|
|
>> Presumably the reason for this stupidity is that the VB app works with
>> Oracle *and* SQL Server, which presumably have utterly different
>> security systems... Even so, really dumb design!
>
> Not necessarily. A really dumb design if you have more than one
> application accessing the database, tho.
What, and giving every user on the network complete access to the DB
isn't a bad idea? ;-)
Seriously, anybody with the smarts to open up the Access DB and read the
username and password out of the table there would then know how to
access the Oracle DB.
Actually, wait - yes, I remember now! That was the most retarded part...
The Access DB contains "linked tables", which actually reside in the
Oracle DB. In other words, the Access DB makes Oracle look like an
Access DB. (I'm guessing VB probably has a native JET API or something.)
So all it would take is for some random user to stumble upon the right
folder and go "what's this?" and open up the Access DB, and they now
have write access to all of our regulated, audited data.
So that statement about "data is kept under strict access controls" is
actually balony. ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|