| Subject | java-local database security |
|---|---|
| Author | Steffen Heil |
| Post date | 2006-09-27T09:59:13Z |
Hi
My application uses a central connection pool, which is abtracted by a class
that basically only offers two functions:
- Connection getConnection()
- Connection getSingleConnection()
The first returns a connection from the pool.
The seconds waits till all connections from the pool are closed, shuts down
the pool, and returns a single connection from the driver manager. When that
one is closed it restarts the pool and unlocks any threads waiting for a
Connection. So I can use meta-data updates with getSingleConnection.
What I want to do right now is to prevent access to some tables for some
connections.
For example:
If threadA callet getConnection, allow everything for tables "a$...", but
completely disallow "b$...", while only allowing referential integrity on
"core$...".
That is somehow easy, as I already have my own Connection, Statement,
PreparedStatement and ResultSets in place and so I can easily intercept
calls to functions that take sql strings.
However I would need to write my own sql parser, which I assume someone did
already. So, is there any available parser which can be used standalone?
Regards,
Steffen
[Non-text portions of this message have been removed]
My application uses a central connection pool, which is abtracted by a class
that basically only offers two functions:
- Connection getConnection()
- Connection getSingleConnection()
The first returns a connection from the pool.
The seconds waits till all connections from the pool are closed, shuts down
the pool, and returns a single connection from the driver manager. When that
one is closed it restarts the pool and unlocks any threads waiting for a
Connection. So I can use meta-data updates with getSingleConnection.
What I want to do right now is to prevent access to some tables for some
connections.
For example:
If threadA callet getConnection, allow everything for tables "a$...", but
completely disallow "b$...", while only allowing referential integrity on
"core$...".
That is somehow easy, as I already have my own Connection, Statement,
PreparedStatement and ResultSets in place and so I can easily intercept
calls to functions that take sql strings.
However I would need to write my own sql parser, which I assume someone did
already. So, is there any available parser which can be used standalone?
Regards,
Steffen
[Non-text portions of this message have been removed]