On Thu, 2 Nov 2000, Cedar Cox wrote:
>
> You seem to have given this a lot of thought so let me ask a
> question. How do I implement a user login system? If the user
> knows their password (and don't they always?..), what's to stop them
> from finding and contacting the database directly, bypassing the
> middle tier? I haven't been able to find a solution to this
> problem. Every time I try to think about it by brain goes into a
> recursive loop! :o
>
> Ideas?
The solution is decoupling your application's security from that imposed
by the DBMS.
--
Bob Kline
mailto:bkline@rksystems.com
http://www.rksystems.com