DBA Proxy and SQL and LEX

mvathas@my-deja.com
4 Oct 1999 12:11:53 -0400

          From comp.compilers

Related articles
DBA Proxy and SQL and LEX mvathas@my-deja.com (1999-10-04)
| List of all articles for this month |

From: mvathas@my-deja.com
Newsgroups: comp.compilers
Date: 4 Oct 1999 12:11:53 -0400
Organization: Compilers Central
Keywords: design, question, comment

I'm working on a SQL pre-processor that will be used to proxy a
database administrator role to a developer. Basically, the SQL stored
in a Sybase database is, by default, owned by the user ID that created
it. The internal user called Database Owner or DBO offers the
broadest rights to a stored procedure in Sybase.


The problem is we would like developers to create stored procedures as
DBO by proxy. What this implies, however, is that a developer,
through the proxy tool (a WEBsite) could do ANY function of a DBO.
Therefore, we want to restruct the list of valid SQL verbs to a
limited set.


We believe we can only do this in reverse. That is, we can say "these
are the commands you cannot perform", but you can perform anything
else.


I'm attempting to use lex provide a lexical analysis of the stored
procedure (as a text file), then, if needed, use yacc to parse for "IS
NOT IN" grammar.


For example the commands..


sp_adduser
grant update on <table> to public
shutdown server


Are Sybase command verbs that are legal for DBO, but cannot be allowed
in a stored procedure created by a developer. If they are not tested
for and rejected, a developer could do dangerous things to our
servers.


Question:


Is lex or lex/yacc the right tools to find language constructs that
CANNOT exist in a stored procedure text file ?


Mark A
[If you want to do that, sure. Write a little lexer that calls an error
routine if it sees any of the forbidden naughty words. -John]


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.