Re: Modifying SQL query for security?? What is your opinion?

It seems that the facilities that you are looking for are the facilities offered by Secure Ingres, but in an earlier posting you said you did not want to use it. In my experience, you are probably right to avoid it, if you want to use any other CA products around it. I cannot speak for the secure Oracle or Sybase products, but there are a number of problems when it comes to using Secure Ingres.

The secure DBMS works fine, in that it meets the official security requirements (B1) and works silently when it comes to controlling access on a row level depending on the security level of the enquiring user/process.

The problems occur when you try and interface any other CA products to it. Eg, we had a lot of problems trying to get replicator to recognize user defined columns with a security label datatype (To their credit CA fixed this one). Also CA-OpenRoad will not talk to Secure Ingres and CA were only willng to modify Windows4GL v2, to make it work.

If you will only be accessing the DB through 3GL with embedded SQL, then secure Ingres is a good solution for your problem. Just be aware of the snags.

Pat McGibbon pat_at_megadata.demon.co.uk

>Thanks for everyone who answered my question!
>
>To make my problem a bit clearer I quote the related lines
>our security requirements:
>
>
>"In addition to these application level access control mechanisms
>the mechanism provided by the DBMS can be used to grant or deny
>access for specific tables and databases.
>
>In some DBMS products additional user defined access control rules
>can be implemented using a technique called "query modification".
>
>Here any SQL query submitted by an application to the DBMS is
>passed through a trusted filter, which modifies the SQL statement
>(and eventually the result of the query) in accordance with user
>defined rules.
>
>In this way access control rules based on the content of specific
>database fields can be implemented easily."
>
>I have no idea, from where did they get this, but I have serious
>doubts about the last sentence.
>
>Our real challenge which is the following:
>
>I am working for the Organisation for Prochibition of Chemical
>Weapons (UN)
>
>We have to store Chemical Weapon Production Facility data in an RDBMS.
>(Currently we have Ingres and Sybase in place)
>It is obvious, this data is highly confidential.
>
>When an inspector team need to inspect a faclity, they have to
>have access all the facility related records, but nothing else.
>In practical terms, we have to implement row level security
>for numerous tables.
>
>The simplest solution would be the use of trusted products
>(Trusted Solaris, Trusted Oracle etc.), which
>can provide this functionality, but porting the existing applications
>to the trusted environment would cost 500.000 dollars.
>
>I think, the cost of the implementation of the query modification,
>with rewrite the SQL parser is in the same category either. Or not?
>
>In the new developments, we can implement this feature, but what
>can we do with the legacy applications? Reengineering?
>
>I think, the simplest solution would be the reingeneering the
>existing applications and implement the security with views and
>stored procedures.
>
>But what about the third party applications where we do not have the source?
>
>L.S.
>>

Turnpike evaluation. For information, see http://www.turnpike.com/ Received on Sun Nov 24 1996 - 00:00:00 CET