Re: Modifying SQL query for security?? What is your opinion?

From: Ignatius Fernandez <Fernandez#m#_Ignatius_at_msgate.corp.apple.com>
Date: 1996/11/25
Message-ID: <3299D4C4.62CF_at_msgate.corp.apple.com>#1/1

Query modification *is* available in Ingres, *exactly* as wished by your consultant, when using the QUEL language instead of SQL. Please see my posting in comp.databases.theory.

Please remember that the view mechanism offered by SQL is equally secure. However, the query modification mechanism offers more flexibility, especially when you consider "the third party applications where we do not have the source".

Thankx.
Ignatius.

sandor.laza_at_opcw.nl wrote:

Thanks for everyone who answered my question!

To make my problem a bit clearer I quote the related lines our security requirements:

"In addition to these application level access control mechanisms the mechanism provided by the DBMS can be used to grant or deny access for specific tables and databases.

In some DBMS products additional user defined access control rules can be implemented using a technique called "query modification".

Here any SQL query submitted by an application to the DBMS is passed through a trusted filter, which modifies the SQL statement
(and eventually the result of the query) in accordance with user
defined rules.

In this way access control rules based on the content of specific database fields can be implemented easily."

I have no idea, from where did they get this, but I have serious doubts about the last sentence.

Our real challenge which is the following:

I am working for the Organisation for Prochibition of Chemical Weapons (UN)

We have to store Chemical Weapon Production Facility data in an RDBMS.
(Currently we have Ingres and Sybase in place)
It is obvious, this data is highly confidential.

When an inspector team need to inspect a faclity, they have to have access all the facility related records, but nothing else. In practical terms, we have to implement row level security for numerous tables.

The simplest solution would be the use of trusted products
(Trusted Solaris, Trusted Oracle etc.), which
can provide this functionality, but porting the existing applications to the trusted environment would cost 500.000 dollars.

I think, the cost of the implementation of the query modification, with rewrite the SQL parser is in the same category either. Or not?

In the new developments, we can implement this feature, but what can we do with the legacy applications? Reengineering?

I think, the simplest solution would be the reingeneering the existing applications and implement the security with views and stored procedures.

But what about the third party applications where we do not have the source?

L.S. Received on Mon Nov 25 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: James S. Wolfe 913-4379: "Re: question about queries"
Previous message: Lee: "Re: Newbie question: How to create a new instance from line SVRMGR?"
Maybe in reply to: Sandor Laza: "Modifying SQL query for security?? What is your opinion?"
Next in thread: James S. Wolfe 913-4379: "Re: question about queries"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message