关于应用程序层与数据库层之间的身份验证的意见 [英] Opinions about authentication between application and database tiers
问题描述
我感到困惑的是一个技术难题,我们团队中的两个人都建议两种不同的安全模型,各有优缺点.
I'm puzzling over a technical dilemma where two folks on our team a recommending two different security models each with pros and cons.
未开发区看起来像这样: 我们有一个asp.net网络应用程序,用于与业务层进行通信,与数据库进行通信.
The greenfield looks like this: We have a an asp.net web app, talking to a business layer, talking to a database.
*其中一项要求是能够让更高级别的用户将业务层权限委派给其他用户.
*One of the requirements is to be able to have higher level users delegate business layer rights to other users.
其中一个人正在游说互联网用户将其凭据一直传递到数据库中的能力,以便连接可以使用实际的sqlserver帐户进行查询等.(我喜欢其中的某些方面-审计功能)
One of the folks is lobbying for the capability of an internet user to pass their credentials all the way down into the database so the connection can use an actual sqlserver account for querying, etc. (Some aspects of this I like - auditing capabilities for instance)
现有的另一种方法是简单地使用数据库中的用户套件,密码,角色,资源表,并在业务层中管理安全性.
The alternate approach on hand is to simply go with suite of users,passwords,roles,resources tables in the database, and manage the security up in the business layer.
这可能是因为我来自Java到oracle的背景,在大多数情况下,您使用的连接池提供的连接已经使用服务类型帐户进行了身份验证.我们的互联网客户从来没有实际数据库帐户.
It could be because I come from a java to oracle background where in most cases you use a connection pool that provides connections which were already authenticated using a service type account. Our internet clientele never had actual database accounts.
我是否认为,mssql服务器提供的内置内部凭据存储内部管理(由Internet用户)可代理安全性似乎充满了危险的安全性?
Am I flawed in my thinking that managing delegatable security (by internet users) inside the builtin, internal credentials store that mssql server provides seems fraught with peril security wise?
有人建议吗?
推荐答案
在大多数Web应用程序中,安全模型是在业务逻辑层而不是数据层定义的.
In most web applications, you the security model is defined at the business logic layer, not the data layer.
例如,我在Stack Overflow上编辑帖子的能力不受我对帖子"表的读/写能力的控制-实际上,您甚至可能甚至无法设计一个数据库架构来允许您实现此级别的数据库级别的安全性.相反,有一个业务逻辑层,将我的特权与我要采取的操作进行比较(我认为);安全性是在业务逻辑层实现的.
For instance, my ability to edit a post on Stack Overflow is not controlled by my ability to read/write to the "posts" table - in fact, you could probably not even design a database schema that would allow you to implement database-level security at this level. Instead, there's a business logic layer which compares my privileges with the action I'm trying to take (I assume); security is implemented at the business logic layer.
坦率地说,将凭据传递到数据库层几乎没有任何好处-如果以某种方式绕过了控制谁可以编辑SO帖子的业务逻辑,数据库读/写"控件将不会阻止它,并且审核并不会真正帮助您.
I frankly see almost no benefit to passing through credentials to the database layer - if somehow I'd bypassed the business logic for controlling who can edit SO posts, the database "read/write" controls wouldn't prevent it, and auditing wouldn't really help you.
我看到了很多弊端-特别是您将授权逻辑分为两个部分(业务逻辑和数据库),并引入了各种有趣的失败模式,并在业务逻辑层和数据库层之间同步了帐户(用户更改密码或退出网站).我无法想象您将如何理智地测试和调试所有这些-如果最终用户遇到与其数据库特权有关的错误,会发生什么?
I see LOTS of drawbacks - not least the fact you'll be splitting your authorization logic into two (business logic and database), and introduce all kinds of entertaining failure modes with synchronizing accounts across your business logic layer and database layer (users changing their password, or leaving the web site). I can't begin to imagine how you'd sanely test and debug all this - what happens if an end user gets an error related to their database privileges?
这篇关于关于应用程序层与数据库层之间的身份验证的意见的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
