As has been commented, if you're on dbf's they are inherently insecure
(how sensitive is the data? if *very* then migrate to a dbms), but a
clear-text userId hashed and used as an index against a file of hashed
Id's seems pretty good to me.
I have done something similar (though for more users and using a dbms
and domain userids) :-
to keep things manageable all users were a member of one *or more*
'groups' (groups table);
each group had a list of fields it could access (fields table);
when a user started the program (from a departmental file-server or
possibly a pc) it first created a local ('C drive') dbc view on-the-fly
from an spt select on the groups/fields tables (followed by some code
'borrowed' from MakeUpdateable.prg);
the main menu could also be modified on-the-fly to en/disable some
'special' functions.
On 08/03/2016 01:16, John R. Sowden wrote:
Your comment: Yes, that is one area of concern. Is my way best, etc.
But my other concern is how the program receives that data of ID and
Access Level, and how is that data packaged. Is that process a
security risk. My usage is simple and often simple is easy to bypass.
Example: I have 10 security levels. I ID each user from 0 to 9. Maybe
that is too simple to avoid tampering. I have 10ish employees, so I
have 20 ID 'numbers'. That is also easy to tamper with. These are my
concerns.
John
On 03/07/2016 09:33 AM, Peter Cushing wrote:
On 07/03/2016 17:16, John R. Sowden wrote:
Let me address a few issues:
1) My question was regarding making the software association between
the user data in the user database, along with his/her authority
level and id, and the executing program.
Are you talking about a better way to limit/change which programs
that the user is allowed to run?
If so I can explain how we do it and that might help.
Peter
This communication is intended for the person or organisation to whom
it is addressed. The contents are confidential and may be protected
in law. Unauthorised use, copying or disclosure of any of it may be
unlawful. If you have received this message in error, please notify
us immediately by telephone or email.
www.whisperingsmith.com
Whispering Smith Ltd Head Office:61 Great Ducie Street, Manchester M3
1RR. Tel:0161 831 3700 Fax:0161 831 3715
London Office:17-19 Foley Street, London W1W 6DW Tel:0207 299 7960
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
