How to prevent executing

Discussion of open issues, suggestions and bugs regarding SDAC (SQL Server Data Access Components) for Delphi, C++Builder, Lazarus (and FPC)
Post Reply
ccmcbride
Posts: 101
Joined: Tue 01 May 2007 16:36

How to prevent executing

Post by ccmcbride » Mon 19 May 2008 20:36

I have a query for reports. I have functionality to allow the user to change the query and test the results.
the query is being opened, not executed.
My tech figured out that even though it's being opened, he can write queries to change the database, using the testing functionality.
I am setting the sql text only, so how can I prevent the execution of a query, when all I want is it to open only?
Top
Antaeus
Posts: 2098
Joined: Tue 14 Feb 2006 10:14

Post by Antaeus » Tue 20 May 2008 12:36

SDAC does not check whether provided query modifies data. It just raises an exception if the query returns no result set when calling the Open method.
To prevent data modifications you can setup permissions for Logins on SQL Server.
Top
ccmcbride
Posts: 101
Joined: Tue 01 May 2007 16:36

Post by ccmcbride » Tue 20 May 2008 14:18

But I can't setup the permissions to not modify data at hundreds of client sites, otherwise, they wouldn't be able to use the program....
Top
Antaeus
Posts: 2098
Joined: Tue 14 Feb 2006 10:14

Post by Antaeus » Wed 21 May 2008 06:47

One more possible solutions is to start transaction before executing a query and rollback it after that.
Top
ccmcbride
Posts: 101
Joined: Tue 01 May 2007 16:36

Post by ccmcbride » Wed 21 May 2008 14:22

That's an idea. I have been having issues using transactions inside the program (way to many connections are required), but the report query has it's own connection...
Top
Post Reply

Return to “SQL Server Data Access Components”