Daniel Hofer, Stefan Nadschläger, Aya Mohamed, Josef Küng,
"Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation"
, in Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil: Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22?24, 2022, Proceedings, Part II, Serie Lecture Notes in Computer Science, Vol. 13427, Springer, Cham, Seite(n) 71-83, 7-2022, ISBN: 978-3-031-12426-6
Original Titel:
Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation
Sprache des Titels:
Englisch
Original Buchtitel:
Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22?24, 2022, Proceedings, Part II
Original Kurzfassung:
Enforcing authorization for web applications must be done on the server side.
Thus, either the backend or the persistent storage are suitable layers.
From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend.
However, not all such frameworks offer sufficient authorization support.
From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework.
Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization.
This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities.
The request is modified by adding a filter to return only authorized entities.
Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.
Sprache der Kurzfassung:
Englisch
Englische Kurzfassung:
Enforcing authorization for web applications must be done on the server side.
Thus, either the backend or the persistent storage are suitable layers.
From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend.
However, not all such frameworks offer sufficient authorization support.
From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework.
Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization.
This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities.
The request is modified by adding a filter to return only authorized entities.
Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.
Forschungs-