• Post Reply Bookmark Topic Watch Topic
  • New Topic

EJB / Database Audit Question

 
Darryl A. J. Staflund
Ranch Hand
Posts: 314
2
Android Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,
I am currently using EJB 2.0 -- complete with CMR and EJB-based cascading deletes -- to implement an application. The state of these EJBs is stored in a PostgreSQL database.
For security reasons and in order to meet the needs of my client, I need to timestamp modifications made to the underlying database records. I am doing this using triggers.
However, I also need to record the name of the account used to modify the record and this is raising some implementation and security issues that I have never had to think about before.
The easiest way of implement this feature would be to create PostgreSQL user accounts for each application account and rely on the trigger to store its name with the database record.
On the other hand, these accounts would have to be created dynamically (because the application accounts are) and I am not sure our database / server administrator would go for this because it introduces some serious security risks into the system (perhaps -- I am supposing it would.)
An alternative to creating PostgreSQL accounts would be to create a new CMP field that takes on the name of the application account that the user is logged on to. However, if a delete of an entity bean leads to a cascade of other beans being deleted, I am not at all sure how these other beans would be handled (perhaps through the ejbRemove method?) The same problem applies with modifications propogated to other beans that result because of existing CMR relationships.
Does anyone have some ideas on how to handle issues like this?
Thanks,
Darryl
 
Darryl A. J. Staflund
Ranch Hand
Posts: 314
2
Android Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi again,
It looks like programmatically creating database users isn't going to open the door of security issues I thought it would so this is the strategy I am going to take. Thanks for your help.
Darryl
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!