Daniel Hofer, Stefan Nadschläger, Aya Mohamed, Josef Küng,
"Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation"
, in Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil: Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22?24, 2022, Proceedings, Part II, Serie Lecture Notes in Computer Science (LNCS), Vol. 13427, Springer, Cham, Seite(n) 71-83, 7-2022, ISBN: 978-3-031-12426-6
Original Titel:
Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation
Sprache des Titels:
Englisch
Original Buchtitel:
Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22?24, 2022, Proceedings, Part II
Original Kurzfassung:
Enforcing authorization for web applications must be done on the server side.
Thus, either the backend or the persistent storage are suitable layers.
From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend.
However, not all such frameworks offer sufficient authorization support.
From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework.
Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization.
This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities.
The request is modified by adding a filter to return only authorized entities.
Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.