InstantDB Project
About InstantDB
Project Mail Lists
Short History
Reporting Bugs
Screen Shots
3rd Party Examples
FAQs

Software
Downloads
Documentation
CVS Repositories
Roadmap
License

About Enhydra.org
Who We Are
News, Articles & Events
Getting Involved
Contact Us

Community
Demos
Contributions
Resources
Case Studies
On The Edge! -NEW-
Commercial Vendors

Anil Hemrajani wrote:
> Why doesn't InstantDB have basic security features such
> as user/password authentication?

User/password is not always intended to be for authentication or
security purposes in all databases.  It's sometimes intended to be
merely for the purpose of identification, to support the SQL system
variable CURRENT_USER, or for authorization, to support SQL statements
GRANT and REVOKE.

Given that InstantDB doesn't support SQL privileges or GRANT and REVOKE,
nor the CURRENT_USER system variable, so there doesn't seem to be a
function for a user/password.  The DEFAULT clause for column specifiers
seems to allow USER as a choice, but I don't understand how this has any
effect in InstantDB.

Why do you need InstantDB to have user/password authorization?  If the
InstantDB engine resides only on your application server host, to which
only you have access, then only your apps on that server should have
access to the embedded database engine.  

Authorization makes more sense for client/server RDBMS products, where
the server might accept connection requests from clients of unknown
origin.

-- 
Bill Karwin (bill@lutris.com)
Application Architect - Lutris Technologies Inc.
-----------------------------------------------------------------------------
To unsubscribe from this mailing list, send email to majordomo@enhydra.org
with the text "unsubscribe instantdb" in the body of the email.
If you have other questions regarding this mailing list, send email to
the list admin at owner-instantdb@enhydra.org.