> For security, I don't think we should retain the password as an object
>>> property.
>> 
>> Could you, please, explain it?

Igor, I think Keith means that Vserver class must not have such property.


> It seems to me that a server object in RAM of a client that possessed the
> host, port, username and password would make the server much less secure. My
> thinking was that the ability to hack everything but a password would be a
> good compromise for access verses security.
> 
> As long as we're talking about security:
> I've noticed you are using an sa user -- is this a hard coded sysadmin
> account? The better question might be 'how does one distinguish if the user
> has admin or just user rights?'
> 
> I'd like to have the master.vdb have the user table possess a name, password
> and type fields with the following types:
> 
> //type 1 = viewer          // read database
> //type 2 = user            // read/write database
> //type 3 = admin user      // designated admin functions

Keith,

For 2.0 release,
And 2.0 betas, when we switch to 2.0 kernel
We will significantly improve security.

We want be able assign to a user rights for
    db, table and column.

We will not do for 2.0 Rights per record, as this have e.g. SQL Server.

Igor, I think, Keith means that RIGHT NOW, you should add to table "Users"
The boolean field "IsAdministrator".
I have told you that in fact few users can be administrators.

And then in Vserver.AddUser() also must be added parameter -- bool flag.

-- 
Best regards,
Ruslan Zasukhin      [ I feel the need...the need for speed ]
-------------------------------------------------------------
e-mail: ruslan at paradigmasoft.com
web: http://www.paradigmasoft.com

To subscribe to the Valentina mail list go to:
http://lists.macserve.net/mailman/listinfo/valentina
-------------------------------------------------------------