1.6 Database security | |
Texis can maintain users and passwords, and apply access control on a per user basis to each table. You can grant the ability to select, delete, update, insert from a table, as well as the ability to grant those permissions to other users. By having a particular userid that owns the database, and all the programs run as that userid you can prevent unauthorized access to the files that constitute the database.
Ways to improve security. Even though you should plan for the worst cases, you should cover all cases. For example, by creating a user id to own the database and also having the executables setuid that user you will prevent people from directly looking at the files, and enforce the permissions you have set up in Texis. This still does not protect you from the case when someone gains root access to the machine, and for that reason we suggest encrypting sensitive information in the files.
You should also ensure that the script is not being served by the webserver. The best way is to only have the compiled vtx file, and not the source.
Back: Counter data type, other types | Next: Importing Data |