stackoom
  简体   繁体   中英

Implementing row-level security in SymmetricDS

 原文  2017-02-18 19:43:56       database/ security/ symmetricds

Question

I am developing a mobile ticketing system, and I'm reviewing my requirements against embedded SymmetricDS. The only sticking point so far is that I can't find any information directly addressing the question of row-level security.

Use Case:

Some of the mobile point-of-sale nodes will be logged in as sellers, some as managers. Everybody can view everybody else's sales. Sellers can create new sales, but never modify them. Managers can modify existing sales, but not delete them.

Problem:

I don't have strict control over the Android mobile POS units, so they aren't trustworthy -- it's not realistic to prevent a malicious seller from decompiling the APK and creating a malicious client node. My environment has security requirements, such that a malicious seller cannot be allowed to modify the sales table on the server. I can trust that the hypothetical malicious seller does not have access to manager credentials, and I can trust that the server software is secure.

Questions:

  1. Is server-side row-level security a job for a load filter?
  2. Can the filter script get access to the node_id originating the change?
  3. Can the filter script get access to the authentication credentials used to register the originating node?

1 answers

solution1
 2 ACCPTED  2017-02-18 20:21:25

  1. Yes. Some of its is possible implementing with a writer filter, like the update limiting to a certain group of nodes. Disabling deleting a row from a node just means that delete trigger shouldn't be created at all for that node group
  2. Yes, it's possible. Methods that are implemented in an extension of an abstract load file accept arguments that carry external ID of the caller ( org.jumpmind.symmetric.io.data.Batch#getSourceNodeId and DataContext#getBatch() )
  3. Basic authentication is the same for all nodes. There's a password that is automatically generated when handshake is performed and it's stored in the db. Let your load file implement symmetricds interface ISymmetricEngineAware which allows for injection of an engine that can be used to access the database

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question row-level security in LLBLGenPro MySQL: can I implement row-level AND column level security? Row-level security in a client-database scenario What is row-level isolation? MySQL: how to do row-level security (like Oracle's Virtual Private Database)? What is a difference between BEFORE and AFTER dml operations ? (Row-Level Security) row-level trigger vs statement-level trigger How to achieve row-level locking on an in-memory SQLite db? MYSQL error no 121. Supports transactions, row-level locking, and foreign keys Clarifying the difference between row-level lock in InnoDB engine and table-level lock in MyISAM engine in MySQL database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM