Posted: Mon Jun 04, 2007 11:58 pm Post subject: Databases and Permissions
Do any DBMS' exist that have users integrated with the users of the host operating system? For instance... if I have a user with permissions to table X and not table Y...
The database user can tradiitionally exploit the database software to gain access to Y. However, if the instance of the database were run as a seperate user on the host operating system, they would not have access to table Y regardless of any malicious code that happens to run under their account (save for privledge escalation)
Also a helpful feature... do any databases offer row based access control? Example... if I have a table of user accounts... I wouldn't want DB users to be able to access the other rows in that table via sql injection or w/e.
I view these as more powerful access controls and would find value in them...
Joined: 19 May 2004 Posts: 9 Location: Centerville, South Dakota
Posted: Thu Aug 16, 2007 5:24 am Post subject:
For instance... if I have a user with permissions to table X and not table Y..
I am probably not understanding your question, but the GRANTS command limits what users have access to which database or table.
The database user can tradiitionally exploit the database software to gain access to Y
I am not sure what you mean by traditionally, but if you can't trust your users enough to give them raw access to the database, then they shouldn't have raw access anyway. Any software interfaces should have a means for sanitizing queries, and custom error handling so that error messages never make it back to the attacker.
do any databases offer row based access control?
Not that I know of, and what would really be the point? If I needed to keep data from a single table separated for various users, I would simply create a VIEW for each one of them that contained only the information that they needed.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum