Frank Millman a écrit : > bruno modulix wrote: > >>Frank Millman wrote: >> >>>Hi all >>> >>>I am writing a multi-user accounting/business system. Data is stored in >>>a database (PostgreSQL on Linux, SQL Server on Windows). I have written >>>a Python program to run on the client, which uses wxPython as a gui, >>>and connects to the database via TCP/IP. >>> >>>The client program contains all the authentication and business logic. >>>It has dawned on me that anyone can bypass this by modifying the >>>program. >> >>If your program relies on a RDBMS, then it's the RDBMS job to enforce >>security rules. >> > > Two possible responses to this - > > 1. You are right (90% probability) > > 2. I have certain requirements which can not easily be expressed in the > RDBMS, so it is easier to use the application to enforce certain rules > (10% probability)
easier, but with a somewhat annoying side-effect... Do you really mean "easier", or do you think "impossible" ? > Unfortunately I am stuck with number 2 at present. :-/ >>>As it is written in Python, with source available, this would >>>be quite easy. >> >>Then there's probably something wrong with the way you manage security. >> > > Probably - I am learning the hard way <g> As most of us do :-/ Having jumped directly from 2-tiers fat client apps to web apps, I really have no experience with adding a third tiers to a fat client app, but AFAICT, Python seems to have a lot to offer here. BTW, sorry if my answer seemed a bit rude, I didn't mean to be that critic. -- http://mail.python.org/mailman/listinfo/python-list