Abstracting and Refining Authorization in SQL
نویسندگان
چکیده
ing and Refining Authorization in SQL Arnon Rosenthal, Edward Sciore1 Abstract. The SQL standard specifies authorization via a large set of rather opaque rules, which are difficult to understand and dangerous to change. To make the model easier to work with, we formalize the implicit principles behind The SQL standard specifies authorization via a large set of rather opaque rules, which are difficult to understand and dangerous to change. To make the model easier to work with, we formalize the implicit principles behind SQL authorization. We then discuss two extensions, for explicit metadata privileges and general privilege inference on derived objects. Although these are quite simple and easily implemented, we show how together, they help solve several administrative problems with existing SQL security. This sort of abstraction is also an important step towards having DBMSs that simultaneously support security policies over SQL, XML, RDF, and other forms of data.ion is also an important step towards having DBMSs that simultaneously support security policies over SQL, XML, RDF, and other forms of data.
منابع مشابه
Formalizing and Refining Authorization in SQL
The SQL standard specifies authorization via a large set of rather opaque rules, which are difficult to understand and dangerous to change. To make the model easier to work with, we formalize the implicit principles behind SQL authorization. We then discuss two extensions, for explicit metadata privileges and general privilege inference on derived objects. Although these are quite simple and ea...
متن کاملSecurely Web-based Application for Construction Material Testing
The main aim of this paper was to develop and evaluate securely web-based application for construction material testing using object-oriented technology and parameterized queries for SQL command queries. The SQL queries for the web application of construction material testing were modified by adjusting their codes which included connection strings, authorization bypass and execute commands. Det...
متن کاملSecurely Web-based Application for Construction Material Testing
The main aim of this paper was to develop and evaluate securely web-based application for construction material testing using object-oriented technology and parameterized queries for SQL command queries. The SQL queries for the web application of construction material testing were modified by adjusting their codes which included connection strings, authorization bypass and execute commands. Det...
متن کاملAdministration and Autonomy in a Replication-Transparent Distributed DBMS
Administrative issues are of vital importance to organizations adopting distributed database technology. Most research systems and emerging commercial DDBMSs have assumed site autonomy as a guiding principle. This paper presents some general problems associated with autonomy and administration in a DDBMS, and discusses the incompatibility between replication transparency and site autonomy. In a...
متن کاملUsing Sap Erp and Oracle Dbms Tools to Demonstrate Authorization Concepts
This paper discusses our development and use of course material to demonstrate database management systems concepts to students by using enterprise resource planning (ERP) system software to augment their learning. The purpose of our paper is to share our experience with other universities interested in using ERP software as a tool to supplement students’ learning of information technology (IT)...
متن کامل