User login security problem to access SQL databases
Posted on 2003-03-18
I am trying to develop app to use SQL databases, specially
I am trying to hide user name and password in the Delphi
app, so the user do not have to input user name and password
for login. But what I am afraid is that an expert user
is able to spy (crack) the EXE file to find out the login name
and password, so he is able to login and using other
kind of SQL Management programs and mess up the database.
Any suggestions to avoid this kind of problem?
The reason is that since MySQL does not have views,
I am not able to give row privileges to the user to
only allow updates for the rows inserted only by himself,
making other people's rows untouchable. Because of
this, the user is able to login using other kinds
of SQL management systems to modify other peoples
records in the same table, which will make MySQL's
user login authentication useless for row privilege protection.