bruno modulix wrote: > Frank Millman wrote: >>I am writing a multi-user accounting/business system. Data is stored in >>a database (PostgreSQL on Linux, SQL Server on Windows). I have written >>a Python program to run on the client, which uses wxPython as a gui, >>and connects to the database via TCP/IP. >> >>The client program contains all the authentication and business logic. >>It has dawned on me that anyone can bypass this by modifying the >>program. > > If your program relies on a RDBMS, then it's the RDBMS job to enforce > security rules.
Don't know enough about Millman's app to comment on it specifically, but many reasonable server-side applications use a single log-in to the database, then enforce security in the application server. Web shopping-carts, for example, generally work that way. -- --Bryan -- http://mail.python.org/mailman/listinfo/python-list