This content has been marked as final.
Show 6 replies
-
1. Re: App Roles in SQL Server
darranl Aug 12, 2005 1:36 PM (in response to earniedyke)Which version of JBoss are you using?
"earniedyke" wrote:
I have thought about using it in the SQL that is called when a connection is created but the whole reason for using app roles is so no one knows they are being used. Make any sense?
It is possible in the -ds.xml to specify some SQL to be executed when a new connection is created, is this what you are looking for or what you are trying to avoid? -
2. Re: App Roles in SQL Server
earniedyke Aug 12, 2005 1:43 PM (in response to earniedyke)The problem is we connect to the database with one id with no privileges then switch to an app role which has all of the table privileges. I could execute a stored procedure in the
<new-connection-sql>
but the fear among our security people is if someone hacks our server, decryts the connection user password then all they have to do is execute the stored procedure to gain full access to the table.
I know, this is a long stretch but our security people view it as a real threat. :-( I think it's a load of bs!
Earnie! -
3. Re: App Roles in SQL Server
earniedyke Aug 12, 2005 1:49 PM (in response to earniedyke)And we are on 4.0.1sp1
Earnie! -
4. Re: App Roles in SQL Server
adrian.brock Aug 12, 2005 1:55 PM (in response to earniedyke)Moved to the security forum.
A basic understanding of security should tell you that unless you force
the user booting JBoss to enter a password or some other credential
your problem is unsolvable.
Static preconfiguration of credentials can always be hacked.
It depends who you trust with the credential.
"Security is a process, not a technology". -
5. Re: App Roles in SQL Server
adrian.brock Aug 12, 2005 1:59 PM (in response to earniedyke)"adrian@jboss.org" wrote:
Static preconfiguration of credentials can always be hacked.
Adding complicated protocols based on store procedures or some other
mechanism is just "Security by Obfuscation". -
6. Re: App Roles in SQL Server
earniedyke Aug 12, 2005 2:06 PM (in response to earniedyke)I could not agree more. I am just trying to satisfy people who think you can create systems that are unbreechable.
Earnie!