Hey guys. I am developing a work on database insulation, I do not know if this is the correct name. What I did was the following, I created an application, I created your database with the tables, but I did not connect the application in this database that has the tables. I created an intermediate base that has only procedures and functions, this intermediate base connects in the application and makes the insert, update, delete at the base where the tables are. So if an attacker can access my database via application, it will not have access to the base where the records are stored. Now my question, where do I find material that talks about this concept of database isolation? Is this the correct name, data base isolation? Thank you for help! =)
Isolate database
-
fbifabio
- Moderador
- Posts: 199
- Joined: Tue, 22 Feb 2011 1:51 pm
- Location: São Paulo - SP
- Contact:
Fábio Prado
www.fabioprado.net
www.fabioprado.net
@djoq,
I do not know if I understood very well. Are you creating 2 bds? Why did you decide to do this? I see no need for such thing, which in my view would only make the application slower. BD has many security features that can prevent access to records. A simple mode of implementing this in the same BD, is to create 2 users, 1 tables owner and the other for which the application connects. In the Schema of this second user you create stored procedures to update / access data from the other schema, okay?
I do not know if I understood very well. Are you creating 2 bds? Why did you decide to do this? I see no need for such thing, which in my view would only make the application slower. BD has many security features that can prevent access to records. A simple mode of implementing this in the same BD, is to create 2 users, 1 tables owner and the other for which the application connects. In the Schema of this second user you create stored procedures to update / access data from the other schema, okay?
-
adrianoturbo
- Moderador
- Posts: 393
- Joined: Thu, 20 Mar 2008 4:09 pm
- Location: Brasília
Adriano Alves
---Para cada problema dificil existe uma solução simples.----
---Para cada problema dificil existe uma solução simples.----
Brother, would not be encapsulation or concealment of codes in PL / SQL? Type procedures, packages and packages Bodies, if this is a Utility in Oracle named Wrapp that encrypts codes in PL / SQL.
If you want to delve into the wrapping, follow the Oracle link that clarifies very well all this: [urlhttp://docs.oracle.com/cd/B28359_01/appdev.111/b28370/wrap.htm
If you want to delve into the wrapping, follow the Oracle link that clarifies very well all this: [urlhttp://docs.oracle.com/cd/B28359_01/appdev.111/b28370/wrap.htm
-
adrianoturbo
- Moderador
- Posts: 393
- Joined: Thu, 20 Mar 2008 4:09 pm
- Location: Brasília
Adriano Alves
---Para cada problema dificil existe uma solução simples.----
---Para cada problema dificil existe uma solução simples.----
Hehe is not brother is sister, a thousand excuses djoq http://docs.oracle.com/cd/B28359_01/app ... 0/wrap.htm
-
stcoutinho
- Moderador
- Posts: 850
- Joined: Wed, 11 May 2011 5:15 pm
- Location: são Paulo - SP
Hello Djoq,
I think you can proceed exactly how Fábio suggested.
For this you could create the following objects (example):
a) Name user "Djoq", which would be the owner of the schema of your system . In it you will create all database objects, including your procedures.
b) "Djoqueser" user, which would be the user for your application will point. This user will only be allowed to perform their procedures / packages that will do all DML (Select-Insert-Delete-Update) operations
c) a "djoq_all" name role, which will be assigned to the user "Djoquser ". For this role, you will give the Performance permission of each procedure / package that were created in the "Djoq" schema.
Exemplifying (you need to search the commands more in the background):
1) Create the user: Search more about CREATE USER command;
2) Create the user:
3) Create the role:
4) Assign role For the user:
5) Create a TB_usuario table in the Schema Djoq:
6) Create a PKG_USARIO package in Schema Djoq, which will do all operations of Select-insert-delete-update in the tb_usuario table:
7) Assign Package permission to the role:
Create private synonym for the Application:
These steps will allow you to isolate the application, just as the forists have explained.
In my case, I even create a third user, for audit / support purposes (eg Djoqaudit). This user can only make Select (or run only the SELECT procedure) of the system tables, being suitable for application support teams.
Hugs,
Sergio Coutinho
I think you can proceed exactly how Fábio suggested.
For this you could create the following objects (example):
a) Name user "Djoq", which would be the owner of the schema of your system . In it you will create all database objects, including your procedures.
b) "Djoqueser" user, which would be the user for your application will point. This user will only be allowed to perform their procedures / packages that will do all DML (Select-Insert-Delete-Update) operations
c) a "djoq_all" name role, which will be assigned to the user "Djoquser ". For this role, you will give the Performance permission of each procedure / package that were created in the "Djoq" schema.
Exemplifying (you need to search the commands more in the background):
1) Create the user: Search more about CREATE USER command;
CREATE USER DJOQ IDENTIFIED BY DJOQ ...;CREATE USER DJOQUSER IDENTIFIED BY DJOQUSER ..;CREATE ROLE DJOQ_ALL;GRANT DJOQ_ALL TO DJOQUSER;CREATE TABLE TB_USUARIO ..;CREATE OR REPLACE PACKAGE PKG_USUARIO ... END PGK_USUARIO; CREATE OR REPLACE PACKAGE BODY PKG_USUARIO ... END PGK_USUARIO;GRANT ALL ON PKG_USUARIO TO DJOQ_ALL;CREATE OR REPLACE SYNONYM DJOQUSER.PKG_USUARIO FOR DJOQ.PKG_USUARIO;In my case, I even create a third user, for audit / support purposes (eg Djoqaudit). This user can only make Select (or run only the SELECT procedure) of the system tables, being suitable for application support teams.
Hugs,
Sergio Coutinho
-
- Information
-
Who is online
Users browsing this forum: No registered users and 1 guest