After a long battle with technology,Ralf Schneider <[EMAIL PROTECTED]>,
an earthling, wrote:
> I am writing an application for accessing a SAPDB database via ODBC
> under Linux. The access to the DB should only be possible with the
> client software which handles the access control in an application
> specific manner. So, the users should not be able to access the
> database directly with some other query software passing by the
> access control of the application.
>
> I want to get around writing a server application, because this
> would be a bit over-sized for my purpose. I must implement a kind of
> protocol, I must handle binary data and so on ...
>
> One idea was to connect always with one special user whose account
> data will not be published, but the problem is where to store the
> information so that the client software can use it. To put it into
> the source code is no good idea, because the software will be open
> source. One possible solution would be to store it on the database
> server in a file that can only be read by the administrator and
> write a small daemon that can send the sccount data to the client
> software.
>
> Any suggestions how this problem can be solved in a simple and secure way?
The best that you can do is to make it considerably inconvenient for
an attacker to get at the password information; in order for the
connection to be established automatically, there has to be an easy
way to automatically get at the password.
I'd suggest encrypting the data in the data file on the server, and
then double-encrypting, within the source code, a key used for that
file so that the literal password is fairly well hidden.
To an extent, that's "security by obscurity;" the only way to make
this /truly/ secure would require having something like the SSL
"crypto accelerator cards" where keys can get programmed securely, in
some offline process, and are then stored, in a tamper-resistant
manner, in persistent memory on the card.
--
output = reverse("gro.gultn@" "enworbbc")
http://cbbrowne.com/info/crypto.html
Academics denigrating "Popularizers"
"During the rise of the merchant class, the landed aristocracy
understood the value of creating food, but didn't appreciate that food
isn't valuable unless it reaches hungry mouths.
New ideas aren't valuable unless they reach hungry minds. "
-- Mark Miller
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general
