johnf wrote:
> On Monday 10 December 2007 02:50:04 pm Ricardo ArÃÆáoz wrote:
>> johnf wrote:
>> (snip...)
>>
>>> Right off the bat let me say the easiest way to setup a connection is to
>>> use the âââ¬Ã
âCxnEditor.pyâââ¬Ã app. It works and and is a great example of Dabo
>>> eating it's own dog food (CxnEditor was created using Dabo). I use it
>>> for my projects and if there was a better way - I'd use it. But it
>>> really does not do much (all the real work is done in the framework).
>>> CxnEditor creates a XML file that contains the parameters required by the
>>> python connection interface that applies to your database. Like user
>>> name, password, host, database name or anything else that is needed to
>>> allow a database connection.
>> Hi, so CxnEditor creates a XML file. Now you have in an ASCII file your
>> sensitive information (user, password - of course it will be a user with
>> append/update/delete rights) for anyone to see. My question is, how
>> would you manage the database security?
>>
>> TIA
>
> Currently, there is little real security. Although the password has
> encryption. However, it is very easy to subclass the login.py routines and
> add real security and still use the XML files. But for the purposes of the
> tutorial what CxnEditor provides is enough.
>
> But here's a question. What are you using for database security? I have
> seen ODBC connections that use 'sa' and the same password for everyone that
> used the program. I have seen RSA key fobs that cost a $100.00 for each
> seat. What would you like to see in Dabo?
>
Was thinking about something that combines a user given password with
"something else" to obtain the DB password, nothing too fancy, though I
guess I would have to find a way to obscure the "something else".
©2007 Ricardo Aráoz
|
