Schema

[Patrick Spinler]

David Merrill wrote:
> 
> > Most database support auth'ing database users against the OS's auth
> > method.  Essentially, once you've logged into the system, as long as
> > you're listed as a valid database user, you're okay.  I suggest we use
> > this method.
> 
> The downside of that is the maintenance of the user accounts. Probably not an
> issue now that I think about it. It is a very common way of writing database
> apps for Windows, but I'm really not entirely sure why. Maybe because of some
> Windows bletcherousness.
> 
> Oh, now I remember. It's because of how screwy the OS-to-SQL authorization is in
> Windows. More bugs than 2 week old roadkill.

The downside that I see is that even though following this method makes
using a dbms on the same machine easier (argueably), it makes a hash of
security and administration if your dbms is on a different machine than
your client.  (both client & server would need to use the same, secure
authentication so that the server can _trust_ that the user is who the
client says it is, and if the pipe between server and client is
encrypted.)

For the server and client on the same machine, this method provides a
reasonable expectation of privacy for the database - file protections
stop raw access to the file, and database user auth'ing stops people
running a database engine against it.

For a first implementation this is probably okay, since people on this
list are talking about using an embedded or "sandboxed" database that
would be under complete control of the application, and transparent to
the user.

-- Pat

-- 
      This message does not represent the policies or positions
	     of the Mayo Foundation or its subsidiaries.
  Patrick Spinler			email:	Spinler.Patrick@Mayo.EDU
  Mayo Foundation			phone:	507/284-9485