Fabian, I didn;t realize I was a comedian ;-) The default in most systems is to inherit the user name from the user account. This presupposes a policy to react on any 'new' user, or to first built de user table for any DB you create. Storing passwords is only safe if you are assured that the identity provides the least possible facilities, e.g. like a guest account. The access permissions are determined at the server side, which means it can simple ignore the 'guest' Conclusion. Any default guest name embedded in a front-end is safe when the DBA has the right to revoke its grants. (compare with anonymous ftp) The access policy should be consistent over all entry points into the system, which means that authorization as currently in SQL should also apply to MIL interaction.[tobedone] A central, all product client property file is hard to maintain. For example, Mknife contains quite a lot of session info already, while hooking up to AquaDataStudio would lead to double administration. The real solution is that you should always connect the Mserver with the omnipresent 'guest' account, which ships further details for interpretation as part of its startup. Eg, we envisioned that user properties for database interaction could come from the database. regards, Martin Fabian wrote:
After the checkin by Martin (about giving -u and -P default values on MapiClient), I had to laugh loudly for a minute (or two) after which I had to frown, thinking about the security aspect of this change. Not that it changes much, but being a little minded towards a better situation is not a bad thing IMHO. (Also for the reputation of monet by itself for the outside world)
Because I regularly get tired of typing long command line arguments as well, I propose the following solution, which might fit all kinds of tastes.
What if we would store some preferences we have in a file ~/.monetdb or something which can be shared by various applications, like MapiClient, JdbcClient, Mserver itself, and maybe any more...
The file would be simply a properties file containing something like username=monetdb password=monetdb language=sql startscript=~/monetdb/start_sql
which would instruct MapiClient to use sql language with username + pass monetdb and tell Mserver when it starts to load the script ~/monetdb/start_sql so I for instance would not have to type 'module(sql_server);' anymore.
Of course command line options override these defaults in this .monetdb file. It is up to the user to chmod it to 600.
How about this idea?
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Monetdb-developers mailing list Monetdb-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/monetdb-developers