ADP，集成安全性和选择性权限 [英] ADPs, Integrated Security and Selective Permissions

问题描述

有一个名为Bugs_Comments_and_Suggestions的MS-SQL表。


有一个名为Bugs_Comments_and_Suggestions的表单。


允许John Doe使用这个表单，我们授予他LOGIN和ACCESS权限

到存储过程的db和SELECT权限，这是BOUND表单的记录

源。


允许John Doe更新，插入，删除使用BOUND表格，我们授予

John DoeUPDATE，INSERT，DELETE桌面上的权限，

Bugs_Comments_and_Suggestions。


我们的应用程序为桌面输入John Doe的一些唯一标识符，

Bugs_Comments_and_Suggestions，当他创建一个新记录时，并限制他使用该唯一标识符来更新和删除记录，这就是他创建的记录

。


这么好，但John Doe决定他喜欢Access，有一天，当他手上很少的时间他决定创建自己的ADP时。他选择了

选项项目，现有数据;出现一个对话框，他发现表中存在Bugs_Comments_and_Suggestions表的

MS-SQL服务器是

。他选择了那个。他选择Windows Integrated Security，或者使用

SQL登录和他已经描述过的应用程序的密码。他b / b
找到一个数据库列表框，再次选择表格所在的表格，即
Bugs_Comments_and_Suggestions。然后他点击了O.K.然后用表格弹出

数据库窗口，包括表格，

Bugs_Comments_and_Suggestions。他双击这张桌子，然后在

数据表视图中打开。

我们给了他更新，插入，删除的权限。在这张桌子上限制了他在应用程序中的访问权限

。

但现在约翰正在另一个应用程序中。 MS-SQL数据库不知道

这个;它只知道约翰有更新，插入，删除的内容。

表的权限。 John选择了Jane Doe的一个建议，然后编辑它来说这个部门负责人非常粗鲁。

然后他关闭并删除了他的小ADP。 />

第二天，Jane Doe的合同终止。


你有评论吗？我是否遗漏了有关ADPS和BOUND表格的内容以及

他们固有的漏洞？


是的，我知道我可以为每个John Doe制作一张桌子，但会倍增数字

约翰是否需要表格的数量和一个相当大的

表格数量（应用程序中约10500，这促使我

写这个），以及授予的特定权限。


当然，我并不担心一张桌子;很多桌子都有这个漏洞。


好​​吧，我要去读Robert Vieira'（WROX Professional SQL Server 2000
编程）现在关于安全的章节，我希望我发现我的想法

是错误的，并且我不必改变我的安全方法，或者停止

使用BOUND表格。


或者也许这里有人会解释如何处理我有的问题

概述。 />

-

Lyle

-

使用iso日期格式：yyyy-mm-dd
http://www.w3.org/QA/Tips / iso-date

-

电子邮件地址不是，但您可以用它来查找。

解决方案

" Lyle Fairfield" <螺****** @ FFDBA.Com>在消息中写道

news：Xn ******************* @ 130.133.1.4 ...

你有评论吗？我是否遗漏了有关ADPS和BOUND表格
及其固有漏洞的内容？

AFAIK您的解释是正确的 - 如果您希望用户能够

通过连续表单更新记录，他们需要对

基础表的UPDATE权限。你可以在桌面上设置一个触发器来审核实际上是谁b $ b做了更新，但除此之外我不认为你还有很多其他的东西可以用b $ b做b $ b 。另一种方法是使用绑定表单仅用于vewing并使用存储过程进行所有更新

。除了极少数例外，这基本上就是我们的b $ b。

2004年8月3日星期二12:00： 1400-400，John Winterbottom， < as ****** @ hotmail.com>

写道：

" Lyle Fairfield" <螺****** @ FFDBA.Com>在消息中写道
新闻：Xn ******************* @ 130.133.1.4 ...

下一个那天，Jane Doe的合同终止了。

你有评论吗？我错过了关于ADPS和BOUND表格的内容

和

他们固有的漏洞吗？

AFAIK你的解释是正确的 - 如果你希望用户能够通过连续表单更新记录，他们需要在基础表上使用UPDATE权限。您可以在桌面上设置一个触发器来审核实际更新的人员，但除此之外我不认为您还可以做其他事情。另一种方法是使用绑定表单仅用于存储并使用存储过程进行所有更新。除了极少数例外情况，基本上就是我们所做的事情。

实际上，触发器提升很有可能错误并回滚

如果执行更新的用户与用户在记录中指示

不一样的操作。 ADP旨在将安全性移至后端，因此您需要执行此操作。

。幸运的是，这通常是可行的。

" Lyle Fairfield" <螺****** @ FFDBA.Com>在消息中写道

新闻：Xn ******************* @ 130.133.1.4 ...

有一个名为Bugs_Comments_and_Suggestions的MS-SQL表。

有一个名为Bugs_Comments_and_Suggestions的表单。

为了让John Doe能够使用此表单，我们授予他登录和访问
对存储过程的db和SELECT权限的权限，这是BOUND表单的
记录源。

允许John Doe更新，插入，删除使用BOUND表格，我们
GRANT John DoeUPDATE，INSERT，DELETE表格上的权限，
Bugs_Comments_and_Suggestions。

我们的应用程序将John Doe的一些唯一标识符输入到表格中，当Bugs_Comments_and_Suggestions插入新记录时，会限制
他用唯一标识符更新和删除记录，即他创建的
记录。

这么好，但John Doe决定他喜欢Access，有一天，当他
有一点时间在他手上，他决定创建自己的ADP。他选择了
选项项目，现有数据;出现一个对话框，他发现
列出了Bugs_Comments_and_Suggestions表所在的MS-SQL服务器。他选择了那个。他选择Windows Integrated Security，或使用
SQL登录和他已经描述的应用程序的密码。
他找到了一个数据库列表框，并再次选择了表格，即Bugs_Comments_and_Suggestions所在的表格。然后他点击了O.K.然后用表格弹出
数据库窗口，包括表格，
Bugs_Comments_and_Suggestions。他双击这个表，然后在数据表视图中打开
。
我们给了他UPDATE，INSERT，DELETE在这张桌子上限制了他在应用程序中的
访问权限。
但是现在约翰正在另一个应用程序中。 MS-SQL数据库不知道这个;它只知道约翰有更新，插入，删除的内容。表$。
的权限。 John选择了Jane Doe的一个建议，然后编辑它，说部门负责人非常粗鲁。
然后他关闭并删除了他的小ADP。

下一个那天，Jane Doe的合同终止了。

你有评论吗？我错过了关于ADPS和BOUND形式
及其固有漏洞的一些内容吗？

是的，我知道我可以为每个John Doe制作一张桌子，但是乘以
的John数量通过所需表的数量和一个表获得相当大的表数（在应用程序中大约10500，这促使我写这个），以及授予的特定权限。

当然，我并不担心一张桌子;很多桌子都有这个漏洞。

好吧，我现在要阅读Robert Vieira的（WROX Professional SQL Server 2000
编程）章节，我希望我发现我的
思考是错误的，并且我不必改变我的安全方法，或者
停止使用BOUND表格。

或者也许这里有人会解释如何处理我所概述的问题。

- Lyle

你可以恢复Jane Doe的合同，但如果没有她，你可能会更好，因为在她起诉你之前只是时间问题。

There is an MS-SQL table named Bugs_Comments_and_Suggestions.

There is a form named Bugs_Comments_and_Suggestions.

To allow John Doe to use this form, we GRANT him LOGIN and ACCESS permissions
to the db and SELECT permissions on the stored procedure which is the record
source for the BOUND form.

To allow John Doe to "UPDATE, INSERT, DELETE" using the BOUND form, we GRANT
John Doe "UPDATE, INSERT, DELETE" permissions on the table,
Bugs_Comments_and_Suggestions.

Our application enters some unique identifier for John Doe into the table,
Bugs_Comments_and_Suggestions, when he INSERTS a new record, and limits him
to UPDATING and DELETING records with that unique identifier, that is records
which he has created.

SO far so good, but John Doe decides he like Access and one day, when he has
a little time on his hand he decides to create his own ADP. He chooses the
option "Project, Existing Data"; a dialog box appears and he finds that the
MS-SQL server in which the table, Bugs_Comments_and_Suggestions lives is
listed. He chooses that. He chooses Windows Integrated Security, or uses the
SQL logon and the password he has for the application already described. He
finds a list box of Databases and chooses, again, the one where the table,
Bugs_Comments_and_Suggestions, lives. Then he clicks O.K. and up pops the
database window with the tables, including table,
Bugs_Comments_and_Suggestions. He double clicks on this table and it opens in
datasheet view.
We gave him "UPDATE, INSERT, DELETE" on this table and restricted his access
in the application itself.
But now John is in another application. The MS-SQL database does not know
this; it knows only that John has "UPDATE, INSERT, DELETE" permissions on the
table. John chooses one of Jane Doe''s Suggestions and edits it to say
something extremely rude about the Department Head.
He then closes and deletes his little ADP.

The next day, Jane Doe''s contract is terminated.

Do you have comments? Am I missing something about ADPS and BOUND forms and
their inherent vulnerability?

Yes, I know I could make a table for every John Doe, but multiply the number
of John Does by the number of required tables and one gets quite a large
number of tables, (about 10500 in the application which has prompted me to
write this), and specific permissions to be granted.

And of course, I am not so much worried about one table; many tables could
have this vulnerability.

Well, I''m going to read Robert Vieira''s (WROX Professional SQL Server 2000
Programming) chapter on Security now, and I hope that I find that my thinking
is in error, and that I don''t have to change my approach on security, or stop
using BOUND forms.

Or maybe someone here will explain how to deal with the problem I have
outlined.

--
Lyle
--
use iso date format: yyyy-mm-dd
http://www.w3.org/QA/Tips/iso-date
--
The e-mail address isn''t, but you could use it to find one.

解决方案

"Lyle Fairfield" <Lo******@FFDBA.Com> wrote in message
news:Xn*******************@130.133.1.4...

The next day, Jane Doe''s contract is terminated.

Do you have comments? Am I missing something about ADPS and BOUND forms and their inherent vulnerability?

AFAIK your interpretation is correct - if you want a user to be able to
update records via a continuous form they need UPDATE permissions on the
underlying table. You could put a trigger on the table to audit who actually
did the update but other than that I don''t think there''s much else you can
do. The alternative is to use bound forms for vewing only and do all updates
with stored procedures. With very few exceptions that''s basically what we
do.

On Tue, 3 Aug 2004 12:00:14 -0400, "John Winterbottom" <as******@hotmail.com>
wrote:

"Lyle Fairfield" <Lo******@FFDBA.Com> wrote in message
news:Xn*******************@130.133.1.4...

The next day, Jane Doe''s contract is terminated.

Do you have comments? Am I missing something about ADPS and BOUND forms

and

their inherent vulnerability?

AFAIK your interpretation is correct - if you want a user to be able to
update records via a continuous form they need UPDATE permissions on the
underlying table. You could put a trigger on the table to audit who actually
did the update but other than that I don''t think there''s much else you can
do. The alternative is to use bound forms for vewing only and do all updates
with stored procedures. With very few exceptions that''s basically what we
do.

Actually, it''s quite possible to have the trigger raise an error and roll back
the action if the user doing the update is not the same as the user indicated
in the record. ADPs are designed to move security to the back-end, so that''s
where you have to do it. Fortunately, it''s usually doable.

"Lyle Fairfield" <Lo******@FFDBA.Com> wrote in message
news:Xn*******************@130.133.1.4...

There is an MS-SQL table named Bugs_Comments_and_Suggestions.

There is a form named Bugs_Comments_and_Suggestions.

To allow John Doe to use this form, we GRANT him LOGIN and ACCESS permissions to the db and SELECT permissions on the stored procedure which is the record source for the BOUND form.

To allow John Doe to "UPDATE, INSERT, DELETE" using the BOUND form, we GRANT John Doe "UPDATE, INSERT, DELETE" permissions on the table,
Bugs_Comments_and_Suggestions.

Our application enters some unique identifier for John Doe into the table,
Bugs_Comments_and_Suggestions, when he INSERTS a new record, and limits him to UPDATING and DELETING records with that unique identifier, that is records which he has created.

SO far so good, but John Doe decides he like Access and one day, when he has a little time on his hand he decides to create his own ADP. He chooses the
option "Project, Existing Data"; a dialog box appears and he finds that the MS-SQL server in which the table, Bugs_Comments_and_Suggestions lives is
listed. He chooses that. He chooses Windows Integrated Security, or uses the SQL logon and the password he has for the application already described. He finds a list box of Databases and chooses, again, the one where the table,
Bugs_Comments_and_Suggestions, lives. Then he clicks O.K. and up pops the
database window with the tables, including table,
Bugs_Comments_and_Suggestions. He double clicks on this table and it opens in datasheet view.
We gave him "UPDATE, INSERT, DELETE" on this table and restricted his access in the application itself.
But now John is in another application. The MS-SQL database does not know
this; it knows only that John has "UPDATE, INSERT, DELETE" permissions on the table. John chooses one of Jane Doe''s Suggestions and edits it to say
something extremely rude about the Department Head.
He then closes and deletes his little ADP.

The next day, Jane Doe''s contract is terminated.

Do you have comments? Am I missing something about ADPS and BOUND forms and their inherent vulnerability?

Yes, I know I could make a table for every John Doe, but multiply the number of John Does by the number of required tables and one gets quite a large
number of tables, (about 10500 in the application which has prompted me to
write this), and specific permissions to be granted.

And of course, I am not so much worried about one table; many tables could
have this vulnerability.

Well, I''m going to read Robert Vieira''s (WROX Professional SQL Server 2000
Programming) chapter on Security now, and I hope that I find that my thinking is in error, and that I don''t have to change my approach on security, or stop using BOUND forms.

Or maybe someone here will explain how to deal with the problem I have
outlined.

--
Lyle

You could reinstate Jane Doe''s contract, but you''re probably better off
without her because it''s just a matter of time before she sues you.

这篇关于ADP，集成安全性和选择性权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！