| Subject | Re: Database Culture and Progress |
|---|---|
| Author | Aleksey Karyakin |
| Post date | 2005-08-06T16:14:26Z |
""Roman Rokytskyy"" <rrokytskyy@...> wrote in message
news:dd09s3+q7hr@......
for) is to restrict users of doing thing that they shouldn'd do.
Switching roles seems to be proposed as a voluntary action from the
db client. In other words, the client becomes responsible for
limiting its own abilities. How do you see this model works at all
(from the security p.o.v.)?
I think the most needed and tangible feature is a "single sign on".
However, it is related to authentication (not authorization) and has
nothing to do with roles. Correct me if I wrong.
Regards,
Aleksey Karyakin
news:dd09s3+q7hr@......
>Why do you think that? The point of authorization (which roles are
> Personally I see the value of the possibility to switch
> roles/users/groups (name it whatever you like) when the security
> context from the application server is promoted to the database. It
> seems to be technically possible and I think would increase the
> overall data security/safety.
for) is to restrict users of doing thing that they shouldn'd do.
Switching roles seems to be proposed as a voluntary action from the
db client. In other words, the client becomes responsible for
limiting its own abilities. How do you see this model works at all
(from the security p.o.v.)?
I think the most needed and tangible feature is a "single sign on".
However, it is related to authentication (not authorization) and has
nothing to do with roles. Correct me if I wrong.
Regards,
Aleksey Karyakin