Application level security
Hi All, I'm writing a application that needs row level security in it so that only certain users can view/change etc. certain records. I know that MySQL currently does not have row level security, and when I've asked this list before I've been given some helpfull suggestions (although none of them would actually work for me). So I've decided that the only way to go is to put the security logic into the application I am building. This works fine for my application, but means that if anyone connects directly to the server using the MySQL client etc, then they'll be able to see/update everything - making it a pretty weak security system. I've had two thoughts about this, but am willing to hear of any other thoughts people might have. One that I could do right now is to get my program to add something to the password of every user (users are created using the program and passwords can be changed using it too). This way if they try to connect to the server directly they won't have the extra bit on their passwords and it won't let them connect. The program could take care of adding this extra bit each time anything password related was needed so it shouldn't be a problem in this respect, however if anyone discovered the extra bit then it would be imposible to change the extra bit without giving everyone new passwords (which would be a real pain). A second way would be if there was like an application password in the security area that could be set and would be needed for connection - sort of like the ssl extra stuff that's been added recently. The downside of this is it isn't currently there and I'd need to convince someone at MySQL that it was worth adding and then wait for it to be added, the upside is that it would be easier to change if the application password was discovered. I've looked a little at the ssl/encryption stuff to see if I could use that but I don't think it can really help me achieve what I'm trying to achieve but if someone thinks it can I'd love to hear how. If anyone has any other ideas, can see problems that I haven't seen in the above ideas then I'd appreciate knowing. Are there any others having this problem (or is it just me!)? Thanks for your thoughts, cheers, noel - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
RE: Application level security
Noel, I'm sorry if this is obvious, but have you considered putting a firewall in the way? If your application is on the same machine as the database, block all connections except to the port your application runs on (ie probably 80 if it's a web application)? The firewall will block connections from any machine to the database, and only local connections can be made to it. If your database is on another machine, protect the database server with the firewall so that only your application server can connect to the mysql server (or configure it so only certain other trusted hosts can too). Andy -Original Message- From: Noel Clarkson [mailto:[EMAIL PROTECTED]] Sent: 28 November 2002 11:10 To: [EMAIL PROTECTED] Subject: Application level security Hi All, I'm writing a application that needs row level security in it so that only certain users can view/change etc. certain records. I know that MySQL currently does not have row level security, and when I've asked this list before I've been given some helpfull suggestions (although none of them would actually work for me). So I've decided that the only way to go is to put the security logic into the application I am building. This works fine for my application, but means that if anyone connects directly to the server using the MySQL client etc, then they'll be able to see/update everything - making it a pretty weak security system. I've had two thoughts about this, but am willing to hear of any other thoughts people might have. One that I could do right now is to get my program to add something to the password of every user (users are created using the program and passwords can be changed using it too). This way if they try to connect to the server directly they won't have the extra bit on their passwords and it won't let them connect. The program could take care of adding this extra bit each time anything password related was needed so it shouldn't be a problem in this respect, however if anyone discovered the extra bit then it would be imposible to change the extra bit without giving everyone new passwords (which would be a real pain). A second way would be if there was like an application password in the security area that could be set and would be needed for connection - sort of like the ssl extra stuff that's been added recently. The downside of this is it isn't currently there and I'd need to convince someone at MySQL that it was worth adding and then wait for it to be added, the upside is that it would be easier to change if the application password was discovered. I've looked a little at the ssl/encryption stuff to see if I could use that but I don't think it can really help me achieve what I'm trying to achieve but if someone thinks it can I'd love to hear how. If anyone has any other ideas, can see problems that I haven't seen in the above ideas then I'd appreciate knowing. Are there any others having this problem (or is it just me!)? Thanks for your thoughts, cheers, noel - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Application level security
I've done a similar work in 1997 for one of my clients. The password method will be just part of the security system. But you may want to consider to implement the RBAC in the database. In that way, the users whether they are applications, e.g., business objects, DB interactive tool by human user, or so, will only access to the subset of database based on thier privileges by using ACLs which are also based on the defined security policy in the database. In addition, you may want to use the Asymmetric encryption for some data that needs to be considered a higher security. Pae Hi All, I'm writing a application that needs row level security in it so that only certain users can view/change etc. certain records. I know that MySQL currently does not have row level security, and when I've asked this list before I've been given some helpfull suggestions (although none of them would actually work for me). So I've decided that the only way to go is to put the security logic into the application I am building. This works fine for my application, but means that if anyone connects directly to the server using the MySQL client etc, then they'll be able to see/update everything - making it a pretty weak security system. I've had two thoughts about this, but am willing to hear of any other thoughts people might have. One that I could do right now is to get my program to add something to the password of every user (users are created using the program and passwords can be changed using it too). This way if they try to connect to the server directly they won't have the extra bit on their passwords and it won't let them connect. The program could take care of adding this extra bit each time anything password related was needed so it shouldn't be a problem in this respect, however if anyone discovered the extra bit then it would be imposible to change the extra bit without giving everyone new passwords (which would be a real pain). A second way would be if there was like an application password in the security area that could be set and would be needed for connection - sort of like the ssl extra stuff that's been added recently. The downside of this is it isn't currently there and I'd need to convince someone at MySQL that it was worth adding and then wait for it to be added, the upside is that it would be easier to change if the application password was discovered. I've looked a little at the ssl/encryption stuff to see if I could use that but I don't think it can really help me achieve what I'm trying to achieve but if someone thinks it can I'd love to hear how. If anyone has any other ideas, can see problems that I haven't seen in the above ideas then I'd appreciate knowing. Are there any others having this problem (or is it just me!)? Thanks for your thoughts, cheers, noel - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
