karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Database commands for Karaf
Date Sun, 15 Jan 2012 12:43:35 GMT
I don't quite understand the security problem, but maybe I'm thinking of a different environment.
 I would expect an environment where the db enforces user level access to that user's data
to be set up in the app server using container based security, where the app server maps the
user identity and credentials that it uses to the identity and credentials for the db (for
instance, they might be the same) and supplies the db-level user info to the connection as
it is obtained from the pool.  So if you log into karaf using ssh, your identity will then
be supplied to the db and you can only see and manipulate your own data.  I don't know what
connection management framework this proposal was thinking of but geronimo connection management
supports this.

If you were thinking that the application would enforce the user level security, not the database,
and all db connections would use the same db user identity, then there is more of a problem,
but I would expect that if a malicious user could ssh into a server there are bigger problems
than this.

BTW perhaps geronimo would be a better place than aries for this, if it doesn't end up in
karaf.  It's not a new enterprise technology, it's more of a usability extension to existing
enterprise functionality.

david jencks

On Jan 15, 2012, at 1:56 AM, Claus Ibsen wrote:

> Hi
> At first thought the commands seems cool.
> However one part (the SQL execute) they risk introduce a security
> vulnerability, as a malicious user can use these commands to access
> production database, and manipulate the data. And by using the same
> datasource/connection that applications uses, so its harder for the
> RDBMS to control user access.
> In some industrires, users must *never* access a database using an
> application account, by must always use their personal account (such
> as health care)
> to ensure that they can always track who have accessed the data
> (auditing). So with this new command, a malicious user can SSH into a
> remote box, and use the application database connection to access the
> production database. And thus "hide" as the RDMBS would think it was
> the application that did the SQL.
> I guess this could be remedied by having the SQL execute command to
> must have the username / password provided, and "somehow" create a new
> connection to the application database. So its 100% separated from the
> application usage.
> The other pieces of the command is nice. Being able to list the
> datasources and details about their connection pools would be great.
> Just as you have in JEE servers. People may expect something similar
> in the world of Karaf.
> Maybe a "Karaf Shell Extensions" or "Karaf App Store" :) is in place.
> There could be a ton of small and custom shells being created.
> That people can install and use in their Karaf. I guess some targeted
> for developers, and others may for production usage.
> And having a SQL executor shell could be nice for the developer.
> On Fri, Jan 13, 2012 at 5:13 PM, Christian Schneider
> <chris@die-schneider.net> wrote:
>> Hi all,
>> as part of my Karaf Tutorial about database access I have writte some handy
>> Karaf shell commands for databases.
>> They are described with screen dumps in my Tutorial
>> http://www.liquid-reality.de/x/LYBk .
>> Especially for embedded databases like derby and h2 I missed a simple access
>> to the database for a long time. So I think these commands could be
>> interesting for many developers.
>> So I would like to add them to Karaf and also add a feature for them. Of
>> course DB commands are not the core domain of Karaf so this is surely
>> nothing for the Karaf minimal distro but I propose to add them to the
>> standard distro.
>> The reasons are simple:
>> - I think many people could have use for the commands
>> - They add no dependencies
>> - The code is really small (just 16kb)
>> Christian
>> --
>> Christian Schneider
>> http://www.liquid-reality.de
>> Open Source Architect
>> Talend Application Integration Division http://www.talend.com
> -- 
> Claus Ibsen
> -----------------
> FuseSource
> Email: cibsen@fusesource.com
> Web: http://fusesource.com
> Twitter: davsclaus, fusenews
> Blog: http://davsclaus.blogspot.com/
> Author of Camel in Action: http://www.manning.com/ibsen/

View raw message