Some remarks on optimization impact on database security

Krzysztof Miodek, Krzysztof Podlaski, Ścibór Sobieski, Bartosz Zieliński

Abstract


One of the most important factors of real live business applications are speed and reliability. The question that arises during development states: what is more important: efficiency of servers or security of database/application. One of the biggest databases used in the University of Łódź for its applications must have restricted access to data. On the other hand, although it is used by many people concurrently cannot be overloaded. Security rules are based on views created for every user, which gives scalability and flexibility. Unfortunately this approach has security vulnerabilities which is presented in this article.

Keywords


database security; database optimization

Full Text:

PDF

References


Miodek K., Pychowski J.: Elastyczny system uprawnień użytkowników w systemie zarządzania bazą danych PostgreSQL. [in:] Bazy Danych - Modele, Technologie, Narzędzia. WKŁ, Warszawa 2006, p. 309-314.

Kabra G., Ramamurthy R., Sudarshan S.: Redundancy and Information Leakage in Fine-Grained Access Contol. SIGMOD, 2006.

Stonebraker M., Wong E.: Access control in relational database management system by query modification. Procs of the ACM Annual Conference, 1974, p. 180-186.

Rivizi S., Mendelzon A., Sudarshan S., Roy P.: Extending query rewriting techniques for fine-grained access control. SIGMOD, 2004.

The Virtual Private Database in Oracle9ir2. An Oracle Technical White Paper.




DOI: http://dx.doi.org/10.21936/si2011_v32.n2B.307