Re: The Trojan Horse and Client-Server

In article <807830773snz_at_sambusys.demon.co.uk> Paul Beardsell <psb_at_sambusys.demon.co.uk> writes:
>From: Paul Beardsell <psb_at_sambusys.demon.co.uk>
>Subject: The Trojan Horse and Client-Server
>Date: Mon, 07 Aug 95 21:26:13 GMT
 

>I'm grappling with some problems in migrating from dumb terminal
>Oracle application to a client-server environment. Our customers
>want MS Windows clients. So I'm porting our Forms 2.3 to Forms 4.5.
>The database is on a Sequent Unix box.
 

>Q1: Is there any way I can safely use Novell Netware to safely
>identify my users to Oracle so that they don't have to identify
>themselves twice - once to the network and once to the database?
>Will getting the Netware for Sequent add-on help?

I dont know about Novell but in a our client-server environment (Vines network) the connection is done with SQL*Net and it does not know the Vines userid. I dont know if there is any way for SQL*Net to get the network userid and password.

>Q2: How do I know that a user is running the Oracle Form he is
>supposed to be. For example, I allow a database user to have insert
>permission on a table but I write a Form to verify that the inserts.
>But the user writes and installs his own version of the form without
>the verifications - How will I know?

You will never know.

>[Q2 is like the Trojan Horse problem except, because you are in a client-
>server environment, you do not even have to wheel the horse inside the
>gates of your City for it to cause harm!]

Our politics is that a user is responsible for the data he puts in. We use database triggers and table constraints to ensure the database integrity. The user can use any (?) tool if he wants to.

Michel Lalonde. Received on Tue Aug 08 1995 - 00:00:00 CEST