Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Dynamic Coding

Status
Not open for further replies.
Cynan

Cynan

Programmer
Feb 6, 2002
2
0
0
GB
Hi. I'm not sure if this is posible (surely it is somehow ?) or if anyone on here is able to help me, but I sure would appreciate it if someone can !!

O'kay, I best start off with what I'm trying, and want, to do.

I'm currently writing a database class that handles connections, SQL statements etc... but each time a user calls it to run a statement, I want to verify that that user had the permission to do it.

Now these permissions are stored in a vector and I thought the best way to work the whole thing was to dynamicaly build up a 'permission string' from the SQL statement itself.

e.g.: SELECT * FROM usersTable WHERE username = 'Sample'

Now the permission string I've build up would be: SELECT_usersTable_username='Sample', and this works. I've got it working. It also handles * on the where part, e.g. SELECT_usersTable_*, or SELECT_usersTabble_username=*.

Anyone with me so far?

The problem is that I want to have permissions like, SELECT_usersTable_username=%user%. Now the code somehow has to dynamically change %user% into its proper value.

The only way I can think of doing it is as follows:

if( permissions.endsWith("%user%) )
builtUpPermisson = builtUpPermission + mUsername;

but thats not dynamic !! because in another statment might have a %somethingElse% and I really dont want to hardcode anything.

So any ideas? I thought about using hash tables somehow.. but I'm still thinking that one through.

Thank you for reading.. hope yuo can help.

--Cynan.
 
Sort by date Sort by votes
It sounds like you are going the hard way around. Why don't you use security on the database end to provide secure users view of data.

Something like
[1] create database users on the database,
[2] create views off another schema's data (i.e views that only allow them to view their own user data)
[3] grant the user roles that allow them access to the views

This is the standard approach that any decent DBMS should use (i.e. Oracle !!!!). If your database doesn't then is a stink one and you should use another.

This will be a much more maintainable, scalable and very importantly secure solution.

RjB.
 
Upvote 0 Downvote
Its not my call to make thats why!.. as always *sigh*. I've been told what I have to go on like, and now I've got to do it. Though I will be bringing up the issue of using the databases security again.

Thanks anyway... anyone else?
 
Upvote 0 Downvote
Sounds like you are being mucked around with somebody with a poor sense of architecture. I've been there before - my deepest sympathies !!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

1DMF
  • Locked
  • Question
Dynamic casting & serialised objects 1
Replies
6
Views
68
Diancecht
Diancecht
Netherwolf
  • Locked
  • Question
Contextual Dynamic Class Loader, Unloader, and Reloader
Replies
2
Views
40
Netherwolf
Netherwolf
chigley
  • Locked
  • Question
Dynamic control loading
Replies
10
Views
36
ascotta
ascotta
RogerFGay
  • Locked
  • Question
dynamic casting 1
2
Replies
20
Views
112
timw
timw
tamkas
  • Locked
  • Question
Basic Java program: coding error
Replies
1
Views
16
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top