Detail publikace

Pokročilý systém řízení přístupu pro vícevrstvé serverové aplikace

CVRK, L. VRBA, V. MOLNÁR, K.

Originální název

Advanced access control system for multi-tier server applications

Český název

Pokročilý systém řízení přístupu pro vícevrstvé serverové aplikace

Anglický název

Advanced access control system for multi-tier server applications

Typ

článek ve sborníku

Jazyk

en

Originální abstrakt

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.

Český abstrakt

Serverové aplikace jsou jedněmi z nejdůležitějších komponent v aplikacích, které používají vícevrstvou architekturu. Tyto serverové komponenty musí řešit přístup uživatelů. Logika řízení přístupu bývá obvykle implementována přímo v kódu objektů, které jsou zodpovědné za operace nad daty. Tyto objekty ověřují přístup k jejich metodám a povolují provedné zadané operace. V systémech se nachází mnoho takových objektů s podobným posláním. Všechny tyto objekty realizují obdobný systém řízení přístupu což vede k větší náročnosti na zdroje a je také náchylnější na chyby. Tento článek se zabývá uvedenou problematikou a navrhuje řešení daných problémů ve formě abstrakce od relačního datového zdroje. Výsledné řešení zcela zabraňuje neoprávněnému přístupu k datům.

Anglický abstrakt

Server applications are one of the most important components of applications which use multi-tire architecture. These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.

Klíčová slova

databáze, SQL, řízení přístupu, abstrakce SŘBD

Rok RIV

2007

Vydáno

20.04.2007

Nakladatel

IEEE Computer Society

Místo

Sainte-Luce

ISBN

0-7695-2807-4

Kniha

Proceeding of the Second International Conference on Systems

Číslo edice

1.

Strany od

1

Strany do

6

Strany počet

6

BibTex


@inproceedings{BUT22797,
  author="Lubomír {Cvrk} and Vít {Vrba} and Karol {Molnár}",
  title="Advanced access control system for multi-tier server applications",
  annote="Server applications are one of the most important components of applications which use multi-tire architecture.  These servers need to handle access of users. Access control logic is usually implemented directly inside an object which is responsible for performing required operations over the data. The object verifies access to its methods and permits or denies the operation. But systems usually consist of many such objects with different missions. All of these objects require similar access control system. This makes a greater overhead because access control verification must be coded inside all those objects. If in this approach a programmer forgets to verify some of required rights in the code then the system may encounter a forbidden data access. This article deals with that topic and designs a unified database layer working over relation databases. Benefits of this layer are strong simplification of the access control system and impossibility to access data without permissions.",
  address="IEEE Computer Society",
  booktitle="Proceeding of the Second International Conference on Systems",
  chapter="22797",
  institution="IEEE Computer Society",
  year="2007",
  month="april",
  pages="1",
  publisher="IEEE Computer Society",
  type="conference paper"
}