Re: WebDB Security

From: Leo Van Nieuwenhuyse <leo.van.nieuwenhuyse_at_pandora.be>
Date: 2000/04/21
Message-ID: <bP_L4.145116$l35.286162_at_afrodite.telenet-ops.be>#1/1

First make a user that you only grant the create session privilege. Make that user the default one in your dad, point him to access the public part of your site. http:/yoursite/sitename All this user can do is log in to your database, and that's all! In your website put the standard login link of webdb. The users that realy log-in will log into http:/yoursite/sitenameS.

Assure to take away the gateway.htm file, it's kind of public an permits any user to look how you defined your dad
(wan't harm, but if someone changes it it could be annoying for you).

This should be safe enough.

If you want more security, put webdb on oas as a cartridge and implement SSL (Webdb 2.2 Oas 4.0.8.1 needed).

S. van Hoof <info_at_hoof.nl> schreef in berichtnieuws 8dp7n7$k65$1_at_news1.xs4all.nl...
> Hi,
>
> We are setting up a pilot project : WebDB on the Internet.
>
> In short: We are using Webdb and we build a small database.
> We only use functions and stored procedures in the database from which
HTML
> is generated (dynamic HTML using htp/htf packages)
>
> Before we connect webdb to the Internet we want to set up security.
>
> How kan we install webdb in a safe way?
>
> We used the configuration for the listener and edited there username/pass.
> DAD. In my opinion this is not safe enough..... Is it?
>
> Thanks
> Stephan van Hoof
>
>
Received on Fri Apr 21 2000 - 00:00:00 CEST

This message: [ Message body ]
Next message: pol15_at_my-deja.com: "SQL Question"
In reply to S. van Hoof: "WebDB Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message