This all sounds like an overkill. If you didn't want users / developers to
do this, why would you want them to have access to the said server? I'm sure
there is more to this, no?

Furthermore, it would had overhead to the interface. Patching or
intercepting calls to the UniRPC or servers it starts-up would be subject to
"breaking" everytime IBM "improved" these interfaces. ;-)

On the other hand, some sort of proxy-server/fire-wall software with "packet
sniffing" (if such a beast exists) capabilities may work. Then
again...overhead and likely to be broken by IBM, some time in the future.

Perhaps he could consider turning all his accounts (or the ones he is most
concerned about), into SQL Schemas (or just the files into SQL Tables)?  Oh,
of course maintaining SQL security on those isn't easy. But if they're
serious about security, then you can't get more low-level or a per-user
basis than that, at the UV database-level. Never tried it myself, but it
could be a better and more economical solution.

Next option, but don't bet on it coming soon...ask IBM to add this feature,
to a future version of UV?!?!


-----Original Message-----
Behalf Of Michael McRae
Sent: Friday, March 26, 2004 5:30 PM
Subject: Writing a "RPC Service"

A customer has asked how he could implement some stringent security on the
'unirpc' services.  In particular, he wants to only allow certain 'Requests'
(like the 'Subroutine' method, etc.) from any users out there writing
UniVerse Objects front-ends.
To me, this means he wants unirpc to fire off uvserver when requested by
UniObjects, but to have uvserver only forward on his allowed Methods (and no
other).  This would keep developers from writing code that could .Read,
.Write, .Delete, etc, and force them to obey his security standards.
1) The first option I can think is to 'intercept' the uvserver executable.
Has anyone any experience with writing their own Services for unirpc?
2) Next, how about distributing a cut-down version of the DLL (or is it
OCX?) that his users will bind into their app?
Hoping there's a chance...
Michael McRae
u2-users mailing list

Reply via email to