Subject | Re: [Firebird-Architect] Security Plugins: An Architecture |
---|---|
Author | Pavel Cisar |
Post date | 2004-10-06T08:05:41Z |
Jim,
On 4 Oct 2004 at 11:54, Jim Starkey wrote:
> A security plugin is a potentially loadable module that manages an
> aspect of database security. A security plugin can be built in or
> loaded dynamically.
Great. I suppose that more than one plugin could be built in.
> The API used to communicate with a security plugin
> and for security plugins to communicate with each other is defined by
> the C++ class SecurityPlug, from which all security plugins inherit.
> The initial declaration of SecurityPlugin is:
Hard to judge about API feasibility now, but it's for sure a good start.
> Security plugins are daisy chained. A security plugin that does not
> manage a particular method is required to passed the call to the next
> security plugin in the chain (this default behavior can be inherited
> from SecurityPlugin). The engine provides a builtin security plugin
> (SecurityRoot) to backstop all methods, provide default security
> behaviors, and manage communication between the security plugin chain
> and the database engine. An authentication plugin can be expected to
> respond to the methods userInfo() and updateAccountInfo() but ignore
> methods (not yet defined) controlling page level encryption.
Well, I got lost here a little bit. You mentioned Security Manager later
down this spec, but you didn't sketch it in any way (except config
options). Is Security Manager (SM) a real object or just a package of
configuration parameters ?
The arrangement of Security Plugins (SP) etc. as you defined it makes
more sense for me if SM is not a real object but just a tool to package
security options. If it's true, then I have trouble with it, because
architecture with real SM object would make more sense for me. If SM is a
real object, then I have trouble with the rest of spec.
I'll go to details once you clarify this basic question for me.
> Error conditions within a security plugin are handled by throwing
> OSRIException objects.
Ok.
Best regards
Pavel Cisar (ICQ: 89017288)
http://www.ibphoenix.com
For all your upto date Firebird and
InterBase information