Timeline for How to securely implement roles in a Windows Form application?
Current License: CC BY-SA 3.0
21 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Jun 2, 2016 at 18:06 | history | suggested | Peter Mortensen | CC BY-SA 3.0 |
Copy edited (e.g. ref. <http://en.wikipedia.org/wiki/.NET_Framework>). Added some context. Removed meta information (this is implied).
|
| Jun 2, 2016 at 16:29 | review | Suggested edits | |||
| S Jun 2, 2016 at 18:06 | |||||
| Oct 23, 2014 at 1:13 | vote | accept | jonchicoine | ||
| Oct 22, 2014 at 20:34 | answer | added | mrjoltcola | timeline score: 4 | |
| S Sep 22, 2014 at 20:31 | history | bounty ended | CommunityBot | ||
| S Sep 22, 2014 at 20:31 | history | notice removed | CommunityBot | ||
| Sep 22, 2014 at 2:45 | answer | added | Joel Brown | timeline score: 0 | |
| Sep 22, 2014 at 1:46 | comment | added | kevin cline | Secure against which malicious actors? Outside parties? Customer service reps? System administrators? Government officials? | |
| Sep 21, 2014 at 15:23 | answer | added | Dilip | timeline score: -1 | |
| Sep 20, 2014 at 11:57 | comment | added | Doc Brown | Why is storing the information inside your database considered not to be secure enough? Any why should storing that information somewhere else make it more secure? IMHO introducing a second storage system makes the system more complex and thus potentially less secure. | |
| Sep 20, 2014 at 11:49 | comment | added | Doc Brown | Well, someone actually has to assign permissions for the application or application systems to individual users. The IT department is typically responsible for managing/bookkeeping which desktop applications are available for whom (since they are the ones installing those applications). For more finegrained permissions inside one application system, either the IT manages this too, or you have some "power users" from the individual department, using some application specific administrative form or tool. | |
| Sep 19, 2014 at 19:03 | comment | added | surfmuggle | How is the architecture of your application - 3 tier (client, web- / application-server, database-server)? | |
| Sep 16, 2014 at 17:43 | comment | added | jonchicoine | Note, i'm trying to determine what is considered best practice... Currently, a user, once logged in, currently has different permissions depending on what "facility" they are working with, but i'm making the argument to me team that we have just one set of permissions/roles for a user. Having said that, it seems less than ideal to have to rely on a hospitals IT dept. to have to create groups and manage users... I mean, if each application created and used it's own roles, and the IT dept. had to manage them all... well... that seems bad to me. | |
| Sep 15, 2014 at 14:06 | comment | added | k3b | the answer depend on many different business-aspects of your softwareproduct: How flexible/fine-grained is your role modell? How many different roles do you have? How many end-users exist per Customer/Installation (min/max)? Why is using "Active Directory Groups" not an option for you? | |
| S Sep 14, 2014 at 19:02 | history | bounty started | jonchicoine | ||
| S Sep 14, 2014 at 19:02 | history | notice added | jonchicoine | Draw attention | |
| Sep 12, 2014 at 19:59 | comment | added | jonchicoine | Well currently sybase, and likely moving to SQL Server. However, it's been suggested to me that this data should not be stored in the same database as the data it's meant to protect. | |
| Sep 12, 2014 at 18:01 | comment | added | JeffO | Where is the database? | |
| Sep 12, 2014 at 17:49 | history | tweeted | twitter.com/#!/StackProgrammer/status/510485418605678592 | ||
| Sep 12, 2014 at 16:38 | review | First posts | |||
| Sep 12, 2014 at 21:12 | |||||
| Sep 12, 2014 at 16:33 | history | asked | jonchicoine | CC BY-SA 3.0 |