Prevent users from playing with MySQL database
-
Hi, I have a POS machine which is developed in C# .NET windows application and MySQL backend. The application will be installed locally on more than one outlet. How can I make sure users in outlet won't mess with the database if any smart guy there! I though of hdoing it using MySQL users but I make a limited users then my applicaton won't be able to write to the database? What can I do? What's your advise? Thanks Jassim
Technology News @ www.JassimRahma.com
-
Hi, I have a POS machine which is developed in C# .NET windows application and MySQL backend. The application will be installed locally on more than one outlet. How can I make sure users in outlet won't mess with the database if any smart guy there! I though of hdoing it using MySQL users but I make a limited users then my applicaton won't be able to write to the database? What can I do? What's your advise? Thanks Jassim
Technology News @ www.JassimRahma.com
of course you use security and you give your application it's own identity. your app logs on using those creds.
Never underestimate the power of human stupidity RAH
-
Hi, I have a POS machine which is developed in C# .NET windows application and MySQL backend. The application will be installed locally on more than one outlet. How can I make sure users in outlet won't mess with the database if any smart guy there! I though of hdoing it using MySQL users but I make a limited users then my applicaton won't be able to write to the database? What can I do? What's your advise? Thanks Jassim
Technology News @ www.JassimRahma.com
Jassim Rahma wrote:
How can I make sure users in outlet won't mess with the database if any
Your average user doesn't know SQL; so there's no issue there. You've asked this question before. He who owns the computer, is the local admin, and owns the database and everything in it. Resetting would be easy[^]. If you don't want them to peek in "your" database, then your only option is to not give them your database. Host it on your own machine, and put that machine there - or provide access using webservices.
Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^]
-
Hi, I have a POS machine which is developed in C# .NET windows application and MySQL backend. The application will be installed locally on more than one outlet. How can I make sure users in outlet won't mess with the database if any smart guy there! I though of hdoing it using MySQL users but I make a limited users then my applicaton won't be able to write to the database? What can I do? What's your advise? Thanks Jassim
Technology News @ www.JassimRahma.com
You move all your SQL and DML over to Stored Procedures, add one user to the database that only has permissions to use these procedures and no permissions on any tables at all. Now call these procedures from your application using this user. Make sure that the clients don't have access permissions to the database via the OS. <edit>Eddy is of course right, there's no safe way to do it, you can only make it harder for the users. Next step is to consider encryption of the tables, but the problem here is of course the same. If the database is on the machine, so are the encryption key.</edit>
Wrong is evil and must be defeated. - Jeff Ello[^]