Thread: RE: No ODBC access to Informix...
View Single Post

   
  #2 (permalink)  
Old 04-20-2008, 07:03 AM
Art S. Kagel
 
Posts: n/a
Default RE: No ODBC access to Informix...
On Tue, 09 Nov 2004 09:57:56 -0500, Bill Dare wrote:


> I am working with an old application here at Jevic that was written by the
> Jevic ancients. And the ancients were not always wise. Security is
> implemented at the application level, so it is required that each user log
> in to his own account and that each user has insert/update/delete on every
> table in the database.

So my idea of changing the 'old app' to map the user's login to a different id
for connecting to the database will work. You create a userid mapping
function to be called from the 'old app' before connecting to the database.
The function either maps all users to the same privileged id or you can create a
mapping function that looks up the original id in a table (using the user's
original id or better a secret admin id in another database or file that noone
else has access to) and returns a specific substitute id for each user. That
substitute id would have full privileges on the database and the 'old app'
will use that id to connect to the database so that the 'old app' will still
work OK. If the user cobbles together his/her own odbc connection it will be
using his/her real id which is not privileged in the database, or has only
read privilege.

> Regards,
> Cowboy???

Have no idea where that came from. <looking contrite>

Art S. Kagel

>> -----Original Message-----
>> From: Art S. Kagel [SMTP:kagel@bloomberg.net] Sent: Monday, November 08,
>> 2004 3:49 PM To: informix-list@iiug.org Subject: RE: No ODBC access to
>> Informix...
>>
>> On Mon, 08 Nov 2004 14:00:45 -0500, Bill Dare wrote:
>>
>> WAIT just one minute there cowboy! Why not just disable the user's
>> update/insert/delete permissions on the database itself! The 'business'
>> app
>> can log into the database on the users' behalf using a different ID which
>> is
>> priveleged to modify the data. If doing that with a single login for all,
>> then create another small read-only database that maps real user-id and
>> password to a unique alter-ego user-id which will be used to connect to the
>> DB
>> server.
>>
>> Art S. Kagel
>>
>> >> I do not know Informix - but from my understanding there must be a way
>> to
>> >> totally disable ODBC access towards this database. I know a little
>> about
>> >> DB2 and Oracle and from there I have the following picture:
> sending to informix-list
Reply With Quote