POV-Ray: Newsgroups: povray.off-topic: Endless quest: Re: Draft #1

POV-Ray : Newsgroups : povray.off-topic : Endless quest : Re: Draft #1		Server Time 4 Sep 2024 23:22:36 EDT (-0400)

From: Orchid XP v8
Date: 15 Jan 2010 16:47:05
Message: <4b50e259@news.povray.org>

>> Presumably the reason for this stupidity is that the VB app works with 
>> Oracle *and* SQL Server, which presumably have utterly different 
>> security systems... Even so, really dumb design!
> 
> Not necessarily. A really dumb design if you have more than one 
> application accessing the database, tho.

What, and giving every user on the network complete access to the DB 
isn't a bad idea? ;-)

Seriously, anybody with the smarts to open up the Access DB and read the 
username and password out of the table there would then know how to 
access the Oracle DB.

Actually, wait - yes, I remember now! That was the most retarded part... 
The Access DB contains "linked tables", which actually reside in the 
Oracle DB. In other words, the Access DB makes Oracle look like an 
Access DB. (I'm guessing VB probably has a native JET API or something.)

So all it would take is for some random user to stumble upon the right 
folder and go "what's this?" and open up the Access DB, and they now 
have write access to all of our regulated, audited data.

So that statement about "data is kept under strict access controls" is 
actually balony. ;-)

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message