March 18, 2002 at 10:59 pm
Designing an appropriate application security is a challenge to say the least. I am looking for a source that explain how to design a system that achieve full control on both the GUI and database objects. The security system should enable assigning privileges to each user. Any help is most appreciated.
March 19, 2002 at 5:57 am
You might want to look at COM+. It supports role based security and provides some methods you can use in your code to check role membership. You don't have to deal with the UI too much since the security is enforced in the COM+ layer, same with the data - if no one has direct access you avoid the problem entirely. Other than that I've seen some table based implementations but each was pretty specific to the problem it solved. You might also take a look at how SQL itself stores user and permission data.
Andy
March 19, 2002 at 9:55 am
Thanks a lot. I completely understand that most of the security solutions are application specific. Nontheless an example would be helpful. Any book or article that provide such an example would be most appreciated.
March 19, 2002 at 9:59 am
I dont remember seeing one, will look around some.
Andy
March 19, 2002 at 10:09 am
You can look at the FMStocks application at MS. It uses a middle tier with rights that the end user does not have.
Steve Jones
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply