Modifying SQL query for security?? What is your opinion?

Hi guys,

I need some advice:

I company prepared a security study for us in which they advised not to use trusted RDBMS systems (like trusted Oracle or Trusted Ingres), but develop an application which capture all the SQL querys sent to the server modify them according several security rules (for example extend the where clouse somehow) and pass the modified query to the RDBMS engine.

Have you ever seen or heard about this kind of solution implemented? What do you think, it is feasible?

My personal opinion is, that it can be implemented, but the implementation means at least the reimplementation of the SQL interpreter of the given RDBMS. Or not?

Any kind of help would be highly appreciated,

P.S. If you know a company which is able to prepare a feasibility study on this topic, please contact me!

Sandor Laza
Security officer

OPCW
Tel: 31-70 3761700
Fax: 31-70 3600944
E-Mail: sandor.laza_at_opcw.nl or slaza_at_worldonline.nl Received on Mon Nov 18 1996 - 00:00:00 CET