[Gambas-user] A dude about Gambas

Dani Santos jdsantos1978 at ...626...
Wed Jan 18 15:52:41 CET 2006 

Hello

El mié, 18-01-2006 a las 12:40 +0100, juan escribió:
> Hello
> Just a question about your problem.
> I'm not sure but Is it not better to create a table with user and password in 
> sql and later from gambas check that table and in base to that you can 
> control the access level also?.
Yes that's true. I've already considered that.

> It's just a suggestion, but it is not a good idea to hard code a password, if 
> a somebody gess it or discover it from a teacher you will have to change  it 
> on you code and it is not a good idea.
That's the problem. It isn't a good idea to do it but... ¿how to do it?
Let's suppose that the application is named GambasLibrary and it store
the host, user and passwd in a ~/.GambasLibrary file.

An user can do:
$ cat ~/.GambasLibrary
DBHost=172.19.243.2
DBUser=jander
DBPasswd=clander

$ mysql -u jander -p -h 172.19.243.2
Password:clander
mysql> delete from books;


Oh! I've got a problem and I can assure you that I cannot trust in my
users :)


> 
> Regards
> Juan
> 
> 
> On Wednesday 18 January 2006 08:32, Jose Daniel Santos Delgado wrote:
> > At the moment I've thought in two possible solutions:
> >
> > - Hard code the user and passwd information.
> > - Use a public file with the user and password, but the application
> > add a prefix to each of them to build the real user and the real
> > password.
> >
> > I'm planing to build a gambas-based Library Control Application for
> > the school I work at. The alumns could view the database and the
> > teachers coud edit it.
> >
> > I don't want that and advance boy (orgirl) guess the user and password
> > of the mysql database and make a 'delete from books' :) and I had
> > thought that there might be other ways of accessing the database.
> >
> > Thanks.
> >
> > 2006/1/17, johnf <jfabiani at ...1109...>:
> > > On Tuesday 17 January 2006 05:11, Jose Daniel Santos Delgado wrote:
> > > > The user and the passwd that grant access the database must be stored
> > > > somewhere at the client machine but I don't want it to be public. And
> > > > I also don't like the idea of being hardcoded into the application
> > >
> > > In general I ask the user to supply a password and use a pref file that
> > > contains things like the database, port, host.  Or just hard code it.  I
> > > get the user name from "username.Text".  That means a login window must
> > > be used. Making it so the login process is transparent would required
> > > storing the password somewhere.  You might be able to setup some sort of
> > > LDAP way of doing it (single signon).
> > >
> > > John
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > > files for problems?  Stop!  Download the new AJAX search engine that
> > > makes searching your log files as easy as surfing the  web.  DOWNLOAD
> > > SPLUNK!
> > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> > > _______________________________________________
> > > Gambas-user mailing list
> > > Gambas-user at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/gambas-user
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
> > _______________________________________________
> > Gambas-user mailing list
> > Gambas-user at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/gambas-user
> 
-- 
Dani Santos <jdsantos1978 at ...626...>

More information about the User mailing list