| Subject | Re: [Firebird-Architect] Re: User name SYSDBA |
|---|---|
| Author | Jim Starkey |
| Post date | 2005-08-21T21:52:01Z |
johnson_dave2003 wrote:
is a filterset, a set of table names and respective booleans that are
automatically appended to all selection criteria. There are probably
other suitable efficient mechanisms as well.
>In short, you cannot implement effective enterprise security at theThere are better ways to handle this. One that I have discuss earlier
>database object level.
>
>In the past, the workaround has been to grant authorization to the
>application at the object level, and then handle the rest in the
>application. If I understand him correctly, Jim wants to take this
>out of the application layer and put it right in the DBMS, because
>the application authority is efectively no security at all.
>
>To achieve his goal, every row fetch must include a lookaside to the
>security module to see if the row and columns requested are allowed.
>In Java terms, the lookaside can be implemented as a Map attached to
>the session.
>
>
>
is a filterset, a set of table names and respective booleans that are
automatically appended to all selection criteria. There are probably
other suitable efficient mechanisms as well.