Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!mcsun!cernvax!chx400!cgch!wjdh
From: wjdh@ciba-geigy.ch (Jean Daniel Horner)
Newsgroups: comp.databases
Subject: Databases, 4GL-Tool, UFI and security
Keywords: security, 4GL-Tool
Message-ID: <1991Jan14.092052.21918@ciba-geigy.ch>
Date: 14 Jan 91 09:20:52 GMT
Sender: news@ciba-geigy.ch (USENET News Agent)
Organization: Ciba-Geigy AG, Basel, Switzerland
Lines: 28
Nntp-Posting-Host: cgcha

Consider a DBMS (e.g ORACLE), a 4GL-tool (e.g: sqlforms) and its User Friendly
Interface (such as sqlplus).
Suppose that I'm writing an aplication with the 4GL-tool that is dealing with
two tables: a credit table and a debit table. Suppose that this application
will delete a row in a table and insert the same row in the other table (I
admit, it looks silly, but it's just to expose the problem).

In my 4GL-application, I can ensure the consistency between these two tables
via features of this 4GL-tool (eg: triggers).

The users who are using this 4GL-application, have to log on to the DBMS
with their personal account. Therefore they will get the insert and delete
privilege on tables credit and debit. 

If these users use sqlplus, they can for example insert in the credit table
only!!!!

In the 3GL-environment (with embedded SQL), we could trick the system, by
login into the DBMS with another userid-name and a hidden password. But this
doesn't work anymore with the 4Gl-applications.

Questions: 1. How do you deal with this problem?
           2. How do you deal with ORACLE,SQLFORMS and SQLPLUS?
	   3. You probably would say that we should write a C-exit,
	      somewhere, just after the login. But what to do if this
	      4GL-tool does not let us put some exits around?

Jean-Daniel Horner.