将数据与用户分开的最佳做法是什么?
[英]What are the best practices to separate data from users
问题描述
For a customer we where developing a big application that where open to all users if you will, meaning, all users could see each others data. 
对于我们开发大型应用程序的客户,如果您愿意,所有用户都可以看到彼此的数据。
Now suddenly the customer is saying that they want only users belonging to the same organization to be able to view each others data. 现在,客户突然说他们只希望属于同一组织的用户能够查看彼此的数据。
So we came up with this data model: 所以我们想出了这个数据模型:
So now the question is: How is it best to separate the data? 所以现在问题是:如何最好地分离数据?
This is the only alternative I see: 这是我看到的唯一选择:
- SQL JOIN on ALL relevant tables (All tables that have data should no always join on Organization) -- All queries should now add an extra join to Organization, and if the join doesn't exists, we need to create a new foreign key. 所有相关表上的SQL JOIN(所有具有数据的表都不应始终加入组织) - 所有查询现在应该向Organization添加额外的连接,如果连接不存在,我们需要创建一个新的外键。
But I feel an extra join (We have around 20 tables that needs extra join) is quite costly. 但我觉得额外的加入(我们有大约20个需要额外加入的表)是非常昂贵的。
I hope there are some other best practices or solutions we can consider. 我希望我们可以考虑其他一些最佳实践或解决方案。
PS: This is a Web application developed using Java/JSF/Seam (but I don't know if that is relevant) PS:这是一个使用Java / JSF / Seam开发的Web应用程序(但我不知道这是否相关)
UPDATE UPDATE
I want to clarify something. 我想澄清一些事情。 My consurn is not security but performance. 我的意图不是安全而是表现。 We have added the foreign key to organization to all relevant tables that has shared data, and we are using user's logged in organization to filter the data. 我们已将组织的外键添加到具有共享数据的所有相关表中,并且我们正在使用用户的登录组织来过滤数据。
All I want to know is if this is a good architectural solution (inner join) or if we should do something else (ie: Load all shared data, and filter in memory instead of sql join). 我想要知道的是,这是一个很好的架构解决方案(内连接)还是我们应该做的其他事情(即:加载所有共享数据,并在内存中过滤而不是sql join)。
3 个解决方案
解决方案1
4 2010-04-14 09:12:35
You really have to understand the difference between the persistency layer and the application layer. 您必须了解持久层和应用程序层之间的区别。
It doesn't matter how you define your database tables, as anyone with database access will have access to all the users data. 无论您如何定义数据库表,因为任何具有数据库访问权限的人都可以访问所有用户数据。 What does matter is how you define the behavior in your application. 什么事情做的是你如何定义你的应用程序的行为。
Changing the database design should only be done for performance reasons, not for security - which should be handled in the application. 只应出于性能原因而不是安全性来更改数据库设计 - 应在应用程序中处理。
解决方案2
1 2010-04-14 09:32:30
I would reckon that the best pattern would be to only expose the user details through the web application, so at that point its a case of restricting the data exposed to each user. 我认为最好的模式是仅通过Web应用程序公开用户详细信息,因此在这一点上限制了向每个用户公开的数据。 This will allow you to build in the required security inside the application. 这将允许您在应用程序内部构建所需的安全性。
Alternatively if you are allowing direct database access then you will need to create a login/user (depends on database used) for each organization or user and then restrict the access of these login/user entities to parameterized stored procedures rather than the base tables. 或者,如果您允许直接访问数据库,则需要为每个组织或用户创建登录/用户(取决于所使用的数据库),然后将这些登录/用户实体的访问权限限制为参数化存储过程而不是基表。 This will push security back onto the database, which is riskier but still do-able. 这会将安全性推回到数据库,这样风险更大但仍然可行。
As to meta changes to support the organization column, parameterizing the stored procedures will be fairly trivial: 对于支持组织列的元更改,参数化存储过程将相当简单:
select @organizationId = organizationId from User where User.id = @currentUserId
select * from User where organizationId = @organizationId
(depending on the sql flavour you will need to enclose some entities eg ``User (根据sql风格,你需要包含一些实体,例如``User , [User] etc) ,[用户]等)
解决方案3
0 2013-04-10 19:44:18
I see no reason that Organization has to be 'joined' at all. 我认为没有理由组织必须“加入”。
If your 'data' tables all have OrganizationID columns, then you can lookup the 'organizationID' from the user and then add this as a condition to the join. 如果您的“数据”表都具有OrganizationID列,那么您可以从用户查找“organizationID”,然后将其作为条件添加到连接中。
EX: EX:
select @OrganizationId = organizationId from User where User.id = @currentUserId
select * from datatable a .... where .... AND a.organizationID = @organizationID
See; 看到; no join. 没有加入。
With respect to performance, there are different types of joins, and SQLServer allows you to hint at the type of join. 在性能方面,有不同类型的连接,SQLServer允许您提示连接类型。 So in some cases, a merge join is the best, whereas in something like this scenario, a loop join would be the best. 所以在某些情况下,合并连接是最好的,而在这种情况下,循环连接是最好的。 Not sure if these choices are available in MySQL. 不确定这些选择是否在MySQL中可用。
With respect to all of your tables needing a join, or condition (see above), there is a logical answer, and an implementation answer. 对于需要连接或条件的所有表(见上文),有一个逻辑答案和一个实现答案。 The implementation answer depends on your indexing. 实现答案取决于您的索引。 If you can limit the dataset the most by adding that condition, then you will benefit. 如果您可以通过添加该条件来限制数据集,那么您将受益。 But if the join with the other table that has already been filtered does a better job at reducing rows, then the condition will be worthless (or worst case, it will use the wrong index). 但是如果与已经过滤的其他表的连接在减少行方面做得更好,那么条件将毫无价值(或者最坏的情况,它将使用错误的索引)。 Assuming you have indexes on your join and condition columns. 假设您的连接和条件列上有索引。
Logically, only data that isn't fully dependent on a table that is filtered by organizationID needs that extra condition. 从逻辑上讲,只有不完全依赖于由organizationID过滤的表的数据才需要额外的条件。 If you have a car table, and carparts table, then you only have to filter the car table. 如果你有一个汽车餐桌和carparts表,那么你只需要过滤汽车餐桌。 Unless for some reason you don't need to join with the car table for some joins, in which case you will need that organizationID on the parts table too. 除非出于某种原因,您不需要为某些联接加入car表,在这种情况下,您也需要在parts表上使用该organizationID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.