468,316 Members | 1,529 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,316 developers. It's quick & easy.

Security related! Not possible to hide table structure. I couldn't find..... ?

--------------Boundary-00=_O5I3QL80000000000000
Content-Type: Multipart/Alternative;
boundary="------------Boundary-00=_O5I3LVC0000000000000"
--------------Boundary-00=_O5I3LVC0000000000000
Content-Type: Text/Plain;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

Hello,=0D
=0D
Think that we have a database named DATABASE1, and table named TABLE1, an=
d
fields named FIELD1, FIELD1,FIELD2,FIELD3,FIELD4=0D
=0D
You want to give a specific permission to a user named USER1=0D
=0D
For ex, you give only SELECT permission to USER1 for FIELD1 and FIELD4 in
TABLE1 and DATABASE1.=0D
and you did not assign any other permission to USER1.=0D
=0D
Now everything is OK! USER1 can only select FIELD1 and FIELD4, and can no=
t
see data or change or etc.. to FIELD2 or FIELD3..=0D
=0D
So we think that everything is OK! But, USER1 is still able to see the ta=
ble
structure of TABLE1. He see fields which i don't want him to see!=0D
=0D
As i searched internet related to this topic i couldn't find any
satistfactory solution to this one.=0D
=0D
Anyone has idea to prevent USER1 to be able to see table structure and on=
ly
permission to SELECT FIELD1 and FIELD4 as i assigned?=0D
=0D
Also there should be some default error message for these users when they
try to select from another field. why? Because if my first question gets
answered and solved, then, USER1 can try to SELECT FIELD3 FROM TABLE1.. .=
and
it will say something like "you have no permission for FIELD3"=0D
insted of this, it can be "This field does not exist"..=0D
=0D
Thanks.=0D
QWERTY
--------------Boundary-00=_O5I3LVC0000000000000
Content-Type: Text/HTML;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-=
9">
<META content=3D"IncrediMail 1.0" name=3DGENERATOR>

<!--IncrdiXMLRemarkStart>
<IncrdiX-Info>
<X-FID>FLAVOR00-NONE-0000-0000-000000000000</X-FID>
<X-FVER></X-FVER>
<X-CNT>;</X-CNT>
</IncrdiX-Info>
<IncrdiXMLRemarkEnd-->
</HEAD>
<BODY style=3D"BACKGROUND-POSITION: 0px 0px; FONT-SIZE: 12pt; MARGIN: 5px=
10px 10px; FONT-FAMILY: Arial" bgColor=3D#ffffff background=3D"" scroll=3D=
yes X-FVER=3D"3.0" ORGYPOS=3D"0">
<TABLE id=3DINCREDIMAINTABLE cellSpacing=3D0 cellPadding=3D2 width=3D"100=
%" border=3D0>
<TBODY>
<TR>
<TD id=3DINCREDITEXTREGION style=3D"FONT-SIZE: 12pt; CURSOR: auto; FONT-F=
AMILY: Arial" width=3D"100%">
<DIV>Hello,</DIV>
<DIV>&nbsp;</DIV>
<DIV>Think that we have a database named DATABASE1, and table named TABLE=
1, and fields named FIELD1, FIELD1,FIELD2,FIELD3,FIELD4</DIV>
<DIV>&nbsp;</DIV>
<DIV>You want to give a specific permission to a user named USER1</DIV>
<DIV>&nbsp;</DIV>
<DIV>For ex, you give only SELECT permission to USER1 for FIELD1 and FIEL=
D4 in TABLE1 and DATABASE1.</DIV>
<DIV>and you did not assign&nbsp;any other permission to USER1.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Now everything is OK! USER1 can only select FIELD1 and FIELD4, and c=
an not see data or change or etc.. to FIELD2 or FIELD3..</DIV>
<DIV>&nbsp;</DIV>
<DIV>So we think that everything is OK! But, USER1 is still able to see t=
he table structure of TABLE1. He see fields which i don't want him to see=
!</DIV>
<DIV>&nbsp;</DIV>
<DIV>As i searched internet related to this topic i couldn't find any sat=
istfactory solution to this one.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Anyone has idea to prevent USER1 to be able to see table structure a=
nd only permission to SELECT FIELD1 and FIELD4 as i assigned?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Also there should be some default error message for these users when=
they try to select from another field. why? Because if my&nbsp; first qu=
estion gets answered and solved, then, USER1 can try to SELECT FIELD3 FRO=
M TABLE1.. .and it will say something like "you have no permission for FI=
ELD3"</DIV>
<DIV>insted of this, it can be "This field does not exist"..</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks.</DIV>
<DIV>QWERTY</DIV></TD></TR>
<TR>
<TD id=3DINCREDIFOOTER width=3D"100%">
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%">
<TBODY>
<TR>
<TD width=3D"100%"></TD>
<TD id=3DINCREDISOUND vAlign=3Dbottom align=3Dmiddle></TD>
<TD id=3DINCREDIANIM vAlign=3Dbottom align=3Dmiddle></TD></TR></TBODY></T=
ABLE></TD></TR></TBODY></TABLE><SPAN id=3DIncrediStamp><SPAN dir=3Dltr><F=
ONT face=3D"Arial, Helvetica, sans-serif" size=3D2>______________________=
______________________________<BR><FONT face=3D"Comic Sans MS" size=3D2><=
A href=3D"http://www.incredimail.com/redir.asp?ad_id=3D309&amp;lang=3D9">=
<IMG alt=3D"" hspace=3D0 src=3D"cid:B3701B25-AF0F-49B6-88BA-77891E6E08F8"=
align=3Dbaseline border=3D0></A>&nbsp; <I>IncrediMail</I> - <B>Email has=
finally evolved</B> - </FONT><A href=3D"http://www.incredimail.com/redir=
=2Easp?ad_id=3D309&amp;lang=3D9"><FONT face=3D"Times New Roman" size=3D3>=
<B><U>Click Here</U></B></FONT></A></SPAN></SPAN></FONT></BODY></HTML>
--------------Boundary-00=_O5I3LVC0000000000000--

--------------Boundary-00=_O5I3QL80000000000000--

Jul 19 '05 #1
0 1587

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

28 posts views Thread by grahamd | last post: by
2 posts views Thread by James | last post: by
5 posts views Thread by Norsoft | last post: by
7 posts views Thread by Magdelin | last post: by
3 posts views Thread by Velvet | last post: by
3 posts views Thread by Karl Nierler | last post: by
reply views Thread by NPC403 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.