On Monday 10 December 2007 02:50:04 pm Ricardo ArÃÆáoz wrote:
> johnf wrote:
> (snip...)
>
> > Right off the bat let me say the easiest way to setup a connection is to
> > use the âââ¬Ã
âCxnEditor.pyâââ¬Ã app. It works and and is a great example of Dabo
> > eating it's own dog food (CxnEditor was created using Dabo). I use it
> > for my projects and if there was a better way - I'd use it. But it
> > really does not do much (all the real work is done in the framework).
> > CxnEditor creates a XML file that contains the parameters required by the
> > python connection interface that applies to your database. Like user
> > name, password, host, database name or anything else that is needed to
> > allow a database connection.
>
> Hi, so CxnEditor creates a XML file. Now you have in an ASCII file your
> sensitive information (user, password - of course it will be a user with
> append/update/delete rights) for anyone to see. My question is, how
> would you manage the database security?
>
> TIA
Currently, there is little real security. Although the password has
encryption. However, it is very easy to subclass the login.py routines and
add real security and still use the XML files. But for the purposes of the
tutorial what CxnEditor provides is enough.
But here's a question. What are you using for database security? I have
seen ODBC connections that use 'sa' and the same password for everyone that
used the program. I have seen RSA key fobs that cost a $100.00 for each
seat. What would you like to see in Dabo?
--
John Fabiani
©2007 johnf
|
