wjdh@ciba-geigy.ch (Jean Daniel Horner) (01/14/91)
Consider a DBMS (e.g ORACLE), a 4GL-tool (e.g: sqlforms) and its User Friendly
Interface (such as sqlplus).
Suppose that I'm writing an aplication with the 4GL-tool that is dealing with
two tables: a credit table and a debit table. Suppose that this application
will delete a row in a table and insert the same row in the other table (I
admit, it looks silly, but it's just to expose the problem).
In my 4GL-application, I can ensure the consistency between these two tables
via features of this 4GL-tool (eg: triggers).
The users who are using this 4GL-application, have to log on to the DBMS
with their personal account. Therefore they will get the insert and delete
privilege on tables credit and debit.
If these users use sqlplus, they can for example insert in the credit table
only!!!!
In the 3GL-environment (with embedded SQL), we could trick the system, by
login into the DBMS with another userid-name and a hidden password. But this
doesn't work anymore with the 4Gl-applications.
Questions: 1. How do you deal with this problem?
2. How do you deal with ORACLE,SQLFORMS and SQLPLUS?
3. You probably would say that we should write a C-exit,
somewhere, just after the login. But what to do if this
4GL-tool does not let us put some exits around?
Jean-Daniel Horner.gupta@cai.com (02/12/91)
In article <1991Jan14.092052.21918@ciba-geigy.ch>, wjdh@ciba-geigy.ch (Jean Daniel Horner) writes: > Consider a DBMS (e.g ORACLE), a 4GL-tool (e.g: sqlforms) and its User Friendly > Interface (such as sqlplus). > Suppose that I'm writing an aplication with the 4GL-tool that is dealing with > two tables: a credit table and a debit table. Suppose that this application > will delete a row in a table and insert the same row in the other table (I > admit, it looks silly, but it's just to expose the problem). > > In my 4GL-application, I can ensure the consistency between these two tables > via features of this 4GL-tool (eg: triggers). > > The users who are using this 4GL-application, have to log on to the DBMS > with their personal account. Therefore they will get the insert and delete > privilege on tables credit and debit. > > If these users use sqlplus, they can for example insert in the credit table > only!!!! > > In the 3GL-environment (with embedded SQL), we could trick the system, by > login into the DBMS with another userid-name and a hidden password. But this > doesn't work anymore with the 4Gl-applications. > > Questions: 1. How do you deal with this problem? You need the DBMS to support the notion of program execution authority. For example, in CA-DB, you can create an application (whether through 3GL or 4GL) and grant users authority to execute the application. This would NOT grant the users the underlying authorities, thereby preventing them from making uncontrolled changes to the DBMS using the interactive interface. > 2. How do you deal with ORACLE,SQLFORMS and SQLPLUS? > 3. You probably would say that we should write a C-exit, > somewhere, just after the login. But what to do if this > 4GL-tool does not let us put some exits around? > > Jean-Daniel Horner. Yogesh Gupta Computer Associates. (408) 922-2633