There's a little trick buried in the UniVerse/SQL and UniVerse BASIC manuals.
You can create a UniVerse schema and give only one user access to it. Then you can create server programs that run as that user, using the AUTHORIZATION statement. Such a program must be compiled by a user to whom DBA privilege has been granted. ----- Original Message ----- From: "Hona, David S" <[EMAIL PROTECTED]> Date: Fri, 26 Mar 2004 19:14:41 +1100 To: "'U2 Users Discussion List'" <[EMAIL PROTECTED]> Subject: RE: Writing a "RPC Service" > > This all sounds like an overkill. If you didn't want users / developers to > do this, why would you want them to have access to the said server? I'm sure > there is more to this, no? > > Furthermore, it would had overhead to the interface. Patching or > intercepting calls to the UniRPC or servers it starts-up would be subject to > "breaking" everytime IBM "improved" these interfaces. ;-) > > On the other hand, some sort of proxy-server/fire-wall software with "packet > sniffing" (if such a beast exists) capabilities may work. Then > again...overhead and likely to be broken by IBM, some time in the future. > > Perhaps he could consider turning all his accounts (or the ones he is most > concerned about), into SQL Schemas (or just the files into SQL Tables)? Oh, > of course maintaining SQL security on those isn't easy. But if they're > serious about security, then you can't get more low-level or a per-user > basis than that, at the UV database-level. Never tried it myself, but it > could be a better and more economical solution. > > Next option, but don't bet on it coming soon...ask IBM to add this feature, > to a future version of UV?!?! > > Regards > David > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Michael McRae > Sent: Friday, March 26, 2004 5:30 PM > To: [EMAIL PROTECTED] > Subject: Writing a "RPC Service" > > > A customer has asked how he could implement some stringent security on the > 'unirpc' services. In particular, he wants to only allow certain 'Requests' > (like the 'Subroutine' method, etc.) from any users out there writing > UniVerse Objects front-ends. > > To me, this means he wants unirpc to fire off uvserver when requested by > UniObjects, but to have uvserver only forward on his allowed Methods (and no > other). This would keep developers from writing code that could .Read, > .Write, .Delete, etc, and force them to obey his security standards. > > 1) The first option I can think is to 'intercept' the uvserver executable. > Has anyone any experience with writing their own Services for unirpc? > > 2) Next, how about distributing a cut-down version of the DLL (or is it > OCX?) that his users will bind into their app? > > Hoping there's a chance... > > Michael McRae > -- > u2-users mailing list > [EMAIL PROTECTED] > http://www.oliver.com/mailman/listinfo/u2-users > -- u2-users mailing list [EMAIL PROTECTED] http://www.oliver.com/mailman/listinfo/u2-users
