You are hereApplication User Mechansim Overview
Application User Mechansim Overview
The Trusted RUBIX Application User mechanism eliminates many vulnerabilities present in RDBMS applications, such as SQL injection, URL manipulation, and application hijacking. It accomplishes this by extending Mandatory Access Controls (MAC) to the RDBMS application’s users. With other RDBMSs’, security enforcement for this class of user, including authentication and access controls, are typically performed entirely within the RDBMS application. Because RDBMS applications tend to be ad-hoc, custom programs, they do not have the well structured, evaluated security mechanisms typical of RDBMSs’. Additionally, with other RDBMSs’, the existence of application users is unknown to the RDBMS.
The Mandatory Access Control (MAC) over the application users is accomplished by securely binding the application users’ authentication to the RDBMS application’s database session and then using Attribute Based Access Control (ABAC) security policies to restrict access of individual application users down to the row level. In a typical configuration, this would result in application users only being able to access rows which they created. Additionally, the RDBMS user executing the application program would not be able to access any row unless the application user that created the row is currently authenticated.
Using the Trusted RUBIX Application User mechanism, RDBMS application developers can focus on the functionality of the application while relying on the Trusted RUBIX RDBMS to encapsulate and secure the underlying data of the secure transaction based web applications, e.g., Internet Banking. For detailed information on the application user mechanism, please see the Application User Guide.
A Trusted RUBIX RDBMS User represents a traditional user of the database. The RDBMS User is able to authenticate to the RDBMS, initiate a RDBMS session, and directly submit SQL operations. The Trusted RUBIX RDBMS User space is tightly integrated with the user space of the operating system that hosts the database server software (i.e., the database host platform). Additionally, the RDBMS User is authenticated using the Pluggable Authentication Module of the host platform.
A Trusted RUBIX Application represents a RDBMS middleware application. It is named and created by the Trusted RUBIX Database Administrator. It also has one or more associated Application Administrators and Application Users. Application Users, typically connecting from the Internet, represent users of the middleware application. Application Administrators are RDBMS Users who are permitted to execute the RDBMS middleware application, connect to the database , and submit SQL operations on behalf of Application Users.
A Trusted RUBIX Application Administrator is a RDBMS authenticated user that is permitted to execute a particular RDBMS middleware application (e.g., ODBC program), that connects to the database, declares itself to be administering the Application (i.e., using the ALTER SESSION SET APPLICATION command), and submit SQL operations on behalf of Application Users. The Trusted RUBIX Security Administrator assigns RDBMS Users to be the Application Administrators for a particular Application.
Application Users represent users of the RDBMS middleware application (i.e., a Trusted RUBIX Application). Typically, they connect to the Application using the Internet. Application Users may only interact with Trusted RUBIX through the single Application with which they are associated. They may not connect directly to the RDBMS. Application Users are associated with the Application when their account is created by the Application Administrator using the create application_user command. Application Users must authenticate to the Trusted RUBIX RDBMS.