• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
AMIS definer invoker rights
 

AMIS definer invoker rights

on

  • 389 views

Deze presentatie is gegeven tijdens de KScope conferentie 2012...

Deze presentatie is gegeven tijdens de KScope conferentie 2012

Spreker: Patrick Barel
Titel: Should Invoker Rights Be Used?
Onderwerp: Developers Toolbox - Coding

Deze presentatie gaat over de vraag of het Invoker Rights model van de Oracle Database, voor verschillende gebruikers binnen dezelfde database, kan helpen bij het scheiden van de zichtbaarheid van de data. Door gebruik te maken van de techniek deze techniek kun je op een relatief eenvoudige wijze ervoor zorgen dat gebruikers alleen werken op hun eigen data en niet op die van anderen. Als het bijvoorbeeld gaat om een hosted applicatie, dan hoeft er nog maar één codebase te zijn, waardoor alle gebruikers direct profiteren van verbeteringen die aangebracht worden. Daarnaast leer je in deze sessie hoe je één set code kunt onderhouden voor verschillende gebruikers van de applicatie en hoe je je ‘gedeeltelijk’ kunt beschermen tegen SQL Injection.

Statistics

Views

Total Views
389
Views on SlideShare
389
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    AMIS definer invoker rights AMIS definer invoker rights Presentation Transcript

    • Developers Toolbox – Coding Should invoker rights be used?Patrick Barel , AMIS, The NetherlandsMonday, June 25, 2012ODTUG KScope 12San Antonio, Texas, USA
    • Definer Rights vs Invoker Rights Prior to Oracle8i, whenever you executed a stored program, it ran under the privileges of the account in which the program was defined.  This is called the … Definer Rights Model With Oracle8i, you can now decide at compilation time whether your program or package will execute in the definers schema (the default) or the schema of the invoker of the code.  This is called the … Invoker Rights Model
    • Definer RightsPatrick Mitchell Code Invoke R e fRelations Relations
    • Invoker RightsPatrick Mitchell Code InvokeRelations Relations
    • Invoker Rights Allows you to centralize access to and control of underlying data structures. Uses roles and doesn’t rely on directly-granted privileges. But it can be a source of confusion and architectural problems. Note: Oracle built-in packages have long had the capability of running under the invokers authority.
    • What’s wrong with Definer Rights Deployment & maintenance  Must install module in all schemas where needed  In some databases, each user has own copy of table(s), requiring copy of stored module Security  No declarative way to restrict privileges on certain modules in a package -- its all or nothing, unless you write code in the package to essentially recreate roles programmatically.  Difficult to audit privileges Sure would be nice to have a choice...and now you do!
    • Invoker Rights For top level modules: CREATE [ OR REPLACE ] <module type> [ AUTHID { DEFINER | CURRENT_USER } ] AS ... For modules with separate spec and body, AUTHID goes only in spec, and must be at the package level. Holds true for packages and object types.
    • Overview of Definer Rightsbegin package y x.foo; authid package x definerend; authid definer package z authid definer Emp Emp Emp
    • Overview of Invoker Rightsbegin package y x.foo; authid package x definerend; authid current_user package z authid current_user Emp Emp Emp
    • Overview of Invoker Rights begin x.foo; end; package y Emp authid package x definer authid current_userbegin package z x.foo; authidend; current_user Emp Emp Emp
    • Mock objectsTo compile code you still need the structure of theobjects.
    • Mock objectsbegin begin x.foo; x.foo; package xend; end; Execute authid Execute current_userCol1 Col2 Col3 Col4 Col1 Col2 Col3 Col4A.val1 A.val2 A.val3 A.val4 B.val1 B.val2 B.val3 B.val4A.val5 A.val6 A.val7 A.val8 B.val5 B.val6 B.val7 B.val8A.val9 A.val10 A.val11 A.val12 B.val9 B.val10 B.val11 B.val12A.val13 A.val14 A.val15 A.val16 B.val13 B.val14 B.val15 B.val16 Col1` Col2 Col3 Col4
    • Definer Rights Use a single codebase for multiple users (a bit of) Protection from SQL Injection
    • Single codebaseUser1 User2 App Mock objects
    • Single codebaseUser1 User2 App Code
    • Single codebaseUser1 User2 App
    • Single codebaseApplication code in a central schema (with mock objects) User1 User2 App
    • Single codebaseEach user has it’s own set of tables, views and sequences User1 User2 App
    • Single codebase Columns can be different in each schemaUser1 User2 App
    • Advantages One time development Specific code in user schema (partial) Protection from SQL Injection
    • Drawbacks Debugging can be hard Support can be hard
    • SQL Injection Dynamic SQL  Modification (drop) of objects You cannot drop what is not there  Modification of records Will only affect current users data You should always use binding instead of concatenating in Dynamic SQL Statements
    • Rules and RestrictionsAUTHID DEFINER Definer Rights Model Uses directly granted privileges Default, so no need to change current codeAUTHID CURRENT_USER Invoker Rights Model Uses ROLEs On entire objects Need for ‘mock’ objects (at compile time it’s Definer Rights)