All,
Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?
Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(. ...)
Catch ex As SecurityExcepti on
'Do something with the exception, etc.
End Try
End Get
End Property
Just trying to get some ideas...
Thanks in advance!
Dave
3  3440 
You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:
<PrincipalPermi ssion(SecurityA ction.Demand, _
Authenticated:= True, _
Role:="SomeRole ")> _
Private Sub SomeMethod()
...
Or you can use imperative demands inside methods:
Public Function SomeMethod() As String
Dim op As New PrincipalPermis sion(Nothing, _
"BUILTIN\Admini strators")
Try
op.Demand()
...
Catch ex As System.Security .SecurityExcept ion
Return ex.Message
End Try
....
See the topic "Demands" in help as a starting point.
-- Mary
MCW Technologies http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da************ *******@asdsoft ware.com> wrote: All,
Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?
Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(. ...)
Catch ex As SecurityExcepti on
'Do something with the exception, etc.
End Try
End Get
End Property
Just trying to get some ideas...
Thanks in advance!
Dave
Mary,
Thanks for the suggestion. I didn't even know this was here (framework is
very big).
However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.
In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.
Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(" MyCode", "DAVE")
Catch ex As SecurityExcepti on
'Do something with the exception, etc.
End Try
End Get
End Property
Public Sub CheckSecurity(p ropertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityExcepti on("User does not have security")
End If
End Sub
This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?
Thank you!
Dave
"Mary Chipman" <mc***@nomail.p lease> wrote in message
news:bt******** *************** *********@4ax.c om... You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:
<PrincipalPermi ssion(SecurityA ction.Demand, _
Authenticated:= True, _
Role:="SomeRole ")> _
Private Sub SomeMethod()
...
Or you can use imperative demands inside methods:
Public Function SomeMethod() As String
Dim op As New PrincipalPermis sion(Nothing, _
"BUILTIN\Admini strators")
Try
op.Demand()
...
Catch ex As System.Security .SecurityExcept ion
Return ex.Message
End Try
...
See the topic "Demands" in help as a starting point.
-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da************ *******@asdsoft ware.com> wrote:
All,
Does anyone have ideas how they have implemented field (property) level
security? I want to handle this from the business object level, not the
database level. Is it best to have a security checking method that gets
called in the property and throws an exception? If there are several
"fields" that are being accessed multiple times, does it hurt from a
performance perspective to have these exceptions thrown all of the time?
Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(. ...)
Catch ex As SecurityExcepti on
'Do something with the exception, etc.
End Try
End Get
End Property
Just trying to get some ideas...
Thanks in advance!
Dave
The security demands I posted were for either Windows or custom users,
not the machine per se. You can also use IsInRole with either Windows
or generic users. You'd use IsInRole as a test before branching to
your code. Security demands don't allow code to run if the user
doesn't "pass" the demand test (they aren't in the role). So I guess
I'm not clear how your security logic would be different than this.
-- Mary
MCW Technologies http://www.mcwtech.com
On Thu, 18 Dec 2003 10:49:17 -0600, "Dave Wurtz"
<da************ *******@asdsoft ware.com> wrote: Mary,
Thanks for the suggestion. I didn't even know this was here (framework is
very big).
However, if I understand this correctly, this is really more for using
system settings to determine if code can/will be executed. Is that correct?
What I am really looking for is to check my own business rules as to whether
the user can access the information.
In my previous example, the CheckSecurity() call would check my own security
logic to see if the user of my application (not necessarily of the
workstation) can access this information.
Public ReadOnly Property MyCode() As String
Get
Try
CheckSecurity(" MyCode", "DAVE")
Catch ex As SecurityExcepti on
'Do something with the exception, etc.
End Try
End Get
End Property
Public Sub CheckSecurity(p ropertyName As String, userName As String)
If propertyName = "MyCode" And userName = "DAVE"
Throw New SecurityExcepti on("User does not have security")
End If
End Sub
This, obviously is a VERY simple example and not very realistic, but
hopefully it gets my point across. Does this seem like a good approach to
take?
Thank you!
Dave
"Mary Chipman" <mc***@nomail.p lease> wrote in message
news:bt******* *************** **********@4ax. com... You might want to take a look at creating security demands in your
code. Declarative demands are attributes that you use to decorate your
code, and you can allow code to load (and run) based on either Windows
roles or custom roles:
<PrincipalPermi ssion(SecurityA ction.Demand, _
Authenticated:= True, _
Role:="SomeRole ")> _
Private Sub SomeMethod()
...
Or you can use imperative demands inside methods:
Public Function SomeMethod() As String
Dim op As New PrincipalPermis sion(Nothing, _
"BUILTIN\Admini strators")
Try
op.Demand()
...
Catch ex As System.Security .SecurityExcept ion
Return ex.Message
End Try
...
See the topic "Demands" in help as a starting point.
-- Mary
MCW Technologies
http://www.mcwtech.com
On Thu, 18 Dec 2003 08:03:41 -0600, "Dave Wurtz"
<da************ *******@asdsoft ware.com> wrote:
>All,
>
>Does anyone have ideas how they have implemented field (property) level
>security? I want to handle this from the business object level, not the
>database level. Is it best to have a security checking method that gets
>called in the property and throws an exception? If there are several
>"fields" that are being accessed multiple times, does it hurt from a
>performance perspective to have these exceptions thrown all of the time?
>
>Public ReadOnly Property MyCode() As String
> Get
> Try
> CheckSecurity(. ...)
> Catch ex As SecurityExcepti on
> 'Do something with the exception, etc.
> End Try
> End Get
>End Property
>
>Just trying to get some ideas...
>
>Thanks in advance!
>Dave
> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: robert |
last post by:
well, talk about timely. i'm tasked to implement a security feature,
and would rather do so in the database than the application code. the
application is generally Oracle, but sometimes DB2. Oracle has what
it calls package DBMS_RLS, which implements application ignorant
row level security.
scanning this group yielded "you can't do that; use views". then i
dug out DB2Mag qtr 1 2004, and there is MLS for v8/390. from this
article,...
|
by: Allen Browne |
last post by:
Access does not have true field-level permissions, but I was recently asked
to set up a database where some fields would be locked and others not. The
idea was to allow the user who created the record to make changes, or permit
changes only while the record was new (say for one hour), on a
field-by-field basis, and let the manager change the permissions at runtime.
A custom property on the field, made this simple to implement and...
|
by: John |
last post by:
Hi
We have a set of complicated applications that access the same backend
database. One of the date fields if being blanked out from time to time by
an unknown process, which is causing problems in the organization as the
field is related to the payroll. Is there any way to place a check at table
level (kinda like sql triggers) to save the existing value of the field when
an app tries to modify it? This way at least we have a record of...
|
by: Vicky via DotNetMonster.com |
last post by:
Hi, I need help with "An object reference is required for the nonstatic
field, method, or property 'dataReader.Class1.data'"
Before I put folowing variable in class level, it works fine.
------------------
string data;
string valTicker = "";
string valPeriod = "";
---------------------
but after put them into class level I got above error msg.
|
by: MR |
last post by:
I get the following Exception "The data at the root level is invalid. Line
1, position 642" whenever I try to deserialize an incoming SOAP message. The
incoming message is formed well and its length is 642 bytes ( I have
appended it to the end of this message).
I suspect that the reason may have something to do with an incorrect
declaration of which class to de-serialize to.
In the attached code I substituted @@@@@@@ in the code below with...
| | |
by: sellcraig |
last post by:
Microsoft access
2 tables
table "data main" contains a field called "code"
table "ddw1" is created from a make table query of "data main"
Goal-
the data in "code" field in needs to be inserted into a standard web
address in the table (the filed name is link) in ddw1
Example address ---
|
by: Keith Wilby |
last post by:
I have an Access app with ULS applied. It has a main form and a subform
with a 1:M relationship. My client wants some of his users to be able to
edit 3 fields in the subform but read-only the rest. What's the "preferred"
solution to this?
I thought I could either
provide 2 subforms with their queries permissions set accordingly or
provide 1 subform and use code to loop through the objects to lock/unlock
|
by: plaguna |
last post by:
Basically I have Three questions about Jet U-L Security:
1.Every time I create new Groups, new Users and Permissions using the User and Group Accounts dialog box, It creates User security for every single DB Access file I have in my system. How can I get a Jet User-Level Security only for the current opened file without using the User-Level Security Wizard?.
2. Also, Is there a way to view and make changes to Groups and Users opening...
|
by: jostein.solstad |
last post by:
Hi!
I am building a 3 tier application.
As far as I know, you can use authorization classes and properties
defined with the System.Security classes for the Business Logic Layer.
What I wonder is if there are any best practises for security on GUI-
level? Let's say I do not want sertain users to be able to see a price
field of a product form.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
