• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

EJB / Database Audit Question

 
Ranch Hand
Posts: 314
2
Android VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,
I am currently using EJB 2.0 -- complete with CMR and EJB-based cascading deletes -- to implement an application. The state of these EJBs is stored in a PostgreSQL database.
For security reasons and in order to meet the needs of my client, I need to timestamp modifications made to the underlying database records. I am doing this using triggers.
However, I also need to record the name of the account used to modify the record and this is raising some implementation and security issues that I have never had to think about before.
The easiest way of implement this feature would be to create PostgreSQL user accounts for each application account and rely on the trigger to store its name with the database record.
On the other hand, these accounts would have to be created dynamically (because the application accounts are) and I am not sure our database / server administrator would go for this because it introduces some serious security risks into the system (perhaps -- I am supposing it would.)
An alternative to creating PostgreSQL accounts would be to create a new CMP field that takes on the name of the application account that the user is logged on to. However, if a delete of an entity bean leads to a cascade of other beans being deleted, I am not at all sure how these other beans would be handled (perhaps through the ejbRemove method?) The same problem applies with modifications propogated to other beans that result because of existing CMR relationships.
Does anyone have some ideas on how to handle issues like this?
Thanks,
Darryl
 
Darryl A. J. Staflund
Ranch Hand
Posts: 314
2
Android VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi again,
It looks like programmatically creating database users isn't going to open the door of security issues I thought it would so this is the strategy I am going to take. Thanks for your help.
Darryl
 
Honk if you love justice! And honk twice for tiny ads!
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic