SlideShare a Scribd company logo

Case study- PL-SQL API as data protection mechanism

Download as PPTX, PDF
Z
Ziemowit Jankowski

An Oracle PL/SQL API can provide several benefits as a data protection mechanism: 1) It enforces consistent updates, authorized access, and protects against misbehaved applications through mechanisms like triggers, constraints, and virtual private databases. 2) It controls access to data structures and prevents dependency on the underlying data model through validation procedures and abstracted retrieval/update types. 3) It avoids issues caused by direct database access like "funny" updates, mal-formed queries, and sub-optimal access paths by funneling all data handling through the API.

1 of 18
Case Study: PL/SQL API as data protection mechanism in Oracle databases by Ziemowit Jankowski Database Architect
Intended use ● Large databases ● Intensive updates ● Heterogeneous environment ● Many external actors with potentially misbehaved applications or ad-hoc queries ● Due to enterprise nature impossible to know who is doing what and how ● Non-existent or insufficient GUI- capabilities for users
● Consistency in updates (triggers and constraints) ● Updating/reading in correct context (triggers, VPD) ● Authorized access (Oracle authorization, roles, VPD, ACL) ● Protection against misbehaved application: ● Reading ● Updating (e.g. improper transaction handling) Data protection – a look at the broader meaning
● Exposing data structures to external actors: o Access to “more than needed” o Dependency on data model o “Funny” updates ● Misbehaved applications and/or users ● Mal-formed SQL queries o Sub-optimal data access paths ● Possible need for multiple implementations of business logic A few pitfalls for “classic” approach
Example scenarios Database (triggers, constraints, VPD etc) App server Valid ation Automated application Other database GUI-based application
• Updating • Validation of data • One place, one algorithm • Complex validation algorithms • Avoiding bad application / user behaviour • Updates independent from data model • Retrieval • Controlled access paths (performance) • Validation of search conditions • Results independent from data model • Logging • Security through obfuscation Some benefits of an API in data handling
• Software platform specific: • .NET • Java • Others • Common platform • Oracle PL/SQL Different API implementations
• Pros • One point, one algorithm for all data validation • All ”internal” data validation close to data store (overhead elimination) • No ”out of control” access paths • Cons • PL/SQL based • Hard to understand for novice programmers Oracle PL/SQL API
Example scenarios revisited Container schema (data, metadata, stored code) App server Validation Automated application Other database GUI-based application Access schema Access schema Access schema
• Container schema includes: • Data containers (tables, views, mviews) incl. triggers, constraints etc. • Data retrieval and data manipulation code • Interface data model, abstracted from underlying data model • Access schema includes: • Execution rights to data retrieval and manipulation code in container schema • Synonyms pointing at relevant code in container schema General principles
• Actors connect to database through access schema • Actors do not have direct access to data • Actors do not have direct access to meta-data • Actors have to use predefined access paths in orderly manner • Actors cannot circumvent data validation, on purpose or by accident Usage
• Usually not a major problem • Might become major performance issue: • Data-intensive updates • Large data volumes • Time critical updates (e.g. quasi-realtime) • Non-trivial validation • No possibility to take in “dirty data” and validate later on • In-database validation inside API usually faster than external application Data validation
• Examples: • Long rollbacks • Commit waiting for user interaction • Long transactions on quasi-real-time data • Culprits: • Rookie application programmers (been there, seen that) • Interactive users • Insufficient validation of data Eliminated by API that enforces some basic rules. Bad behaviour
• Enforced usage of correct data types • Example: WHERE to_char(dateCol,’YYYYMM’) = ’200101’ • SQL statements entirely within API code • No user-generated statements that cause poor performance Controlled access paths
• The API defines own Oracle types for data retrieval and update • The API types may or may not correspond to actual data containers • Changes in table layout can be hidden from caller • Backward compatibility • No need to rewrite all applications using the altered table/-s. Independency from data model (retrieval and updates)
• Procedures returning strongly typed cursors • At all costs avoid SYS_REFCURSOR • Alternative: use pipelined functions that return strongly typed data • Might lead to undesirable side-effects with WHERE-clauses • In both above cases: strongly typed parameters help avoiding full table scans due to malformed WHERE-clauses Some implementation details – data retrieval
• Procedures accept strongly typed parameters • Procedures return status code or message Some implementation details – data update
• SOA • Will not deliver same throughput • Will lock you in an infrastructure Alternatives?

Recommended

Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management System
Kavi Kumar
 
Access, Alerts and Application Insights
Access, Alerts and Application InsightsAccess, Alerts and Application Insights
Access, Alerts and Application Insights
Martin Abbott
 
(ATS6-APP05) Deploying Contur ELN to large organizations
(ATS6-APP05) Deploying Contur ELN to large organizations(ATS6-APP05) Deploying Contur ELN to large organizations
(ATS6-APP05) Deploying Contur ELN to large organizations
BIOVIA
 
Sanzaru
SanzaruSanzaru
Sanzaru
Afanasiev Alexey
 
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Positive Hack Days
 
Data Access
Data AccessData Access
Data Access
eclumson
 
(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...
(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...
(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...
BIOVIA
 
System mockup
System mockupSystem mockup
System mockup
乐翔 张
 

Recommended

Hospital Management System
Hospital Management SystemHospital Management System
Hospital Management System
Kavi Kumar
 
Access, Alerts and Application Insights
Access, Alerts and Application InsightsAccess, Alerts and Application Insights
Access, Alerts and Application Insights
Martin Abbott
 
(ATS6-APP05) Deploying Contur ELN to large organizations
(ATS6-APP05) Deploying Contur ELN to large organizations(ATS6-APP05) Deploying Contur ELN to large organizations
(ATS6-APP05) Deploying Contur ELN to large organizations
BIOVIA
 
Sanzaru
SanzaruSanzaru
Sanzaru
Afanasiev Alexey
 
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Kolegov tkachenko-Non-Invasive Elimination of Logical Access Control Vulnerab...
Positive Hack Days
 
Data Access
Data AccessData Access
Data Access
eclumson
 
(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...
(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...
(ATS6-DEV04) Building Web MashUp applications that include Accelrys Applicati...
BIOVIA
 
System mockup
System mockupSystem mockup
System mockup
乐翔 张
 
performancetestinganoverview-110206071921-phpapp02.pdf
performancetestinganoverview-110206071921-phpapp02.pdfperformancetestinganoverview-110206071921-phpapp02.pdf
performancetestinganoverview-110206071921-phpapp02.pdf
MAshok10
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
Muhammad Azmy
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
Sam Bowne
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
Sanjay Kumar (Seeking options outside India)
 
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Yu-Hsin Hung
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton University
Taswar Bhatti
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
Smart ERP Solutions, Inc.
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the Application
Sam Bowne
 
Building data intensive applications
Building data intensive applicationsBuilding data intensive applications
Building data intensive applications
Amit Kejriwal
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
Smart ERP Solutions, Inc.
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
Costa Pissaris
 
Technical Product Manager Case Challenge
Technical Product Manager Case ChallengeTechnical Product Manager Case Challenge
Technical Product Manager Case Challenge
Arush Sharma
 
Performance Testing
Performance TestingPerformance Testing
Performance Testing
Anu Shaji
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
Taswar Bhatti
 
Myth Busters VI: Data Virtualization makes access easier – but what control d...
Myth Busters VI: Data Virtualization makes access easier – but what control d...Myth Busters VI: Data Virtualization makes access easier – but what control d...
Myth Busters VI: Data Virtualization makes access easier – but what control d...
Denodo
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
PetraVukmirovic
 
Data All the Way Down
Data All the Way DownData All the Way Down
Data All the Way Down
Jeni Tennison
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
Arun Voleti
 

More Related Content

Similar to Case study- PL-SQL API as data protection mechanism

performancetestinganoverview-110206071921-phpapp02.pdf
performancetestinganoverview-110206071921-phpapp02.pdfperformancetestinganoverview-110206071921-phpapp02.pdf
performancetestinganoverview-110206071921-phpapp02.pdf
MAshok10
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
Muhammad Azmy
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
Sam Bowne
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
Sanjay Kumar (Seeking options outside India)
 
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Yu-Hsin Hung
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton University
Taswar Bhatti
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
Smart ERP Solutions, Inc.
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the Application
Sam Bowne
 
Building data intensive applications
Building data intensive applicationsBuilding data intensive applications
Building data intensive applications
Amit Kejriwal
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
Smart ERP Solutions, Inc.
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
Costa Pissaris
 
Technical Product Manager Case Challenge
Technical Product Manager Case ChallengeTechnical Product Manager Case Challenge
Technical Product Manager Case Challenge
Arush Sharma
 
Performance Testing
Performance TestingPerformance Testing
Performance Testing
Anu Shaji
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
Taswar Bhatti
 
Myth Busters VI: Data Virtualization makes access easier – but what control d...
Myth Busters VI: Data Virtualization makes access easier – but what control d...Myth Busters VI: Data Virtualization makes access easier – but what control d...
Myth Busters VI: Data Virtualization makes access easier – but what control d...
Denodo
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
PetraVukmirovic
 
Data All the Way Down
Data All the Way DownData All the Way Down
Data All the Way Down
Jeni Tennison
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
Arun Voleti
 

Similar to Case study- PL-SQL API as data protection mechanism (20)

performancetestinganoverview-110206071921-phpapp02.pdf
performancetestinganoverview-110206071921-phpapp02.pdfperformancetestinganoverview-110206071921-phpapp02.pdf
performancetestinganoverview-110206071921-phpapp02.pdf
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense MechanismsCh 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
 
Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...Group meeting: Identifying Information Disclosure in Web Applications with Re...
Group meeting: Identifying Information Disclosure in Web Applications with Re...
 
Cloud patterns at Carleton University
Cloud patterns at Carleton UniversityCloud patterns at Carleton University
Cloud patterns at Carleton University
 
SmartERP PeopleSoft Security
SmartERP PeopleSoft Security SmartERP PeopleSoft Security
SmartERP PeopleSoft Security
 
CNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the ApplicationCNIT 129S Ch 4: Mapping the Application
CNIT 129S Ch 4: Mapping the Application
 
Building data intensive applications
Building data intensive applicationsBuilding data intensive applications
Building data intensive applications
 
Segregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a ServiceSegregation of Duties and Sensitive Access as a Service
Segregation of Duties and Sensitive Access as a Service
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
 
Technical Product Manager Case Challenge
Technical Product Manager Case ChallengeTechnical Product Manager Case Challenge
Technical Product Manager Case Challenge
 
Performance Testing
Performance TestingPerformance Testing
Performance Testing
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
Myth Busters VI: Data Virtualization makes access easier – but what control d...
Myth Busters VI: Data Virtualization makes access easier – but what control d...Myth Busters VI: Data Virtualization makes access easier – but what control d...
Myth Busters VI: Data Virtualization makes access easier – but what control d...
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
 
Data All the Way Down
Data All the Way DownData All the Way Down
Data All the Way Down
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
 

Case study- PL-SQL API as data protection mechanism

  • 1. Case Study: PL/SQL API as data protection mechanism in Oracle databases by Ziemowit Jankowski Database Architect
  • 2. Intended use ● Large databases ● Intensive updates ● Heterogeneous environment ● Many external actors with potentially misbehaved applications or ad-hoc queries ● Due to enterprise nature impossible to know who is doing what and how ● Non-existent or insufficient GUI- capabilities for users
  • 3. ● Consistency in updates (triggers and constraints) ● Updating/reading in correct context (triggers, VPD) ● Authorized access (Oracle authorization, roles, VPD, ACL) ● Protection against misbehaved application: ● Reading ● Updating (e.g. improper transaction handling) Data protection – a look at the broader meaning
  • 4. ● Exposing data structures to external actors: o Access to “more than needed” o Dependency on data model o “Funny” updates ● Misbehaved applications and/or users ● Mal-formed SQL queries o Sub-optimal data access paths ● Possible need for multiple implementations of business logic A few pitfalls for “classic” approach
  • 5. Example scenarios Database (triggers, constraints, VPD etc) App server Valid ation Automated application Other database GUI-based application
  • 6. • Updating • Validation of data • One place, one algorithm • Complex validation algorithms • Avoiding bad application / user behaviour • Updates independent from data model • Retrieval • Controlled access paths (performance) • Validation of search conditions • Results independent from data model • Logging • Security through obfuscation Some benefits of an API in data handling
  • 7. • Software platform specific: • .NET • Java • Others • Common platform • Oracle PL/SQL Different API implementations
  • 8. • Pros • One point, one algorithm for all data validation • All ”internal” data validation close to data store (overhead elimination) • No ”out of control” access paths • Cons • PL/SQL based • Hard to understand for novice programmers Oracle PL/SQL API
  • 9. Example scenarios revisited Container schema (data, metadata, stored code) App server Validation Automated application Other database GUI-based application Access schema Access schema Access schema
  • 10. • Container schema includes: • Data containers (tables, views, mviews) incl. triggers, constraints etc. • Data retrieval and data manipulation code • Interface data model, abstracted from underlying data model • Access schema includes: • Execution rights to data retrieval and manipulation code in container schema • Synonyms pointing at relevant code in container schema General principles
  • 11. • Actors connect to database through access schema • Actors do not have direct access to data • Actors do not have direct access to meta-data • Actors have to use predefined access paths in orderly manner • Actors cannot circumvent data validation, on purpose or by accident Usage
  • 12. • Usually not a major problem • Might become major performance issue: • Data-intensive updates • Large data volumes • Time critical updates (e.g. quasi-realtime) • Non-trivial validation • No possibility to take in “dirty data” and validate later on • In-database validation inside API usually faster than external application Data validation
  • 13. • Examples: • Long rollbacks • Commit waiting for user interaction • Long transactions on quasi-real-time data • Culprits: • Rookie application programmers (been there, seen that) • Interactive users • Insufficient validation of data Eliminated by API that enforces some basic rules. Bad behaviour
  • 14. • Enforced usage of correct data types • Example: WHERE to_char(dateCol,’YYYYMM’) = ’200101’ • SQL statements entirely within API code • No user-generated statements that cause poor performance Controlled access paths
  • 15. • The API defines own Oracle types for data retrieval and update • The API types may or may not correspond to actual data containers • Changes in table layout can be hidden from caller • Backward compatibility • No need to rewrite all applications using the altered table/-s. Independency from data model (retrieval and updates)
  • 16. • Procedures returning strongly typed cursors • At all costs avoid SYS_REFCURSOR • Alternative: use pipelined functions that return strongly typed data • Might lead to undesirable side-effects with WHERE-clauses • In both above cases: strongly typed parameters help avoiding full table scans due to malformed WHERE-clauses Some implementation details – data retrieval
  • 17. • Procedures accept strongly typed parameters • Procedures return status code or message Some implementation details – data update
  • 18. • SOA • Will not deliver same throughput • Will lock you in an infrastructure Alternatives?