Re: Limiting DB access by role after initial connection?

On Sun, Jun 11, 2017 at 12:15 PM, Bruno Wolff III <bruno(at)wolff(dot)to> wrote:

> On Fri, Jun 09, 2017 at 21:14:15 -0700,
> Ken Tanzer <ken(dot)tanzer(at)gmail(dot)com> wrote:
>
>> On Fri, Jun 9, 2017 at 5:38 PM, Bruno Wolff III <bruno(at)wolff(dot)to> wrote:
>>
>> Seems to me they are separate issues. App currently has access to the
>> password for accessing the DB. (Though I could change that to ident
>> access
>> and skip the password.) App 1) connects to the DB, 2) authenticates the
>> user (within the app), then 3) proceeds to process input, query the DB,
>> produce output. If step 2A becomes irrevocably changing to a
>> site-specific
>> role, then at least I know that everything that happens within 3 can't
>> cross the limitations of per-site access. If someone can steal my
>> password
>> or break into my backend, that's a whole separate problem that already
>> exists both now and in this new scenario.
>>
>
> In situations where a person has enough access to the app (e.g. it is a
> binary running on their desktop) to do spurious role changes, they likely
> have enough acces to hijack the database connection before privileges are
> dropped.
>

Ah yes, I could see that. In this case it's a web app, so only the server
has the DB credentials. I'd really hate it if each client had to be able
to access those credentials!

Cheers,
Ken

--
AGENCY Software
A Free Software data system
By and for non-profits
*http://agency-software.org/ <http://agency-software.org/>*
*https://agency-software.org/demo/client
<https://agency-software.org/demo/client>*
ken(dot)tanzer(at)agency-software(dot)org
(253) 245-3801

Subscribe to the mailing list
<agency-general-request(at)lists(dot)sourceforge(dot)net?body=subscribe> to
learn more about AGENCY or
follow the discussion.