Showing results for 
Search instead for 
Do you mean 
Community Home Request Access Read Blogs Share Your Ideas Search Community View My Settings
Reply
Bronze Super Contributor
Posts: 146
Registered: ‎04-01-2009
Accepted Solution

7.5.4 LAN - Prevent Remote users from connecting to LAN database

Hi,

 

We have some account visibility requirements which are somewhat complex.  Using the sync rules for remote users, we are able to send the remotes only accounts to which they should have access.  That works well.  All of our network users should see all accounts, so that is also good. 

 

The problem is that there is nothing to prevent a remote user from creating a new data link and connecting to our network database and gaining access to all accounts. (All accounts are owned by the same team and all users belong to that team.)

 

Sure would be nice to have a check-box in the admin for "Remote Only", but that doesn't exist. What is the next easiest way to prevent users from connecting to the network database?

 

Thanks

 

Patrick

Bronze Super Contributor
Posts: 146
Registered: ‎04-01-2009

Re: 7.5.4 LAN - Prevent Remote users from connecting to LAN database

I'm not a network guy, but what I was thinking was maybe locking down the SLX Server so that only folks that belong to a specific Active Directory group would be able to connect?  Not sure how the SLX connectors work with AD...??

Tuned Listener
Posts: 18
Registered: ‎03-16-2010

Re: 7.5.4 LAN - Prevent Remote users from connecting to LAN database

One approach would be to create a quick vbScript and add it to the Database OnOpen event that compares the user type of the current user and the database type of the database they are connecting to.  If they are a Remote user and the DB Type = 01, close the application programatically and popup a message box indicating they need to use their remote db.

Gold Super Contributor
Posts: 3,087
Registered: ‎03-19-2009

Re: 7.5.4 LAN - Prevent Remote users from connecting to LAN database

Actually, DBOpen is not a reliable event... it is really "DBopening........ sometime soon.."

 

You want to hook into the Global Event Handlers (Global Scripts) and use Application_LogonComplete..

--
RJ Ledger - rjledger@rjlSystems.net +1 603.369.3047 x101

".. Innovators in Mobility - Experts in Workflow Automation..."
http://www.rjlSystems.net - blog: www.rjlSystems.net/blog.html
Gold Super Contributor
Posts: 3,087
Registered: ‎03-19-2009

Re: 7.5.4 LAN - Prevent Remote users from connecting to LAN database

Just read the SystemInfo table on an "Application Logon Complete " in a Global (event handler) script?. If the user is a remote and the SYSTEMINFO.DBTYPE is NOT a remote db (type), then pop a message.. app quit.
Types:
Const MainDB = 1
Const RemoteDB = 2
Const REmoteOfficeDB = 3

We have developed a "user tracking/logon/off" app that can handle this for you as well as do version checking (to the build level) of the client app.. prevent login? record a "failed" attempt if they try to bypass?

You can also block access to the Library and Attachment(s) Shares to only those users who authenticate in the (Windows) Domain to prevent unauth logins? BUT if the remote(s) are using Windows Domain Authentication.. this will not work.
rjl

--
RJ Ledger - rjledger@rjlSystems.net +1 603.369.3047 x101

".. Innovators in Mobility - Experts in Workflow Automation..."
http://www.rjlSystems.net - blog: www.rjlSystems.net/blog.html
Highlighted
Bronze Super Contributor
Posts: 146
Registered: ‎04-01-2009

Re: 7.5.4 LAN - Prevent Remote users from connecting to LAN database

Thanks for your suggestions. I am not sure I"ll need to get down to this level, but if I do, you've given me some great ideas.