DAFTools Security

Overview

DAFTools offer several security features designed to be used on a server hosting several DAF databases. The purpose of DAFTools security features is to protect each database from administrators responsible for other databases. If these security methods are not used it is easy for an ASP developer to explore and manage users of any DAF users list.

DAFTools Security features are built around:

DAFTools and NT permissions

For a text user list, the NT account used by DAFTools methods to access the user file is the web user. Therefore, if the ASP script using DAFTools methods is not password protected it will be the IIS default user (IUSR_XXXXXX). If the directory is protected, the (mapped) NT user will be used.

In other words, if the ASP script using DAFTools methods is not password protected NT permission for the ASP script should be "IUSR_XXXXX | Read, Write."

DAFTools Administrator
(= main administration mode)

When the DAFTools Administrator is logged with main administration mode all DAFTools methods are usable with any DAF databases.

The DAFTools Administrator is managed with several DAFTools Main object methods:

MainAdminLogin: Login the DAFTools Administrator
SetMainAdmin: Change the current DAFTools Administrator login and password
IsMainAdminLogged: Return the current logged state of the DAFTools Administrator
MainAdminLogOff: Log Off the DAFTools Administrator

Remarks:

ASP scripts available:

This script will change the Administrator login and password.

DAFTools Administrator Password Manager Window

This script will login the DAFTools Administrator.

DAF Main Administrator Login Window

DAFTools Security Levels
(= database administration mode)

Four security levels are defined: Level0, Level1, Level2, Level3. Depending on which level is logged DAFTools methods will be usable or forbidden. Level0 gives the minimum rights and Level3 the maximum.

The DAFTools Security Levels are managed with several DAFTools Main object methods:

LevelLogin: Login a Security Level
SetLevelPassword: Change a Password for a Security Level
IsLevelLogged: Return the current active Security Level
LevelLogOff: Log off a Security Level

Remarks:

ASP scripts available:

This script can be used to set passwords for each Security Level.

DAFTools Security Levels Window

Error messages

When DAFTools denies access to a method or a property the reported error message is:

-------------------------------------------------------
Microsoft VBScript runtime error '800a0046' 
Permission denied 
/ibill/daftools30/dbtest.asp, line 31 
-------------------------------------------------------

Security Levels for all DAFTools properties and methods

DAFTools main object
Properties & Methods Security
Level
SetLevelPassword   3
CurrentUser   0
Version   0
VersionLo   0
VersionHi   0
Version2   0
CurrentDB   0
Error   0
ClearError   0
DBByIP   0
IP   0
ServerIP   0
DB   0
DBByName   0
IPByDB   0
MainAdminLogin   0
SetMainAdmin   0
IsMainAdminLogged   0
MainAdminLogOff   0
LevelLogin   0
IsLevelLogged   0
LevelLogOff   0

 

DB Object
Properties & Methods Security
Level
Type 1
Name 0
ODBC 1
Mail 1
Text 1
AddUser 3
RemoveUser 3
ModifyUser 3
FindUser (without password) 3
FindUser2 (with password) 2
ChangePassword 1

 

User object
Properties & Methods Security
Level
DAFLogin 0
DAFPassword 0
NTLogin 0
NTPassword 0
ExpirationDate 0
NumberOfVisit 0
DateLastVisit 0
DAFGroups 0

 

ODBC object
Properties & Methods Security
Level
DSN 1
Login 1
Password 1
Table 1
SQLQuery 3

 

TABLE object
Properties & Methods Security
Level
Name 2
DAFLogin 2
DAFPassword 2
NTLogin 2
NTPassword 2
ExpirationDate 2
DateLastVisit 2
NumberOfVisit 2
DateLastVisitOn 2
NumberOfVisitOn 2
ExpirationDateOn 2
DAFGroups 2
IP 2

 

MAIL object
Properties & Methods Security
Level
Server 1
From 1
Address1 1
Address2 1
Address3 1

 

TEXT object
Properties & Methods Security
Level
FileName 1