[3963] in WWW Security List Archive
Re: www, database and security
daemon@ATHENA.MIT.EDU (Joan G.Villaraco y Perez)
Mon Jan 13 05:27:26 1997
Date: Mon, 13 Jan 1997 09:42:44 +0100
From: "Joan G.Villaraco y Perez" <joang@lix.intercom.es>
Reply-To: joang@lix.intercom.es
To: Andre Jenie <ajenie@pop03.ca.us.ibm.net>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Andre Jenie wrote:
>
> Hi,
>
> Maybe I can comment a little:
>
> > 1) Which methods exist to connect a database to the web?
> > (Up to now I know about Sybase CGI interface and
> > Sybase NSAPI interface - which else do exist?)
>
> I know about DB2WWW, one RDBMS from IBM. They are now concentrating
> in providing the best solution for expanding the legacy database
> connection (which mostly resides in DB2, IMS) to Internet/Intranet.
> You can find it in www.software.ibm.com
>
> Or you can try also IIS from Microsoft. They have API that you can
> use to connect your web server to any database through ODBC. You can
> even use VisualBasic-like language to build your CGI using VBScript.
What about connect them using JavaScript, with it you are able to
connect with embedded code in HTML page and your able to connect to
Sybase directly with native drivers. You are able to find it in
http://home.netscape.com .
>
> > 2) Which security problems can arise with these methods?
>
> Basically, the database server will treat you as a one instance
> connection from one client. So, any Internet connection will use the
> userid/password that has been given to the Internet Server (maybe
> somebody can add other security issues ??). Bottom line is we'll use
> the security scheme that comes from the database system.
>
> Hope this will help.
>
> Thank You and Have a Nice Day,
> Andre Jenie
> Security Analyst
> Jakarta, Indonesia
> Thank You and Have a Nice Day,
> Andre Jenie
> Security Analyst
> Jakarta, Indonesia
--
------------------------------------------------------------------------
Joan G.Villaraco y Perez Tel 34-3-580-2500
Ingeniero de Sistemas Fax 34-3-580-0995
ADD Servicios Informaticos, s.a. (Trabajo)
mailto:joang@lix.intercom.es
Parque Tecnologico del Valles (Personal) mailto:joang@redestb.es
08290-Cerdanyola-Barcelona (SPAIN) http://www.add.es
------------------------------------------------------------------------
