>> ci = dabo.db.dConnectInfo() >> >> ci.DbType = "MySQL" >> >> ci.Host = "localhost" >> >> ci.User = "" >> >> ci.PlainTextPassword = "" >> >> ci.Database = "DirectoryInfo" >> >> ci.Name = "MainConnect" >> > >Here's your problem. The user and password in the connection >parameters is the User and Password to log into the database. This is >separate from the Security Manager login. For my applications that >require a Security Manager, I normally provide a User for that >appilcation in the database that has all access privelages to the >application database only. That user and the hashed password should >go into the cnxml file. Then, your Security manager should validate >the User/Password against one stored in a Users table in your >applications db. You can use the same database for everything in your >application. Also, PLEASE, for securities sake, make sure that when >you store these users records in your DB table that you hash the >password, then store it. Makes for good security.
Most of the work I do is with databases on Microsoft SQL server in an Active Directory environment. We do most of our work on user permissions on the database itself. That's why I'd want the application to only have the permissions of the user. If I have a separate connection for the application and the user, then I have to program in more application logic to track what the user is and isn't able to do and I have another user list I have to maintain. Unless the SecurityManager does that as well? I assumed that the SecurityManager was being used just for the initial login and validation of the user. Thanks, Matt [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/dabo-users Searchable Archives: http://leafe.com/archives/search/dabo-users This message: http://leafe.com/archives/byMID/[email protected]
