Security related! Not possible to hide table structure. I couldn't find..... ?

QWERTY

--------------Boundary-00=_O5I3QL80000 000000000
Content-Type: Multipart/Alternative;
boundary="------------Boundary-00=_O5I3LVC0000 000000000"
--------------Boundary-00=_O5I3LVC0000 000000000
Content-Type: Text/Plain;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

Hello,=0D
=0D
Think that we have a database named DATABASE1, and table named TABLE1, an=
d
fields named FIELD1, FIELD1,FIELD2,F IELD3,FIELD4=0D
=0D
You want to give a specific permission to a user named USER1=0D
=0D
For ex, you give only SELECT permission to USER1 for FIELD1 and FIELD4 in
TABLE1 and DATABASE1.=0D
and you did not assign any other permission to USER1.=0D
=0D
Now everything is OK! USER1 can only select FIELD1 and FIELD4, and can no=
t
see data or change or etc.. to FIELD2 or FIELD3..=0D
=0D
So we think that everything is OK! But, USER1 is still able to see the ta=
ble
structure of TABLE1. He see fields which i don't want him to see!=0D
=0D
As i searched internet related to this topic i couldn't find any
satistfactory solution to this one.=0D
=0D
Anyone has idea to prevent USER1 to be able to see table structure and on=
ly
permission to SELECT FIELD1 and FIELD4 as i assigned?=0D
=0D
Also there should be some default error message for these users when they
try to select from another field. why? Because if my first question gets
answered and solved, then, USER1 can try to SELECT FIELD3 FROM TABLE1.. .=
and
it will say something like "you have no permission for FIELD3"=0D
insted of this, it can be "This field does not exist"..=0D
=0D
Thanks.=0D
QWERTY
--------------Boundary-00=_O5I3LVC0000 000000000
Content-Type: Text/HTML;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-=
9">
<META content=3D"Incr ediMail 1.0" name=3DGENERATO R>


</HEAD>
<BODY style=3D"BACKGR OUND-POSITION: 0px 0px; FONT-SIZE: 12pt; MARGIN: 5px=
10px 10px; FONT-FAMILY: Arial" bgColor=3D#ffff ff background=3D"" scroll=3D=
yes X-FVER=3D"3.0" ORGYPOS=3D"0">
<TABLE id=3DINCREDIMAI NTABLE cellSpacing=3D0 cellPadding=3D2 width=3D"100=
%" border=3D0>
<TBODY>
<TR>
<TD id=3DINCREDITEX TREGION style=3D"FONT-SIZE: 12pt; CURSOR: auto; FONT-F=
AMILY: Arial" width=3D"100%">
<DIV>Hello,</DIV>
<DIV> </DIV>
<DIV>Think that we have a database named DATABASE1, and table named TABLE=
1, and fields named FIELD1, FIELD1,FIELD2,F IELD3,FIELD4</DIV>
<DIV> </DIV>
<DIV>You want to give a specific permission to a user named USER1</DIV>
<DIV> </DIV>
<DIV>For ex, you give only SELECT permission to USER1 for FIELD1 and FIEL=
D4 in TABLE1 and DATABASE1.</DIV>
<DIV>and you did not assign any other permission to USER1.</DIV>
<DIV> </DIV>
<DIV>Now everything is OK! USER1 can only select FIELD1 and FIELD4, and c=
an not see data or change or etc.. to FIELD2 or FIELD3..</DIV>
<DIV> </DIV>
<DIV>So we think that everything is OK! But, USER1 is still able to see t=
he table structure of TABLE1. He see fields which i don't want him to see=
!</DIV>
<DIV> </DIV>
<DIV>As i searched internet related to this topic i couldn't find any sat=
istfactory solution to this one.</DIV>
<DIV> </DIV>
<DIV>Anyone has idea to prevent USER1 to be able to see table structure a=
nd only permission to SELECT FIELD1 and FIELD4 as i assigned?</DIV>
<DIV> </DIV>
<DIV>Also there should be some default error message for these users when=
they try to select from another field. why? Because if my  first qu=
estion gets answered and solved, then, USER1 can try to SELECT FIELD3 FRO=
M TABLE1.. .and it will say something like "you have no permission for FI=
ELD3"</DIV>
<DIV>insted of this, it can be "This field does not exist"..</DIV>
<DIV> </DIV>
<DIV>Thanks.</DIV>
<DIV>QWERTY</DIV></TD></TR>
<TR>
<TD id=3DINCREDIFOO TER width=3D"100%">
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%">
<TBODY>
<TR>
<TD width=3D"100%"> </TD>
<TD id=3DINCREDISOU ND vAlign=3Dbottom align=3Dmiddle> </TD>
<TD id=3DINCREDIANI M vAlign=3Dbottom align=3Dmiddle> </TD></TR></TBODY></T=
ABLE></TD></TR></TBODY></TABLE><SPAN id=3DIncrediSta mp><SPAN dir=3Dltr><F=
ONT face=3D"Arial, Helvetica, sans-serif" size=3D2>______ _______________ _=
_______________ _______________ <BR><FONT face=3D"Comic Sans MS" size=3D2><=
A href=3D"http://www.incredimail .com/redir.asp?ad_id =3D309&lang =3D9">=
<IMG alt=3D"" hspace=3D0 src=3D"cid:B370 1B25-AF0F-49B6-88BA-77891E6E08F8"=
align=3Dbaselin e border=3D0></A>  <I>IncrediMai l</I> - <B>Email has=
finally evolved</B> - </FONT><A href=3D"http://www.incredimail .com/redir=
=2Easp?ad_id=3D 309&lang=3D 9"><FONT face=3D"Times New Roman" size=3D3>=
<B><U>Click Here</U></B></FONT></A></SPAN></SPAN></FONT></BODY></HTML>
--------------Boundary-00=_O5I3LVC0000 000000000--

--------------Boundary-00=_O5I3QL80000 000000000--

Jul 19 '05 #1

Subscribe Reply

1842

Similar topics

2800

Who should security issues be reported to?

by: grahamd | last post by:

Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.

Python

2499

Web Service Security

by: James | last post by:

I'm currently using a basic web service for my Windows and web clients to access a Microsoft Access database on the web server. All works fine, but I'm worried about security. Without any precautions, anyone could use the web service to access or even modify information in the database. This, obviously, is not too good, so currently I've set a database password on the MS Access file. The trouble is, since web services are stateless the password...

.NET Framework

2062

User Control Security on .Net 2.0

by: Norsoft | last post by:

I have a .Net 1.1 application which is downloaded into an aspx page. It is a dll which inherits from System.Windows.Forms.UserControl. It works fine on a PC with only the 1.1 Framework. However, the control will not load on a PC with the 2.0 Framework installed. I know that IE will use the newest framework so I assume it is a security issue. At the assembly level I apply the following attributes;

ASP.NET

1985

IIS / Web Services Security threats

by: Magdelin | last post by:

Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the business tier inside the fire wall or internal network. The biz tier will be developed and deployed as web services on IIS. I know microsoft recommends this architecture but I am not able to convince my security team. They say IIS is vulnerable...

.NET Framework

2253

FxCop App Security

by: Velvet | last post by:

I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is, what should these

ASP.NET

1968

Allowing certain users to administer users via code, and other security questions

by: google | last post by:

I have a few general questions. I am working on a new database to be used within my company. I would like to give a couple of people, particularly HR, the ability to add and delete Access users, and add/remove them to groups, so as people join and leave the company, they can be added/removed as database users at that time. However, I don't want them to have to do it through the standard Access users/groups interface, and I don't want...

Microsoft Access / VBA

1856

Events over remoting and security problem, related/not related, I don't know

by: ThunderMusic | last post by:

hi, I have 2 services running, one doing a job and the other monitoring the job is done and that the other service (the one doing the job) is still running. The thing is, the 1st service fire some events notifying other programs that an alert happened... I want to register to that event in my second service, but I just can't get it working... I receive the following message : Type System.DelegateSerializationHolder and the types...

.NET Framework

1481

Looking for PHP security tips

by: Karl Nierler | last post by:

Hi everybody, I am currently developing my first commercial (customer specific) PHP application. This application is in fact nothing else than a content management system with internal accounting capabilities for a small business, based on MySQL. So in fact there is nothing extraordinary about it. My customers are worried abour security in PHP. I have written many small PHP applications before where security wasn't a major concern. I

PHP

1147

Security with SSAS 2005

by: assia | last post by:

Hello, I have a question concerning security in SSAS 2005. I create two roles, let's say, role 1 and role 2. I have a user, let's Alice that belongs to the two roles. These roles are set on one specific dimension of my cube. This dimension is organized as hierarchy: Sector, department, division, service and the last level which is called CC. In role 1 Alice can see one department (let's say dept1) with all its divisions, services and CC....

Microsoft SQL Server

3333

Clustering, Security, Performance, Load Balance

by: Manish | last post by:

I think this question has been asked number of times. However, I am looking for some specific information. Perhaps some of you can help close the gap. Or perhaps you can point me towards right direction. Perhaps this group can help me fill in ms-sqlserver related following questions. 1. Do this database have data Clustering capabilities? 1a. If yes, what mechanism is used such as shared disk, share nothing, etc.

Microsoft SQL Server

9568

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

9404

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10164

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

8833

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7379

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6649

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5277

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

5423

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

3926

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp