> > Have all security permissions established by roles and only assign a
user
> > to a role inside the application.
>
>
> Just out of interest, and ignoring for the moment that it is roles that
are
> granted to a user and not the other way around: how do you propose this
> should work? You mean the application grants roles on log on? And then
> presumably it revokes roles on log-off? And if the user crashes out and
> doesn't log off cleanly??
>
> Of course, you have to do the revoking bit, because otherwise your user
> would continue to possess the security rights associated with the role,
and
> could therefore exercise them by hacking into the back-end directly.
>
> And how would the application know what role to grant to which user? Are
you
> proposing to duplicate the database's entire set of user-role grants at
the
> application level?
>
> HJR
We handle this by having the app log on using a "secret" ID and password
known only to the app. We have a user table that contains their application
IDs and passwords (and application roles) that is in the schema of the
"secret" ID. Only those who know the "secret" ID and password (developers
and DBAs) can actually look at it. The app prompts the user for their
application-based ID and password. The app can then authenticate them and
determne what they can do based on their app "role". No, it's not very
scalable, but this is a fairly well-defined and bounded app. And, yes, this
allows the _developers_ to "administer" data security, but in this
particular situation, that's the way we want it.
Received on Wed Oct 27 2004 - 15:14:19 CDT
