Ross >> The hooks are more or less in place ... [Triggers]
Ah! Triggers! Triggers as implemented in UniVerse are limited. There is no read trigger - for historical reasons, none that apply today - the fact remains - you cannot base what a user sees or doesn't see on a trigger, as the trigger will only be actived on insert, update, or delete, and forcing an update just to activate a trigger seems a little pointless, wouldn't you say? Triggers cannot be applied to Type 1 / 19 files. Not that much of a limitation if it's data that you're seeking to contain. Bu*mm*er if it's source access you're worried about - and after all, if I can get to the source, I can work out how to get to anything else. Having a file type (1/19) that works just like a directory is just asking for trouble. Anyone with notepad can get in, look at, change, destroy, and the IT department wouldn't even know. Data security? Ha! All I need to beat UniVerse security [on Gatesware] is access to the server. Access to the server will give me the ability to create a dummy account and thence gain fiddle-ability to all... To create a dummy account all I need do is write an entry into UV.ACCOUNTS. How do I do this? (1) I use Explorer to get a copy of the UV.ACCOUNTS file from the server (via the OS), I write it into my copy of UniVerse PE as the local UV.ACCOUNTS file, add the necessary record, eg GOTCHA, use same faithful explorer / midnight commander to write said file back onto server. (2) Use UniVerse PE to create a universe account with TCL access rights, use Explorer to copy onto server, as GOTCHA, in correct place as defined in UV.ACCOUNTS entry added in step (1). (3) Login to new GOTCHA account, set qfile pointers, avoid hacking highly security system entry controls coz I don't need to, and besides that would force an update, and hence a trigger. (4) No read trigger, therefore no knowledge that I've accessed your data. I've copied it all to my system, I've copied your source to my system, I've copied your dictionaries to my system. Even on runtime sites, the lack of source code doesn't prevent me from knowing all there is to know about your company. ------- u2-users mailing list [EMAIL PROTECTED] http://www.u2ug.org/listinfo/u2-users
