[Gambas-user] Security, how to check if a library is genuine?
bb
adamnt42 at gmail.com
Fri Aug 20 10:48:48 CEST 2021
On Fri, 2021-08-20 at 04:28 +0300, Jussi Lahtinen wrote:
> > > How the user can know the application is genuine?
> > > Jussi
> >
> > I think you can restrict the app to specific directories that can
> > be
> > accessed using app armor.
> >
> Sure there are many ways. But I was interested in the case he is
> planning.
>
> Jussi
> ----[ http://gambaswiki.org/wiki/doc/netiquette ]----
This all arose because someone thought she was working on a test
database and inadvertantly started changing critical data in the
production database. No matter at the time, but it got me thinking
about how to avoid such accidents.
(We have four versions of the database for this system, production;
test; learning and "development". People generally have access defined
for each version they need access to, which is a PITA to manage on a
per user basis at the database level. So we use db "roles" to allow and
restrict access. But some people have access roles in more than one db
version.)
The problem is that application usage with a particular database needed
to be set up in a heirarchial basis: "admin","user","readonly" such
that some application features can only be used if the user is a
particular level. Say Joe, our packaging magician, should only be able
to use the test database but at a level of his choice. Whereas Caarol
can use the production database but in readonly mode for any
application that has update features on critical tables.
I did not want to build a "login" feature involving names, passwords
and db selections. Been there, it's a mess to administer and maintain.
So the user authentication is now based on (Unix) group membership.
People have to belong to certain groups to gain authorisation to use a
function in an application (or in fact use a certain application).
That's fine for preventing "accidental" misuse, but I thought it might
be a good idea to try and prevent "malevolent" misuse as well.
Hence the question.
b
More information about the User
mailing list