Results 1 to 8 of 8
  1. #1
    Join Date
    Dec 2012
    Posts
    3

    Question how to protect the database from 3rd party clients ?

    suppose you have a database application that connect to a database with 2 tables . in a certain operation the user should add a record in one table and add a corresponding record in the other table (otherwise the data integrity become -for example - incorrect ).
    the question is : what prevent a user from using any 3rd party database client ,logging in from there (using their legit user names and password) adding the record to one of the table but not the other.

  2. #2
    Join Date
    Apr 2002
    Location
    Toronto, Canada
    Posts
    20,002
    you said it yourself -- data integrity

    do some research on foreign keys
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL

  3. #3
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    14,971
    Probably the simplest answer is "application authentication" where the application itself
    1. Logs into the database
    2. Authenticates the application user
    3. Controls what the user can/can't do
    4. Makes those changes on behalf of the user using the application's connection to the database
    This way the user doesn't need any database login, but if you create one for them it can have different permissions than those that the application has.

    -PatP
    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  4. #4
    Join Date
    Dec 2012
    Posts
    3

    Exclamation

    Quote Originally Posted by Pat Phelan View Post
    Probably the simplest answer is "application authentication" where the application itself
    1. Logs into the database
    2. Authenticates the application user
    3. Controls what the user can/can't do
    4. Makes those changes on behalf of the user using the application's connection to the database
    This way the user doesn't need any database login, but if you create one for them it can have different permissions than those that the application has.

    -PatP
    what about reverse engineering ?
    he could reverse engineer the program extracting the username / password needed to log into the database !!!

  5. #5
    Join Date
    Oct 2009
    Location
    221B Baker St.
    Posts
    486
    he could reverse engineer the program extracting the username / password needed to log into the database !!!
    I suspect not - if the design was proper . . .

  6. #6
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    14,971
    If anyone can get to it, a sufficiently talented and dedicated professional can breach it. There is no such thing as absolute security for any application/database/whatnot that can be used. If you want data to be 100% secure, never store it!

    Within reason, no one with the necessary talent will spend the necessary time to crack 99.99% of the systems in existance. Since it is FAR easier to use social engineering or a man-in-the-middle variant than brute force against almost every system that I've ever seen deployed, hard core "cracking" like what Jeorge Kabbi is describing is nearly un-necessary anymore.

    -PatP
    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  7. #7
    Join Date
    Oct 2009
    Location
    221B Baker St.
    Posts
    486
    If you want data to be 100% secure, never store it!
    I was once in a meeting with some rather big-wigs from the DoD and the discussion went on and on and on about how this data could be secured.

    My cohort and i (invited to provide some technical perspective) had more than enough of this nonsense and he got the floor and offered "It could always be stored in a write-only file - one that no process or code could read". Unfortunately, the 2-star thought this was a fantastic idea (no IT guy this one). This was received with many grins and a few chuckles - until the 2-star realized he'd bit . . . Meeting ended not long after . . .

    And no one died . . .
    Last edited by papadi; 01-02-13 at 15:59.

  8. #8
    Join Date
    Dec 2012
    Posts
    3
    Quote Originally Posted by Pat Phelan View Post
    If you want data to be 100% secure, never store it!


    -PatP
    in 1998 i started learning visual basic 6 database programming as a hobby. i remember the possibility of using "stored procedure" to do stuff 100% server side. what about that ?
    can we use stored procedure to do everything ? if so will the performance suffer ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •