?
Solved

Datasnap with socket connection: how to verify user before releasing any database information?

Posted on 2003-03-13
11
Medium Priority
?
752 Views
Last Modified: 2010-04-03
Hi,

I need to create a login-procedure that prevents clients from retrieving any database data, before login is successfully completed. I know how to make call'able functions in application server, but I don't know how to intercept SocketConnection calls before they reach actual data components in application server.

Any ideas?

Regards
  Janne Timmerbacka
  Finland
0
Comment
Question by:olmy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 1

Expert Comment

by:DavidRissato
ID: 8127379
I think it's not a good idea to intercept SocketConnection because this way you will trap login procedures too.

Maybe the best way is to raise an exception on the methods that retrieve data from Database when the user isn't logged to system.

Doing by this way, you can even reject execution based on it's access level.

{}'s
David Rissato Cruz
0
 
LVL 1

Author Comment

by:olmy
ID: 8127425
Thanks DavidRissato. How do I get the information what client (user) is retrieving data?
0
 
LVL 1

Author Comment

by:olmy
ID: 8127453
Thanks DavidRissato. How do I get the information what client (user) is retrieving data?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:DavidRissato
ID: 8127688
There are a lot of ways to make this kind of login control.

One way could be to send login information (name + password) as a parameter in every call to a "must be logged in" function. In each of these functions, you can call a method like TestLoginValidity(name, pass) and this method can even raise a Exception when it not matches.

However, you don't need to ask user to input name + password on the front end every time he wants to query database.

When the frontend call the login procedure first time, you can hold these values in local variables and send it right on every query database request.

There are other ways to do this login schema, but i think this on is simple and functional and it's relatively secure.

{}'s
David Rissato Cruz
0
 
LVL 1

Author Comment

by:olmy
ID: 8128066
The nicest way would be that user information is asked and sended only once. I would like to leave the "call" parameter free for real use.

Can I identify the client connection, without sending additional information from the client? First time a login call would be made and then I can match the connection with user information.
0
 
LVL 1

Expert Comment

by:DavidRissato
ID: 8128170
You can hold a reference in your frontend to the server database query object when you first login and set LoginInformation property on it.

So everytime you call any of it's functions, it will check the existence of this loginInformation.

The bad thing about this format is that you will keep your server busy with so many client objects instantiated to be used sometimes.

{}'s
David Rissato Cruz
0
 
LVL 1

Author Comment

by:olmy
ID: 8134530
Sorry DavidRissato, I didn't quite understod you last comment. Could you explain it in another way. Addition to my previous comment: I'd like to identify the client connection in a server side. Can I do that?
  Janne
0
 
LVL 1

Expert Comment

by:DavidRissato
ID: 8135868
It depends how do you make callable functions on the server? How are you doing it? Is it a DCOM object registered in your MTS?

{}'s
David Rissato Cruz
0
 
LVL 1

Author Comment

by:olmy
ID: 8150925
Yes, I think so. I haven't seen any other way in datasnap examples and manuals.
0
 
LVL 1

Accepted Solution

by:
DavidRissato earned 600 total points
ID: 8151569
So how are you doing to retrieve data from this object?

Are you instantiating it, make a call and freeing the object?

If you work this way, just don't destroy the object on every call. Make a login procedure on this class that just changes a private boolean field inside it (ex: FLogged : boolean;) when got success.

And then, on every each "must-be-logged call", you check the value of this boolean field and raise an exception in case of failure.

But is very important that you maintain your object created from the first login until program termination.

{}'s
David Rissato Cruz
0
 
LVL 1

Author Comment

by:olmy
ID: 8211714
Thank you DavidRissato. It took me a while not undestrand what you were saying. I'm too newbie with Midas. A little example would have been nice. But with your help I undestrood what to look for and finally got it. Thank you
  Olmy
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question