473,326 Members | 2,134 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

Security related! Not possible to hide table structure. I couldn't find..... ?

--------------Boundary-00=_O5I3QL80000000000000
Content-Type: Multipart/Alternative;
boundary="------------Boundary-00=_O5I3LVC0000000000000"
--------------Boundary-00=_O5I3LVC0000000000000
Content-Type: Text/Plain;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

Hello,=0D
=0D
Think that we have a database named DATABASE1, and table named TABLE1, an=
d
fields named FIELD1, FIELD1,FIELD2,FIELD3,FIELD4=0D
=0D
You want to give a specific permission to a user named USER1=0D
=0D
For ex, you give only SELECT permission to USER1 for FIELD1 and FIELD4 in
TABLE1 and DATABASE1.=0D
and you did not assign any other permission to USER1.=0D
=0D
Now everything is OK! USER1 can only select FIELD1 and FIELD4, and can no=
t
see data or change or etc.. to FIELD2 or FIELD3..=0D
=0D
So we think that everything is OK! But, USER1 is still able to see the ta=
ble
structure of TABLE1. He see fields which i don't want him to see!=0D
=0D
As i searched internet related to this topic i couldn't find any
satistfactory solution to this one.=0D
=0D
Anyone has idea to prevent USER1 to be able to see table structure and on=
ly
permission to SELECT FIELD1 and FIELD4 as i assigned?=0D
=0D
Also there should be some default error message for these users when they
try to select from another field. why? Because if my first question gets
answered and solved, then, USER1 can try to SELECT FIELD3 FROM TABLE1.. .=
and
it will say something like "you have no permission for FIELD3"=0D
insted of this, it can be "This field does not exist"..=0D
=0D
Thanks.=0D
QWERTY
--------------Boundary-00=_O5I3LVC0000000000000
Content-Type: Text/HTML;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-=
9">
<META content=3D"IncrediMail 1.0" name=3DGENERATOR>

<!--IncrdiXMLRemarkStart>
<IncrdiX-Info>
<X-FID>FLAVOR00-NONE-0000-0000-000000000000</X-FID>
<X-FVER></X-FVER>
<X-CNT>;</X-CNT>
</IncrdiX-Info>
<IncrdiXMLRemarkEnd-->
</HEAD>
<BODY style=3D"BACKGROUND-POSITION: 0px 0px; FONT-SIZE: 12pt; MARGIN: 5px=
10px 10px; FONT-FAMILY: Arial" bgColor=3D#ffffff background=3D"" scroll=3D=
yes X-FVER=3D"3.0" ORGYPOS=3D"0">
<TABLE id=3DINCREDIMAINTABLE cellSpacing=3D0 cellPadding=3D2 width=3D"100=
%" border=3D0>
<TBODY>
<TR>
<TD id=3DINCREDITEXTREGION style=3D"FONT-SIZE: 12pt; CURSOR: auto; FONT-F=
AMILY: Arial" width=3D"100%">
<DIV>Hello,</DIV>
<DIV>&nbsp;</DIV>
<DIV>Think that we have a database named DATABASE1, and table named TABLE=
1, and fields named FIELD1, FIELD1,FIELD2,FIELD3,FIELD4</DIV>
<DIV>&nbsp;</DIV>
<DIV>You want to give a specific permission to a user named USER1</DIV>
<DIV>&nbsp;</DIV>
<DIV>For ex, you give only SELECT permission to USER1 for FIELD1 and FIEL=
D4 in TABLE1 and DATABASE1.</DIV>
<DIV>and you did not assign&nbsp;any other permission to USER1.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Now everything is OK! USER1 can only select FIELD1 and FIELD4, and c=
an not see data or change or etc.. to FIELD2 or FIELD3..</DIV>
<DIV>&nbsp;</DIV>
<DIV>So we think that everything is OK! But, USER1 is still able to see t=
he table structure of TABLE1. He see fields which i don't want him to see=
!</DIV>
<DIV>&nbsp;</DIV>
<DIV>As i searched internet related to this topic i couldn't find any sat=
istfactory solution to this one.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Anyone has idea to prevent USER1 to be able to see table structure a=
nd only permission to SELECT FIELD1 and FIELD4 as i assigned?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Also there should be some default error message for these users when=
they try to select from another field. why? Because if my&nbsp; first qu=
estion gets answered and solved, then, USER1 can try to SELECT FIELD3 FRO=
M TABLE1.. .and it will say something like "you have no permission for FI=
ELD3"</DIV>
<DIV>insted of this, it can be "This field does not exist"..</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks.</DIV>
<DIV>QWERTY</DIV></TD></TR>
<TR>
<TD id=3DINCREDIFOOTER width=3D"100%">
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%">
<TBODY>
<TR>
<TD width=3D"100%"></TD>
<TD id=3DINCREDISOUND vAlign=3Dbottom align=3Dmiddle></TD>
<TD id=3DINCREDIANIM vAlign=3Dbottom align=3Dmiddle></TD></TR></TBODY></T=
ABLE></TD></TR></TBODY></TABLE><SPAN id=3DIncrediStamp><SPAN dir=3Dltr><F=
ONT face=3D"Arial, Helvetica, sans-serif" size=3D2>______________________=
______________________________<BR><FONT face=3D"Comic Sans MS" size=3D2><=
A href=3D"http://www.incredimail.com/redir.asp?ad_id=3D309&amp;lang=3D9">=
<IMG alt=3D"" hspace=3D0 src=3D"cid:B3701B25-AF0F-49B6-88BA-77891E6E08F8"=
align=3Dbaseline border=3D0></A>&nbsp; <I>IncrediMail</I> - <B>Email has=
finally evolved</B> - </FONT><A href=3D"http://www.incredimail.com/redir=
=2Easp?ad_id=3D309&amp;lang=3D9"><FONT face=3D"Times New Roman" size=3D3>=
<B><U>Click Here</U></B></FONT></A></SPAN></SPAN></FONT></BODY></HTML>
--------------Boundary-00=_O5I3LVC0000000000000--

--------------Boundary-00=_O5I3QL80000000000000--

Jul 19 '05 #1
0 1814

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

28
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
2
by: James | last post by:
I'm currently using a basic web service for my Windows and web clients to access a Microsoft Access database on the web server. All works fine, but I'm worried about security. Without any...
5
by: Norsoft | last post by:
I have a .Net 1.1 application which is downloaded into an aspx page. It is a dll which inherits from System.Windows.Forms.UserControl. It works fine on a PC with only the 1.1 Framework. However,...
7
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
3
by: Velvet | last post by:
I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is,...
6
by: google | last post by:
I have a few general questions. I am working on a new database to be used within my company. I would like to give a couple of people, particularly HR, the ability to add and delete Access users,...
2
by: ThunderMusic | last post by:
hi, I have 2 services running, one doing a job and the other monitoring the job is done and that the other service (the one doing the job) is still running. The thing is, the 1st service fire some...
3
by: Karl Nierler | last post by:
Hi everybody, I am currently developing my first commercial (customer specific) PHP application. This application is in fact nothing else than a content management system with internal...
0
by: assia | last post by:
Hello, I have a question concerning security in SSAS 2005. I create two roles, let's say, role 1 and role 2. I have a user, let's Alice that belongs to the two roles. These roles are set on one...
3
by: Manish | last post by:
I think this question has been asked number of times. However, I am looking for some specific information. Perhaps some of you can help close the gap. Or perhaps you can point me towards right...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.