overwrite password in network environment

[codetyko]

Firstly. I develop my application in a standalone environment and everytime I install the application in my clients' networked environment, i have to change all my "set defa to c:\" or "set view to c:\myview.vue" to drive "f:" in the server. Any better way of doing this?

Secondly, in my application, i have set my "delete" command buttons with password dialog box for verification. How do i send this information to the person with the authority to execute the task through the network and through his workstation without having to go over the one requiring the authority. Your help is greatly appreciated.

Thirdly, I just want to congratulate the participants of this forum especially those who never fail to give a helping hand (thumbs up for the experts) to people like me (there are a lot of them around) no matter how trivial or easy it seems to some people because all of us has been there one time or another. Keep it up!!!

 

[DSummZZZ]

Re: Firstly.
There are several ways to do this but the ways I like to use are either a configuration file that stores the paths,
(MyAppCFG.DBF) or a command line parameter. If you use a configuration file, you can set the path names in a field and reference them whenever opening a file. Here is a simplified structure :

FileName-(8)----Path-(50)--------------------------------
DATAFILE | F:\DATAVUEFILE | F:\VIEWS
Now when you want to USE a file, you can reference it by:
SEEK 'DATAFILE'
SELECT 0
USE ALLTRIM(MyAppCFG.path) + 'MyTable' ORDER MyOrder

You can keep the configuration file on you machine with C:\... while developing, and keep (distribute) the table with F:\... on your clients' machines.

Using command line parameters, you can have statements similar to this in your 'MAIN' program:

PARAMETERS cMode
IF TYPE("cMode") = "C"  &&... If a parameter has been used
   IF UPPER(cMode) = "TEST"
      SET DEFAULT TO C:\... etc.
      *... other code
   ELSE
      SET DEFAULT TO F:\... etc.
      *... other code
   ENDIF
ENDIF

Re: Secondly.
Are you talking about deleting a record from a table or a file from the server? If you are talking about deleting a record from a table, you can set up a security table with fields defined for individual access to functions depending on the user. For a network override, you would have to use a third party network library, which could log the user in temporarily as a user set up by the network administrator which would have delete priveledges. After the file was deleted, you would then restore the original login.

Re: Thirdly.
Thanx. We all appreciate a pat on the back.

Dave S.

 

[codetyko]

Thanks dave,

I need to clarify on the second solution of the question. yes, i am trying to delete a record from a table. Can you suggest the third party network library to perform the task or can we incorporate Microsoft Networks in the picture and if so, how? Thanks in advance.

 

[DSummZZZ]

I guess I am still unclear as to what you are asking on the second solution. If you are trying to grant record delete access to an individual for the app, use a security table with options such as View, Update, None, etc. View access limits users to view a record only, Update allows them to add, modify or delete, and none disallows them from entering that area at all. Of course, update could be subcategorized into add, change, delete but this is just a sample. Here is a simplified layout similar to what I use:

UserName C(10)  PassWord C(10)  
--------------|---------------
HENRY         |HENRYPASS
ADMIN         |ADMINPASS

This table is related into a task list table:

UserName C(10)  TaskName  C(10)  Access C(1)
---------------|---------------|-------------
HENRY          |TASK1           V
HENRY          |TASK2           U
HENRY          |TASK3           N
ADMIN          |TASK1           U
ADMIN          |TASK2           U
ADMIN          |TASK3           U

The function or procedure could check the task and see what the user is allowed to do by checking rights in the task list by USERNAME. If they have access to update a record, then the DELETE button could be available or enabled.

To check a person's access rights using a network library, you can use a 3rd party library such as NetLib (not sure who sells it but I have used it in the past) or something similar. You may also be able to EXECUTE a statement such as:

RUN /N RIGHTS > c:\temp.txt

Then you could parse the c:\temp.txt file to see if they have write access to a table/directory.

Let me know if you need clarification or if I have gone off on the wrong track for what you are trying to do.

Dave S.

 

[codetyko]

Thanks dave

I have a similar username table with the rights and functions of every user. Only the two partners of the firm have the right to delete sensitive records such as billling records and legal document records. I do not wish to disable the delete button because the staffs are the ones who are doing the adding and editing.

What I want to accomplish is whenever a particular staff needs to delete a sensitive record the boss will know about it instantly therefore the staff would be more careful in the future , and the the following events should occur:

1) A password dialog box will appear asking for verification for deletion at the workstation of the staff attempting the deletion.

2) Subsequently, this dialog box will appear at the partners'/bosses workstation for verification detailing the particular record to be deleted WITHOUT having to go to the staff's workstation to complete the task.

3) The boss will then enters his name and password to authorize the deletion and the record will be updated accordingly.

4) The names of the staff doing the deletion, time and date done as well as the name of the boss and the time and date of the event are to be recorded in the particular record for review purposes.

5) Protect the DBF from the possibility of a knowledgeable staff from opening the table
using the command window or other utilities to ammend this record to cover his/her tracks.

For your information, I have completed tasks number 1 and 4 above but still scratching my head over the the other three options. Thanks again for your feedback dave!

 

[DSummZZZ]

The light is on now, I see what you're trying to accomplish.
You would probably have to write a small app that would sit there and run on the bosses' machine(s) continuously checking a flag file of some sort. In other words, when a user wants to delete a record, a table could have a field something like del_req L(1), rec_num N(8), username C(??), timestamp C(8), datestamp D(8), etc. When the user clicks the delete button, del_req could be set to .T. and a record number placed in rec_num. The app running on the bosses computer which is continuously checking the file say every 30 seconds would see the del_req and look at the rec_num to see which record in the data file is being updated. From there, the app could display the record. After the boss verifies deletion, the app could delete the record, and reset the del_req back to .F. in the flag file. That app could also implement a log file that would keep track of the user requesting the deletion, etc.

As far as protecting the table from manual updates, you will have to use an audit file of some sort that is unknown to the user, or some sort of on-the-fly data encryption to keep the data completely hidden if you need to go to that extent. An audit file with before and after records which get put in whenever the table is updated is quite easy to implement and is also a good option for rolling back records should that ever be necessary.

Hope I gave you an idea or two anyway.

Dave S.