[ tony ]
> What middleware are you using? If you are using Java/JSP then you fix
> the permissions at the web page level.
I'm going to use Zope, but that's not the point. If the web
application layer contains holes, it may enable the web user to pass
on sql commands through the application layer down to the database. Of
course I'm going to do all I can to prevent this, but I want security
in the database layer.
The web user is going to fetch, alter and insert data into the
database, but I want to do it in controlled forms - by predefining
functions for all the legal operations.
--
Lars Preben