| Subject | Securing access to stored procedures |
|---|---|
| Author | Myles Wakeham |
| Post date | 2009-11-12T17:59:58Z |
I'm considering bundling a Firebird database file and Firebird server
installer with some vertical market software of ours that is not open
source. I'm trying to strategize on some of the ways that we can
release our database design, which includes a lot of stored procedures -
some of which contain important business logic that we do not want 'in
the open' or visible to our customers.
Our goal is to include this content as a self-installer package that
will automatically install on a client's server platform. Most of our
clients are running Windows server platforms, so I'm ok with it working
this way on Windows servers to begin with.
The challenge for us is how to package a Firebird Server installation,
our meta data, etc. and not disclose the sysdba password. I need to
have our client application pre-create user accounts for the server that
allows Firebird to control access to tables, views, stored procedures,
etc. Basically I would have user accounts created that would support
our client application's need to execute stored procedures, read/write
to tables, etc. A separate set of user accounts would be provided for
the user's to access tables in read/only state for ODBC/user report
generation, etc.
But in no case do I want the user to be able see the stored procedures
in the database.
How can this be done? Are other ISVs or vertical market software
developers able to bundle Firebird Server installations with this level
of lockdown successfully?
Myles
--
=======================
Myles Wakeham
Director of Engineering
Tech Solutions USA, Inc.
Scottsdale, Arizona USA
http://www.techsolusa.com
Phone +1-480-451-7440
installer with some vertical market software of ours that is not open
source. I'm trying to strategize on some of the ways that we can
release our database design, which includes a lot of stored procedures -
some of which contain important business logic that we do not want 'in
the open' or visible to our customers.
Our goal is to include this content as a self-installer package that
will automatically install on a client's server platform. Most of our
clients are running Windows server platforms, so I'm ok with it working
this way on Windows servers to begin with.
The challenge for us is how to package a Firebird Server installation,
our meta data, etc. and not disclose the sysdba password. I need to
have our client application pre-create user accounts for the server that
allows Firebird to control access to tables, views, stored procedures,
etc. Basically I would have user accounts created that would support
our client application's need to execute stored procedures, read/write
to tables, etc. A separate set of user accounts would be provided for
the user's to access tables in read/only state for ODBC/user report
generation, etc.
But in no case do I want the user to be able see the stored procedures
in the database.
How can this be done? Are other ISVs or vertical market software
developers able to bundle Firebird Server installations with this level
of lockdown successfully?
Myles
--
=======================
Myles Wakeham
Director of Engineering
Tech Solutions USA, Inc.
Scottsdale, Arizona USA
http://www.techsolusa.com
Phone +1-480-451-7440