RE: [U2] access via disabled accounts (solution) - How?
Not if you are using stored procedures (U2 basic subroutines) to do the file manipulation. Passing the record to the subroutine provides one layer of removal from the client program. Rich Taylor | Senior Programmer/Analyst| VERTIS 250 W. Pratt Street | Baltimore, MD 21201 P 410.361.8688 | F 410.528.0319 [EMAIL PROTECTED] | http://www.vertisinc.com Vertis is the premier provider of targeted advertising, media, and marketing services that drive consumers to marketers more effectively. The more they complicate the plumbing the easier it is to stop up the drain - Montgomery Scott NCC-1701 -Original Message- From: [EMAIL PROTECTED] [mailto:owner-u2- [EMAIL PROTECTED] On Behalf Of Ray Wurlod Sent: Friday, June 10, 2005 7:36 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] access via disabled accounts (solution) - How? How can you pull data from a U2 file, via UniObjects, manipulate it in VB.NET, and write it back to the file, via UniObjects, via stored procedures, and without directly accessing the files from UniObjects? That question contains a heavy duty internal inconsistency. It you write it back to the file via UniObjects then you ARE, necessarily, directly accessing the files from UniObjects. If you don't like the UniObjects methodology there are others, such as ADO, OLEDB, ODBC and so on. A bit more setting up required on the server side, but you only do that once. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] access via disabled accounts (solution) - How?
I like the sounds of this type of data security. I'm still kind of new with VB.NET and UniObjects, but have a healthy concern for security. Could someone please answer this for me: How can you pull data from a U2 file, via UniObjects, manipulate it in VB.NET, and write it back to the file, via UniObjects, via stored procedures, and without directly accessing the files from UniObjects? I'm just looking for basic general info, but if you happen to have code snippets, too, that would be greatly appreciated. I'm having trouble envisioning how this works. Thanks, in advance! - Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Jordan Sent: Thursday, June 09, 2005 8:58 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] access via disabled accounts (solution) Within UniVerse you can do the same thing. You can restrict user read, write, delete access to the database either setting OS level file access or by SQL security access. With the AUTHORIZE statement, you can allow subroutines to have a different access rights. Thus from UniObects one can only access the database through subroutines and they cannot do anything else. Could you explain a little more fully how you do this? Thanks Will Johnson Within UniVerse Basic is an AUTHORIZE Statement which allows you to give the program different access rights to the user running the program. Ie AUTHORIZE Administrator This would give the program the access rights of Administrator at SQL security or OS file security level. The program has to be compiled by the user who the authorize statement will adopt as user rights ie the example above would have to be compiled by Administrator. ED BP TEST AUTHORIZE Administrator ... OPEN ,TEST TO FV ELSE... ... WRITE REC TO FV,KEY User Joe has no access rights to the UniVerse data files either by setting OS file level security or by not GRANTing access if SQL level security installed. IF Joe did ED TEST 123 the system would not grant him access But if Joe runs the program TEST it would write the record to TEST file. Regards David Jordan --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] access via disabled accounts (solution) - How?
Hi Dave Could someone please answer this for me: How can you pull data from a U2 file, via UniObjects, manipulate it in VB.NET, and write it back to the file, via UniObjects, via stored procedures, and without directly accessing the files from UniObjects? I'm just looking for basic general info, but if you happen to have code snippets, too, that would be greatly appreciated. I'm having trouble envisioning how this works. Thanks, in advance! - Dave A Stored Procedure is just a UniBasic Subroutine. From UniObjects .Net you would only get data from and write data to the database through the subroutines (unirpc). The subroutines would have the AUTHORIZE Statement. You would not use the UniObjects File IO routines. Ie UniBasic SUBROUTINE TESTIO(METHOD,FILE,KEY,REC,ERROR) AUTHORIZE Administrator IF METHOD = READ THEN OPEN '',FILE TO FV ELSE READ REC FROM FV, KEY ELSE RETURN END FROM VB.NET Dim Subr = Uvo.CreateUniSubroutine(TESTIO, 5) SUBR.SETARG(0,READ) SUBR.SETARG(1,VOC) SUBR.SETARG(2,RELLEV) SUBR.CALL REC = SUBR.GETARG(3) ... Hence you restrict all File IO through UniBasic Subroutines Regards David Jordan Managing Consultant DACONO Holdings Pty Ltd PO Box 909 Lane Cove NSW 2066 Australia Phn: 61 2 9418 8329 Fax: 61 2 9427 2371 Mobile: 0428 669 730 Email: [EMAIL PROTECTED] www.dacono.com.au --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] access via disabled accounts (solution)
On Fri, Jun 10, 2005 at 10:57:53AM +1000, David Jordan wrote: Could you explain a little more fully how you do this? Thanks Will Johnson Within UniVerse Basic is an AUTHORIZE Statement which allows you to give the program different access rights to the user running the program. Ie AUTHORIZE Administrator In case anybody else is looking into this, here's a small correction. The statement seems to be AUTORIZATION. I don't see any alternate synonyms. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] access via disabled accounts (solution)
Hi Martin The only way that I can see to close this hole is for UniObjects to have an option to restrict which operations the client end can request. At the highest level, this should restrict the client so that all he can do is call existing catalogued programs that are compiled with some special compiler mode directive. We are already doing this in the Banking environment and there are already facilities to cover this. This issue applies to all RDBMS not just U2. I could from Excel run an SQL call to update any database and even from the internet people have been able to break into an RDBMS by changing the SQL queries in html calls. All RDBMS encourage people to use stored procedures and restrict general SQL access for this reason. Within UniVerse you can do the same thing. You can restrict user read, write, delete access to the database either setting OS level file access or by SQL security access. With the AUTHORIZE statement, you can allow subroutines to have a different access rights. Thus from UniObects one can only access the database through subroutines and they cannot do anything else. Regards David Jordan --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] access via disabled accounts (solution)
In a message dated 6/9/05 5:08:55 PM Pacific Daylight Time, [EMAIL PROTECTED] writes: Within UniVerse you can do the same thing. You can restrict user read, write, delete access to the database either setting OS level file access or by SQL security access. With the AUTHORIZE statement, you can allow subroutines to have a different access rights. Thus from UniObects one can only access the database through subroutines and they cannot do anything else. Could you explain a little more fully how you do this? Thanks Will Johnson --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] access via disabled accounts (solution)
Within UniVerse you can do the same thing. You can restrict user read, write, delete access to the database either setting OS level file access or by SQL security access. With the AUTHORIZE statement, you can allow subroutines to have a different access rights. Thus from UniObects one can only access the database through subroutines and they cannot do anything else. Could you explain a little more fully how you do this? Thanks Will Johnson Within UniVerse Basic is an AUTHORIZE Statement which allows you to give the program different access rights to the user running the program. Ie AUTHORIZE Administrator This would give the program the access rights of Administrator at SQL security or OS file security level. The program has to be compiled by the user who the authorize statement will adopt as user rights ie the example above would have to be compiled by Administrator. ED BP TEST AUTHORIZE Administrator ... OPEN ,TEST TO FV ELSE... ... WRITE REC TO FV,KEY User Joe has no access rights to the UniVerse data files either by setting OS file level security or by not GRANTing access if SQL level security installed. IF Joe did ED TEST 123 the system would not grant him access But if Joe runs the program TEST it would write the record to TEST file. Regards David Jordan --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/