Solved

DATABASE SECURITY

Posted on 2000-03-31
12
203 Views
Last Modified: 2010-04-04
I NEED TO ADD SOME PASSWORD TO A DATABASE TABLE AND CHANGE THE FIELDS RIGHTS USING DELPHI IN CODE, NOT THE DATABASE EXPLORER

 NEED CODE, NOT SOME WEB PAGES LINKS OR BLA BLA
 
        500
0
Comment
Question by:VictorZ
  • 2
  • 2
  • 2
  • +6
12 Comments
 
LVL 3

Expert Comment

by:darinw
ID: 2673761
Monitoring question.

darinw
Customer Service
0
 
LVL 27

Expert Comment

by:kretzschmar
ID: 2673820
also monitoring . . .
0
 

Expert Comment

by:SuperSy
ID: 2673935
Me too.
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 2673936
Ok, here we go again   :o)


Don't know how to add password but if your database supports it you can use 'GRANT' and 'REVOKE' to set privileges:


grant <privilege[,privilege,...]>
   on <rel1>[,...<reln>]
   to [public | group <group> | <username>]

privilege is {ALL | SELECT | INSERT | UPDATE | DELETE | RULE }


Example

grant insert
   on mytab
   to public



revoke <privilege[,privilege,...]>
   on <rel1>[,...<reln>]
   from [public | group <group> | <username>]

privilege is {ALL | SELECT | INSERT | UPDATE | DELETE | RULE }


Examples

revoke insert
   on mytab
   from public
0
 

Expert Comment

by:perkley
ID: 2674148
Listening also
0
 
LVL 9

Expert Comment

by:ITugay
ID: 2675697
I'm trying to answer.

Hi Victor,
You ask it again? You miss my answer?

This is working sample how to change Paradox password for table using Delphi in code not Database Explorer.

---------------------
procedure TForm1.SpeedButton1Click(Sender: TObject);
begin
    Session.AddPassword('OLD_PASSWORD');
    Table1.Close;
    Table1.Exclusive:=true;
    Table1.Open;
    AddMasterPassword(Table1,'NEW_PASSWORD');
end;


The code bellow is from Delphi help.
-----------------
procedure AddMasterPassword(Table: TTable; pswd: string);

const
  RESTRUCTURE_TRUE = WordBool(1);
var
  TblDesc: CRTblDesc;
  hDb: hDBIDb;
begin
  { Make sure that the table is opened and is exclusive }
  if not Table.Active or not Table.Exclusive then
    raise EDatabaseError.Create('Table must be opened in exclusive ' +
      'mode to add passwords');
  { Initialize the table descriptor }
  FillChar(TblDesc, SizeOf(CRTblDesc), #0);
  with TblDesc do begin

    { Place the table name in descriptor }
    StrPCopy(szTblName, Table.TableName);
    { Place the table type in descriptor }
    StrCopy(szTblType, szPARADOX);
    { Master Password, Password }
    StrPCopy(szPassword, pswd);
    { Set bProtected to True }
    bProtected := RESTRUCTURE_TRUE;
  end;
  { Get the database handle from the cursor handle }
  Check(DbiGetObjFromObj(hDBIObj(Table.Handle), objDATABASE, hDBIObj(hDb)));
  { Close the table }
  Table.Close;

  { Add the master password to the Paradox table }
  Check(DbiDoRestructure(hDb, 1, @TblDesc, nil, nil, nil, False));
  { Add the new password to the session }
  Session.AddPassword(pswd);
  { Re-Open the table }
  Table.Open;
end;

-------
Igor

PS: what's wrong? why lot of people monitoring this question?

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:flooder
ID: 2676405
Monitoring as well.
0
 
LVL 2

Expert Comment

by:mullet_attack
ID: 2685925
me too
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 2713414
I'm getting cold....
0
 
LVL 4

Accepted Solution

by:
SurferJoe earned 500 total points
ID: 2728947
1) Create a security database with a field for each database or form needing protection and a record for each user or workstation.

2) Define field values that reflect the desired level of protection.

3) When the form or application loads find the user or workstation name in the registry.

4) Match the user/workstation name with the values in the security database.

5) Then set access attributes accordingly.

In my application we use values from 1-99 so future categories can be added.
Presently;

0-25 = no access, form access buttons are grayed out.
26-50= Read Only, some fields may not be visible.
51-75= Read and write some fields.
75-90= Full control accept administrative writes.
91-99= The boss/administrator.

When any form "beginning" with the main form is loaded loop through a multi dimensional array containing a list of components that need protection and their cutoff values, set visibility, read only or other properties based on the value in the security table for that user or workstation.

This method negates the need to have the user enter a password after the system is booted.

I have centralized all of the validation code to one unit for easy of maintenance, and provided a form for the Network admin to add or modify users. New users can be added with default settings depending on where they are in the food chain "Levels 1-5".

May sound like a lot of work, the result is tight as a drum and the boss loves it.


0
 
LVL 4

Expert Comment

by:SurferJoe
ID: 2728953
If you get past the Bla Bla Bla and need help with aspects of coding this solution let me know.
0
 
LVL 1

Expert Comment

by:flooder
ID: 2729590
Its a lot of work but it looks like a very workable alternative and the advantage is it is db-independant.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now