user authorization (with one time login) in a Python desktop application ?
Rüdiger Ranft
_rdi_ at web.de
Wed Sep 30 05:31:10 EDT 2009
Stef Mientki schrieb:
> By making use of the one time login on windows,
> I'm not sure, but I guess the user environment variable "USER" should
> hold the vald user,
> which has probably a one-to-one relation with the SID
Environment variables are *very* easy to forge. But since you use
windows, you can let windows do all the security stuff for you. Since u
use sqlite, I guess that the database is stored on a file on a disk. You
can use the file permission to give access only to the users permitted
to access the file.
But when you want to separate access at dataset/column/row level, then
sqlite is not the best tool, since every user can open the database file
with an other sqlite tool. Encryption will only take more time for rogue
users, since the key needs to be stored in your application, and can be
read by the user. I would recommend a "real" database server in this
case, so the permission checks are out of the reach of the users. When u
have a kerberos or active directory environment, some servers even can
use kerberos to get the user name from the client.
bye
Rudi
More information about the Python-list
mailing list