All geek questions in one place

Delivering functions inside a web service safely in delphi

I am developing a server-side webservice dll server, which will be available to developers from other companies to access data on a central server. the issues that I need to consider - that is - so that they see only the data that they are allowed to see - allows them to upload / download files. again only those to whom they are permitted.

I can develop a sql query that will contain the data that they can see, but I need to make sure that they cannot edit the query to access other data. I will also need to make sure that the download and download functions are so protected that they cannot download other people's files. Will it be enough to place functional procedures and objects that I do not want them to appear in private ads, or will I need to do a little more to control access.

I also look at managing a web service with a password. what is the best way to do this in a web service.

+3
source share
3 answers

- SQL , , . , , , , , . SQL .

, "" , :

function GetAllProductsByAmount(topn:integer):tDataset;
  //Returns all products sorted by amount, no more than topn.}
function GetAllProductsByName(topn:integer):tDataset;
  //Returns all products sorted by name, no more than topn}
function FindProductByName(name:string):tDataset;
  //returns all products which start with name}

FindProductByName , , , , . , .

/ , . , , . , , , . , . , FTP- , . , , FTP- . , FTP , .

, , cookie , / ( IP-). , cookie , - . , , , - ( 30 ), . , cookie . cookie . , , 30 ( ). , / .

- - . LOGIN, , . , .

+2

- , . . , , , .

, , SQL. , .

- Edit:

: SOAP- WebSnap?

+3

Having a SQL query is inherently unsafe, because, as you indicated, the client may find a way to deal with it. A better idea would be to place the request inside a stored procedure, and then allow the client to call the stored procedure. Make two parameters for the procedure: username and password, or something like that, which you can use to identify the user and decide what he allowed to see.

+2
source

Source: https://habr.com/ru/post/1725824/

More articles:


All Articles