Total Knowledge Projects Jobs Clientele Contact

UU Database

Personal tools
From Total Knowledge
(Difference between revisions)
Jump to: navigation, search
(Security implementation)
(Security Requirements: Add implementation details and policy)
</OL>
</OL>
 +
===Implementation===
 +
* All access to database tables and views is revoked from DB role under which application connects
 +
* All DML access is granted to role under which stored procedures are created
 +
* Application user is granted EXECUTE access on all public stored procedures
 +
* All public stored procedures are marked as ''SECURITY DEFINER''
 +
* All internal stored procedures are '''not''' marked as ''SECURITY DEFINER''
 +
* Public stored procedures call is_authorized function with relevant access parameters in order to verify user's access to requested object
 +
* Application will perform ''login'' procedure before any transaction and ''logout'' procedure after. These procedures take care of setting up environment for is_authorized call.
== Database objects ==
== Database objects ==

Revision as of 07:51, 23 March 2010