There's a little trick buried in the UniVerse/SQL and UniVerse BASIC manuals.

You can create a UniVerse schema and give only one user access to it.  Then you can 
create server programs that run as that user, using the AUTHORIZATION statement.

Such a program must be compiled by a user to whom DBA privilege has been granted.

----- Original Message -----
From: "Hona, David S" <[EMAIL PROTECTED]>
Date: Fri, 26 Mar 2004 19:14:41 +1100
To: "'U2 Users Discussion List'" <[EMAIL PROTECTED]>
Subject: RE: Writing a "RPC Service"

> This all sounds like an overkill. If you didn't want users / developers to
> do this, why would you want them to have access to the said server? I'm sure
> there is more to this, no?
> Furthermore, it would had overhead to the interface. Patching or
> intercepting calls to the UniRPC or servers it starts-up would be subject to
> "breaking" everytime IBM "improved" these interfaces. ;-)
> On the other hand, some sort of proxy-server/fire-wall software with "packet
> sniffing" (if such a beast exists) capabilities may work. Then
> again...overhead and likely to be broken by IBM, some time in the future.
> Perhaps he could consider turning all his accounts (or the ones he is most
> concerned about), into SQL Schemas (or just the files into SQL Tables)?  Oh,
> of course maintaining SQL security on those isn't easy. But if they're
> serious about security, then you can't get more low-level or a per-user
> basis than that, at the UV database-level. Never tried it myself, but it
> could be a better and more economical solution.
> Next option, but don't bet on it coming soon...ask IBM to add this feature,
> to a future version of UV?!?!
> Regards
> David
> -----Original Message-----
> Behalf Of Michael McRae
> Sent: Friday, March 26, 2004 5:30 PM
> Subject: Writing a "RPC Service"
> A customer has asked how he could implement some stringent security on the
> 'unirpc' services.  In particular, he wants to only allow certain 'Requests'
> (like the 'Subroutine' method, etc.) from any users out there writing
> UniVerse Objects front-ends.
> To me, this means he wants unirpc to fire off uvserver when requested by
> UniObjects, but to have uvserver only forward on his allowed Methods (and no
> other).  This would keep developers from writing code that could .Read,
> .Write, .Delete, etc, and force them to obey his security standards.
> 1) The first option I can think is to 'intercept' the uvserver executable.
> Has anyone any experience with writing their own Services for unirpc?
> 2) Next, how about distributing a cut-down version of the DLL (or is it
> OCX?) that his users will bind into their app?
> Hoping there's a chance...
> Michael McRae
> -- 
> u2-users mailing list

u2-users mailing list

Reply via email to