OK, so the problem is that this JDBC proxy still allows arbitrary SQL to
be executed on the server. Never worked with rich client applications
before, I had not realized that this (security) was the main reason for
choosing to add a third tier. I thought the problem was minimizing database
connections for license/scalability purposes.

I guess this argument against doing it at the JDBC level also applies
to doing it at the ORM level, since it still opens up the possibility of
arbitrary queries.


David Wood wrote:

I just did a swing client that uses hibernate, and although in my case I was alright to make the database available to the client hosts, I'm sure many can't. So it sounds like this will certainly be useful, but it has me thinking: will this layer be added only because nobody trusts the database's security ("I can't expose my DB to the world because someone will get in")? Or perhaps because the DB's security model is "too general" and therefore too difficult for people to secure properly ("I can't safely make a 'restricted' user because I'll accidently - or necessarily - leave it with dangerous privileges")?

Of course, whether directly or through a JDBC wrapper, a user can always extract the security privileges from a client and circumvent any restrictions imposed by that application; read any row or send a few "delete from..." So I can see an argument for something more fine-grained or custom wrapping the database to ensure that it really behaves like a proper "server application" and only expected operations are allowed, security policy is enforced, etc. It's not clear how that works with Hibernate... by using stored procedures somehow? Or, perhaps, Hibernate really lives on the server after all, and the whole client works via RMI/SOAP etc and is "thinner."

I am used to people treating their DB like a windows box, hiding it behind firewalls, etc. I certainly see the sense in it. And this is really not practical, but in theory at least, wouldn't it be better to fix the database (whichever one it is) rather than wrapping it, if we trust it this little? Or is it impossible to safely expose the database at all, through a wrapper or not?




--
Gavin King
+61 41 053 4454
+1 404 822 8349

Hibernate
[EMAIL PROTECTED]
http://hibernate.org

JBoss Inc
[EMAIL PROTECTED]
http://jboss.com



-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the
one installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
hibernate-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/hibernate-devel

Reply via email to