Francisco H Tapia
my.lists at verizon.net
Fri Oct 31 16:56:15 CST 2003
I posted this on the OT list, but I'm now posting it here because I really want to make use of this particular topic and how it relates in our applications. <snip> BG:You don't need perfect code to avoid security problems. There are things we're doing that are making code closer to perfect, in terms of tools and security audits and things like that. But there are two other techniques: one is called firewalling and the other is called keeping the software up to date. http://www.itbusiness.ca/index.asp?theaction=61&sid=53897 <snip> In the company I work for, we are gearing up to deliver a full blown Upgrade to our current Department System. It is currently in Access 97 and we've already been handeling the growing pains w/ normalizing the data and upsizing it to Sql Server 2000. The 2nd part is a little more critical because it deals w/ Security and because eventually all this will auto-synchronize as a distributed application, but I digress. A common Security Topology follows this type of table format Users (1-many) UserGroups (many-1) Groups But what if the database needed to handel security for multiple applications. Would it then be more Along the lines of Users (1-many) UserApp (many-1) Apps (1-many) Groups The reason I ask, is because already I'm receiving a list of possible "GROUP/Role" names of what each application will use. Commonalities are ADMIN and Clerk or Guest. -- -Francisco