SEO

#1 (**permalink**) 04-20-2008, 07:03 AM

I am working with an old application here at Jevic that was written by the
Jevic ancients. And the ancients were not always wise. Security is
implemented at the application level, so it is required that each user log
in to his own account and that each user has insert/update/delete on every
table in the database.

Regards,
Cowboy???

> -----Original Message-----
> From: Art S. Kagel [SMTP:kagel@bloomberg.net]
> Sent: Monday, November 08, 2004 3:49 PM
> To: informix-list@iiug.org
> Subject: RE: No ODBC access to Informix...
>
> On Mon, 08 Nov 2004 14:00:45 -0500, Bill Dare wrote:
>
> WAIT just one minute there cowboy! Why not just disable the user's
> update/insert/delete permissions on the database itself! The 'business'
> app
> can log into the database on the users' behalf using a different ID which
> is
> priveleged to modify the data. If doing that with a single login for all,
> then create another small read-only database that maps real user-id and
> password to a unique alter-ego user-id which will be used to connect to
> the DB
> server.
>
> Art S. Kagel
>
> >> I do not know Informix - but from my understanding there must be a way
> to
> >> totally disable ODBC access towards this database. I know a little
> about
> >> DB2 and Oracle and from there I have the following picture:
sending to informix-list

#2 (**permalink**) 04-20-2008, 07:03 AM

On Tue, 09 Nov 2004 09:57:56 -0500, Bill Dare wrote:

> I am working with an old application here at Jevic that was written by the
> Jevic ancients. And the ancients were not always wise. Security is
> implemented at the application level, so it is required that each user log
> in to his own account and that each user has insert/update/delete on every
> table in the database.

So my idea of changing the 'old app' to map the user's login to a different id
for connecting to the database will work. You create a userid mapping
function to be called from the 'old app' before connecting to the database.
The function either maps all users to the same privileged id or you can create a
mapping function that looks up the original id in a table (using the user's
original id or better a secret admin id in another database or file that noone
else has access to) and returns a specific substitute id for each user. That
substitute id would have full privileges on the database and the 'old app'
will use that id to connect to the database so that the 'old app' will still
work OK. If the user cobbles together his/her own odbc connection it will be
using his/her real id which is not privileged in the database, or has only
read privilege.

> Regards,
> Cowboy???

Have no idea where that came from. <looking contrite>

Art S. Kagel

>> -----Original Message-----
>> From: Art S. Kagel [SMTP:kagel@bloomberg.net] Sent: Monday, November 08,
>> 2004 3:49 PM To: informix-list@iiug.org Subject: RE: No ODBC access to
>> Informix...
>>
>> On Mon, 08 Nov 2004 14:00:45 -0500, Bill Dare wrote:
>>
>> WAIT just one minute there cowboy! Why not just disable the user's
>> update/insert/delete permissions on the database itself! The 'business'
>> app
>> can log into the database on the users' behalf using a different ID which
>> is
>> priveleged to modify the data. If doing that with a single login for all,
>> then create another small read-only database that maps real user-id and
>> password to a unique alter-ego user-id which will be used to connect to the
>> DB
>> server.
>>
>> Art S. Kagel
>>
>> >> I do not know Informix - but from my understanding there must be a way
>> to
>> >> totally disable ODBC access towards this database. I know a little
>> about
>> >> DB2 and Oracle and from there I have the following picture:
> sending to informix-list

#3 (**permalink**) 04-20-2008, 07:03 AM

Bill :

"We have some kind of a pre-fab ERP solution in house. From any PC a
telnet session is used to connect to the Solaris and to start the
application."

This does not use Informix ODBC and requires no informix networking
utiilities on the PC.

"So far reporting has been done using MS Query/ODBC."

This does requrie Informix ODBC and does require informix networking
utilities on the PC.

Therefore only install the Informix networking utilities and ODBC
driver on the PCs of the users that require this access. Don't let the
other users know what the tcp port being used for this access is.

Bill Dare <dareb@jevic.com> wrote in message news:<1100020241.9Bar9R147kUlJjRAYe4IWQ@teranews>. ..
> I am working with an old application here at Jevic that was written by the
> Jevic ancients. And the ancients were not always wise. Security is
> implemented at the application level, so it is required that each user log
> in to his own account and that each user has insert/update/delete on every
> table in the database.
>
> Regards,
> Cowboy???
>
> > -----Original Message-----
> > From: Art S. Kagel [SMTP:kagel@bloomberg.net]
> > Sent: Monday, November 08, 2004 3:49 PM
> > To: informix-list@iiug.org
> > Subject: RE: No ODBC access to Informix...
> >
> > On Mon, 08 Nov 2004 14:00:45 -0500, Bill Dare wrote:
> >
> > WAIT just one minute there cowboy! Why not just disable the user's
> > update/insert/delete permissions on the database itself! The 'business'
> > app
> > can log into the database on the users' behalf using a different ID which
> > is
> > priveleged to modify the data. If doing that with a single login for all,
> > then create another small read-only database that maps real user-id and
> > password to a unique alter-ego user-id which will be used to connect to
> > the DB
> > server.
> >
> > Art S. Kagel
> >
> > >> I do not know Informix - but from my understanding there must be a way
> to
> > >> totally disable ODBC access towards this database. I know a little
> about
> > >> DB2 and Oracle and from there I have the following picture:
> sending to informix-list

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode