[Gambas-user] A dude about Gambas

[Fabien Bodard]

Hi, Jose

This is my suggest :

You create a mysql account with all right(read, write, edit). And a very 
complicated user name and password that you hardcode into your program.

Then in your database you add a users table with login , password (stored in 
md5), UserLevel, and otherthing you want.

When a user use your program, the program connect the database and query an 
identification. And in function of the UserLevel your program allow or not 
the database editing...

You need fortunally to be the only to know the database grant psw. (but it's 
true for many other case .

It work like most of cms in php... On fact there is only one password 
registred on the database... others are stored into the database or into a 
users database that drive the program permitions.

Regards, Fabien Bodard






Le Mercredi 18 Janvier 2006 12:40, juan a écrit :
> Hello
> Just a question about your problem.
> I'm not sure but Is it not better to create a table with user and password
> in sql and later from gambas check that table and in base to that you can
> control the access level also?.
> It's just a suggestion, but it is not a good idea to hard code a password,
> if a somebody gess it or discover it from a teacher you will have to change
>  it on you code and it is not a good idea.
>
> Regards
> Juan
>
> On Wednesday 18 January 2006 08:32, Jose Daniel Santos Delgado wrote:
> > At the moment I've thought in two possible solutions:
> >
> > - Hard code the user and passwd information.
> > - Use a public file with the user and password, but the application
> > add a prefix to each of them to build the real user and the real
> > password.
> >
> > I'm planing to build a gambas-based Library Control Application for
> > the school I work at. The alumns could view the database and the
> > teachers coud edit it.
> >
> > I don't want that and advance boy (orgirl) guess the user and password
> > of the mysql database and make a 'delete from books' :) and I had
> > thought that there might be other ways of accessing the database.
> >
> > Thanks.
> >
> > 2006/1/17, johnf <jfabiani at ...1109...>:
> > > On Tuesday 17 January 2006 05:11, Jose Daniel Santos Delgado wrote:
> > > > The user and the passwd that grant access the database must be stored
> > > > somewhere at the client machine but I don't want it to be public. And
> > > > I also don't like the idea of being hardcoded into the application
> > >
> > > In general I ask the user to supply a password and use a pref file that
> > > contains things like the database, port, host.  Or just hard code it. 
> > > I get the user name from "username.Text".  That means a login window
> > > must be used. Making it so the login process is transparent would
> > > required storing the password somewhere.  You might be able to setup
> > > some sort of LDAP way of doing it (single signon).
> > >
> > > John
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > > files for problems?  Stop!  Download the new AJAX search engine that
> > > makes searching your log files as easy as surfing the  web.  DOWNLOAD
> > > SPLUNK!
> > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=12164
> > >2 _______________________________________________
> > > Gambas-user mailing list
> > > Gambas-user at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/gambas-user
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files for problems?  Stop!  Download the new AJAX search engine that
> > makes searching your log files as easy as surfing the  web.  DOWNLOAD
> > SPLUNK!
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Gambas-user mailing list
> > Gambas-user at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/gambas-user