mleo

Well ...

1) Use a firewall

2) Use Ingres security to do this, if your users aren't too clever.
Don't create inodes on machines you don't want connecting.

However, this doesn't stop Joe User from creating his own inodes,
if he has any valid accounts on your server.

Does that help?


Michael Leo mleo@cariboulake.com Java, J2EE, .NET
Caribou Lake Software http://www.cariboulake.com Oracle, Ingres,

So much style without substance, so much stuff without style.
It's hard to recognize the real thing. It comes along once in a while.
- Grand Designs, Power Windows, Rush

yehudaed

Why don't you just remove the connection definition (vnodename) from the
clients (NETUTIL) that you don't want to connect to the server?

Yehudah
-----Original Message-----
From: ktun [mailto:ktun@stern.nyu.edu]
Sent: Thursday, July 24, 2003 10:36 PM
To: info-ingres@ams.org
Subject: IngresNet Connections


Hi:
Is there a way to allow connection to ingres server from only
dedicated
client machines? I would prefer denying connection rather than polling
the imadb and killing the sessions.


Thank you
kt

---------------------------------------------------------------------------------------------------------------
This e-mail message may contain confidential, commercial and privileged information or data that constitute proprietary information of Cellcom Israel Ltd. Any review or distribution by others is strictly prohibited. If you are not the intended recipient you are hereby notified that any use of this information or data by any other person is absolutely prohibited. If you are not the intended recipient, please delete all copies and contact us by e-mailing to: infosec@cellcom.co.il.
Thank You.

ktun

Mike:
The problem is some users are installing their own ingres net utility
and creating their own vnodes from their workstations using the accounts
created for them. I don't have any control over their workstations.
Things are getting out of control. We don't want any unauthorized
programs from users' machines running against the database.

Thanks
kt

mleo

Then you have to use either a software or hardware based
firewall, or you have to control authentication to
Ingres.

I can't see another way.


Michael Leo mleo@cariboulake.com Java, J2EE, .NET
Caribou Lake Software http://www.cariboulake.com Oracle, Ingres,

So much style without substance, so much stuff without style.
It's hard to recognize the real thing. It comes along once in a while.
- Grand Designs, Power Windows, Rush

ian.hopgood

Have you thought about using roles to authenticate access to your DBMS?
That way users could set up their own connections, but unless they knew what
role to go in with it'd be no good?

eg

w4glrun MyImage.img -dMyName::MyDb -/dbmsflags -RMyRole

Ian

-----Original Message-----
From: Michael Leo [mailto:mleo@cariboulake.com]
Sent: 25 July 2003 18:00
To: ktun@stern.nyu.edu; info-ingres@ams.org
Subject: Re: IngresNet Connections

Then you have to use either a software or hardware based
firewall, or you have to control authentication to
Ingres.

I can't see another way.


Michael Leo mleo@cariboulake.com Java, J2EE, .NET
Caribou Lake Software http://www.cariboulake.com Oracle, Ingres,

So much style without substance, so much stuff without style.
It's hard to recognize the real thing. It comes along once in a while.
- Grand Designs, Power Windows, Rush


__________________________________________________ ___________________
This e-mail has been scanned for viruses by MCI's Internet Managed Scanning
Services - powered by MessageLabs. For further information visit
http://www.mci.com


__________________________________________________ ______
The information in this message is confidential and may
be legally privileged. It is intended solely for the
addressee. Access to this message by anyone else is
unauthorised. If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or
omitted to be taken in reliance on it, is prohibited and
may be unlawful.

The registered office of Wellington Underwriting plc is
88 Leadenhall Street, London, UK EC3A 3BA.
__________________________________________________ ______