[fpc-pascal] proxy for sql

[Andreas Berger]

Martin Friebe wrote:
> Here is another idea.
>
> You would still need a user on the DB, to limit what can be accessed. 
> But to check if access should be granted (allow or deny tcp) you can 
> use your own software.
> All you need is some sort of Proxy/socket forwarder, that you can 
> implement using FPC.
>
> The Tool would run on the users local PC or Server. It would accept 
> connections for the database, and forward the Connection straight to 
> the real DB (or maybe encrypt it, using whatever access control). Of 
> course if the user is not allowed to connect at all, you do not make 
> the forward.
>
> The user could have a key(public/private), so if you remove the 
> opposite on the server, the user can no longer connect.
>
> However this acts like a tunnel, so you do not get any control on the 
> SQL itself.  The SQL server needs to be configured to restrict access 
> to the permitted data.
>
> Best Regards
> Martin
Thanks Martin for the idea. Actually I had already thought of this. The 
problem is that 3rd party report programs connect directly to the SQL 
server. I would need a password or some other ID to know that THIS 3rd 
party prog is allowed to enter, so a direct tunnel is not possible. The 
only way might be for me to capture the user and password handshake, 
test if the user\password is correct for my app and then substitute it 
with the real user\password or cut the connection. But for this I would 
have to interpret the logon sequence and I have no idea how that works.

Regards,
Andreas