Diese Seite mit anderen teilen ...

Informationen zum Thema:
Forum:
WinDev Forum
Beiträge im Thema:
15
Erster Beitrag:
vor 5 Monaten, 1 Woche
Letzter Beitrag:
vor 5 Monaten
Beteiligte Autoren:
Frans, Piet van Zanten, GuenterP, Fabrice Harari

HfSql; How to prevent user to log in to HfSQL control center

Startbeitrag von Frans am 11.03.2017 19:59

Hello to you all,

Is it possible to prevent a normal user off a program (accessing HfSql) to open the HfSql control center?

Thanks in advance.

Antworten:

Hi, it's easy - just change their passwords inside the HF CC ! And, of course, have a password for the admin as well.

von GuenterP - am 12.03.2017 05:30
Hello Guenter,

Tahnks for your answer.
I think I maybe overlook something. A user has to have a password (for hfcs to get access to the database )to use a program on a computer. With this password he/she has access to the cc.

I have a sort off workaround. Put a password on all off the files. But how can I passwordprotect the already excisting files?

von Frans - am 12.03.2017 12:31
Hi Frans,

sorry for not answering yesterday, I'm taking part in the current flu epidemic.

I think, you should take a different approach ...

Aside from the Administrator (Superuser) account just have a general user account (rights restricted to "user" rights).

Your software makes connections to any database on that server through this general user account only. The name / password is input during installation of your application only and is known to administrators only. It's stored within an INI file. An admin has the ability to open the HF CC and look at the users / groups etc. anyway.

No user is able to use the HF CC then.

I know, this is a harsh setback. Years ago I myself made an application with automatic generation of user accounts in HF CC. But that's no good as you experienced yourself.

von GuenterP - am 13.03.2017 05:52
Hi Guenter,

Thank you for your answer. I hope you feel a bit better after.
We already use a version of your in-file with encryption. Works fine.

BUT.. now we get mobile users. We use the same user name for different CC.
So we have to give the user the password otherwise he/she can't login and we can't install every mobile device in the country.
How do other developers handle this?

Thanks in advance,

von Frans - am 13.03.2017 07:58
Hi Frans,

I just don't know how others are doing that ... we are doing it the described way - but have desktop apps only.

Today I downloaded the new HFSQL v22 update v052j and started it with a simple user account. After having to handle two errors I saw that the User account is not allowed to see / manipulate any database. The Admins are invisible to the user too. Maybe, this is not so in v21 / US ... but I cannot see what a user could do in the CC?

von GuenterP - am 13.03.2017 09:47
Hi Guenter,

When a user has read rights in 21 then he/she can see and browse the whole file/table.
You are right; a normal user should not have rights to see anything in the CC. But in 21 he can.

von Frans - am 13.03.2017 11:00
Hi Frans,

my users NEVER have access to the control center...

The username and password to access the HF server from inside the program is INSIDE the program.
The user have a login/password that is stored inside the DB and that has NOTHING to do with the DB.

So they access the PROGRAM (same thing on mobile), and the PROGRAM access the DB.

Therefore, tey do not have access to the control center EVER, and if they need some of its functionalities, its easy to implement with queries and buildtablecontrol instruction

Best regards

von Fabrice Harari - am 13.03.2017 13:36
Hi Fabrice you are right,

question: how do you do that in mobile?
You can put the pw and loginname in the mobile app. But than all users of all different firms have the same pw. Then with the right IP they have access to another ones data. So I need a different pw for each firm.
Then I can integrate these different pw's in the mobile app but then I have to deliver different apps.

Or did I overlook something?

von Frans - am 13.03.2017 14:42
Hi Frans,

You need to let the user enter the firm on login as well as username and password.
You can store the name or id of the firm in a general database to lookup the name of the corresponding database.
After that they can login with their own credentials, which are stored in the db of the firm.
The login procedure checks if the db exists, then connects to the db and does a lookup for the username and password.
Your client can manage the usernames and passwords in the backoffice app.

Kind regards,
Piet

von Piet van Zanten - am 13.03.2017 17:40
Hi Piet,

Thanks for your answer.
If I understand you well:

I have a central HFSQL server with the username ip and pw of all the servers (with HFSQL) of my clients. Besides that a username and pw for the users to login on my HFSQL server.

They login on my server and get the ip,pw and username with which they can login on their own server?

It a good method but all this because we can't prevent a user to see everything on their own CC.

von Frans - am 13.03.2017 19:16
Hi Frans,

I was assuming that you were hosting the db's yourself.
Do you have any control over your clients HFSQL installation?

Kind regards,
Piet

von Piet van Zanten - am 13.03.2017 22:48
Hi Piet,

Most off the networks/servers are not in our hands. And thats the first problem. So others can try to open the cc. We do install the HFCS with our own admin password.

von Frans - am 14.03.2017 10:36
Hi Frans,

You could create a standard user and his rights in the installation program or a separate program.
So this user is standard and his password will only be known to you.
Functions to manage this are hAddUser and hModifyDatabaseRights.
Now there's still to consider that any user can now use your app to connect to any database if he knows the ip of the client.
That can be solved by creating a different username per client and letting the user enter the username and ip of the server.
The password can be hardcoded into your app.
Now the user cannot use HFSQL Control Centre because he does not know the password.
It's your clients responsibilitiy what he does with the admin password, since no user needs it.

Kind regards,
Piet

von Piet van Zanten - am 14.03.2017 19:55
Hi Piet,

When I understand it right then we have to make a new user (hardcoded) for every CC.
That could be done but is extra work. Perhaps an encrypted extra file that we deliver with a new installation.
A step forward to the solution of the problem.
Thanks again for your answer/solution.

von Frans - am 16.03.2017 17:12
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.