Re: Limiting SQL Access

It seems there is some confusion on the list as to how you define abuse.
Some are interpreting abuse as accessing or modifying data that they should
not be.  Some are interpreting it as running a large query that affected
processor performance.  Your definition please?

I am going under the assumption that it is data access/modifying that you
are trying to control.

Ideally you should control the access to data in the files themselves.  The
normal way is to deny everyone and to use programs which adopt authority.
Kinda puts a crimp in your style if you do any Client/Server programming.
Requires you to be more creative.

Failing this then you might want to consider changing the authority to the
STRSQL command.  Someone mentioned that people can still update files using
QMQRY objects (see STRQM or STRQMQRY).  The cool thing about STRQM is that
you can limit which users can run which command.  For example if you want
someone to be able to run SELECT but not UPDATE or DELETE you can.

This is just the tip of the iceberg though, if you are not going to control
access to the data itself.  Because then you have to lock down so many
other things:  UPDDTA, WRKDBF, CPYF, CLRPFM, DLTF, exit points, and on and
on and on...

Rob Berendt

==================
Remember the Cole!


                                                                                
                                              
                    "Jnb ZI, Christophe                                         
                                              
                    Wenk"                           To:     
MIDRANGE-L@midrange.com                                           
                    <christophe.wenk@kuehne-        cc:                         
                                              
                    nagel.com>                      Subject:     Limiting SQL 
Access                                          
                    Sent by:                                                    
                                              
                    owner-midrange-l@midrang                                    
                                              
                    e.com                                                       
                                              
                                                                                
                                              
                                                                                
                                              
                    11/28/00 01:56 AM                                           
                                              
                    Please respond to                                           
                                              
                    MIDRANGE-L                                                  
                                              
                                                                                
                                              
                                                                                
                                              




I would like to restrict the usage of SQL. Since we had some abuse on SQL
I would like to have a  Validity checking program on Userprofiles
when executing STRSQL.
Does anybody have something like that ?

Thanks a lot
Chris






+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---