|
Hi Marc,
I have been using this syntax for some time now, and it works fine for me. I thought it might provide an alternative means for your purposes:
--This connects to the database by a username that only has rights to the password table: CONNECT DBName IDENTIFIED BY UserName password
--This next line sets the password variable (vpassword) to the desired operational password stored in the table:
SET VAR vpassword TEXT = adminpassword IN adminpassword WHERE COUNT = 1 --This next line sets the entire connect command into a variable:
SET VAR vconnectstmt TEXT = ('CONNECT DBName IDENTIFIED BY MAINUser'& .vpassword)
--The Ampersand variable run as a command line:
&vconnectstmt --Finally, the variable is cleared so that it cannot be read by running the EEP within RBase
clear variable vpassword, vconnectstmt
I run this command structure, or a variant, in an OnBeforeStart EEP in the External Form used as the first form in my applications. Once this authentication for the database is established by running the EEP, you can do anything else you want regarding selection and authentication of users. It works really well for functions that must have owner rights - re-numbering autonumber columns, etc. You can CONNECT as owner, perform the necessary task(s) and then CONNECT as the normal user for typical use.
An undocumented feature of RBase is that you can even CONNECT in the middle of a normal form...just make sure your newly connected user has rights to that form and any tables utilized therein!
By the way, don't forget to Disable Trace on the EEP form, or your code can be read during a trace, including your password variable(s). I also include a SET TRACE OFF command as the first line of the OnBeforeStart EEP, just for good measure. My application is a compiled app, done by using R:Compiler. I compile the first External Form, and then I don't even need to distribute the External Form itself, just the compiled app. This combination of steps is how I keep my code secure on a distributed application.
Probably too much information, but hope it is of some help.
Best Regards,
Ted
Ted Lienhard CNE NCT
Golden Valley Consulting Hi
I am having trouble with this line in V8
SET USER .vuser it gives an Access Viiolation error
The var vuser is set and this code has been working fine in 7.5 for a long time.
Is there something special I need to do in V8?
I have the user type in a login Id and we look up their user password in a table.
Thanks
Marc
|
- [RBASE-L] - Re: SET USER .vuser ?? MDRD
- [RBASE-L] - Re: SET USER .vuser ?? Gunnar Ekblad
- [RBASE-L] - Re: SET USER .vuser ?? MDRD
- [RBASE-L] - Re: SET USER .vuser ?? Ted Lienhard
- [RBASE-L] - Re: SET USER .vuser ?? MDRD
- [RBASE-L] - RE: SET USER .vuser ?? Adrian Hüssy
