× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2000

Re: Limiting SQL Access

  • Subject: Re: Limiting SQL Access
  • From: Carel Teijgeler <teygeler@xxxxxxx>
  • Date: Tue, 28 Nov 2000 20:19:20 +0100
 
rob@dekko.com wrote:

> It seems there is some confusion on the list as to how you define abuse.
> Some are interpreting abuse as accessing or modifying data that they should
> not be.  Some are interpreting it as running a large query that affected
> processor performance.  Your definition please?
>
> I am going under the assumption that it is data access/modifying that you
> are trying to control.
>
> Ideally you should control the access to data in the files themselves.  The
> normal way is to deny everyone and to use programs which adopt authority.
> Kinda puts a crimp in your style if you do any Client/Server programming.
> Requires you to be more creative.
>
> Failing this then you might want to consider changing the authority to the
> STRSQL command.  Someone mentioned that people can still update files using
> QMQRY objects (see STRQM or STRQMQRY).  The cool thing about STRQM is that
> you can limit which users can run which command.  For example if you want
> someone to be able to run SELECT but not UPDATE or DELETE you can.
>
> This is just the tip of the iceberg though, if you are not going to control
> access to the data itself.  Because then you have to lock down so many
> other things:  UPDDTA, WRKDBF, CPYF, CLRPFM, DLTF, exit points, and on and
> on and on...
>
> Rob Berendt
>

As extra point to that: triggers can recognize changes by query tools and DFU 
tools.
So if a database is done by a programme starting with "Q" then it is a system 
object and
should be cancelled.

Regards,

Carel Teijgeler.


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.