Frank Millman wrote: > Hi all > > I am writing a multi-user accounting/business system. Data is stored in > a database (PostgreSQL on Linux, SQL Server on Windows). I have written > a Python program to run on the client, which uses wxPython as a gui, > and connects to the database via TCP/IP. > > The client program contains all the authentication and business logic. > It has dawned on me that anyone can bypass this by modifying the > program.
If your program relies on a RDBMS, then it's the RDBMS job to enforce security rules. > As it is written in Python, with source available, this would > be quite easy. Then there's probably something wrong with the way you manage security. NB: splitting business logic from the GUI is still a good idea anyway. -- bruno desthuilliers - unpythonic sig: python -c "print '@'.join(['.'.join([w[::-1] for w in p.split('.')]) for p in '[EMAIL PROTECTED]'.split('@')])" -- http://mail.python.org/mailman/listinfo/python-list