Re: dumb++ security

From: NelsonS (ivrcti@hotmail.com)
Date: 02/21/02 

From: ivrcti@hotmail.com (NelsonS)
Date: 21 Feb 2002 06:52:14 -0800

buffcoder@hotmail.com (Buffy The Cache Coder) wrote in message news:<e3850c89.0202201350.5b2e5e44@posting.google.com>...
> Hello.
>
> I need some suggestions on how to make my company's product
> more secure from hackers. Currently our software
> consists of several batch programs that are usually run
> from the commandline.
>
> These programs read username/password from a text file in a
> user's home directory. This information is used into Oracle
> or Sybase database. If the user doesn't have permission
> to connect to either database, the program doesn't run.
>
> The powers-that-be will be satisfied if I can have something
> slightly better than looking up a username and password from
> file. They want something in house for now and can
> be run on NT too. So what I need is a simple solution,
> but I'm lost for ideas. Anyhelp?
>
> Also, what about the situation where a user starts
> a server from the commandline which connects to the
> database/some server to perform task A.
>
> How can I ensure that the user has permission to do
> task A? How can I prevent user who has permissions
> but is now 'evil' from writing their own server,
> logging into the system and doing something bad?
>
> Any suggestions, or what literature to read would
> be good. Again, they want me to make something in-house,
> and I'm not about to get a PhD in mathematics to
> learn cryptography, if it can be avoided :)
>
> thanks.

If you have any Perl experience, there are modules that will handle
the name/password encryption/decryption at run time for you.

Relevant Pages

  • Re: dumb++ security
    ... If the user doesn't have permission ... > to connect to either database, ... Proud Member of the Exclusive "I have been plonked by Davee because he ... > database/some server to perform task A. ...
    (comp.security.misc)
  • Re: dumb++ security
    ... If the user doesn't have permission ... > to connect to either database, ... Proud Member of the Exclusive "I have been plonked by Davee because he ... > database/some server to perform task A. ...
    (comp.security.unix)
  • Re: WSS 3.0 Search Service
    ... was trying to access the database server to create the search database, ... I changed it to SQL server authentication and it was able ... I keep getting redirected back to the configuration page. ... The application-specific permission settings do not grant Local ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: user permissions
    ... Server 2003): ... permission in both the Sharing permission and Security permission. ... since abc can logon to the server and access the ... database locally, it seems that it has enough security permission. ...
    (microsoft.public.sqlserver.server)
  • Re: dumb++ security
    ... If the user doesn't have permission ... > to connect to either database, ... > database/some server to perform task A. ...
    (comp.security.misc)
Quantcast