Table 6 - uploaded by Óscar Pereira
Content may be subject to copyright.
Source publication
Nowadays, database application use tools like Java Database Connectivity, Hibernate or ADO.NET to access data stored in databases. These tools are designed to bring together the relational database and object-oriented programming paradigms, forsaking applied access control policies. Hence, the application developers must master the established poli...
Context in source publication
Context 1
... simple example of a mutual authentication scheme (where both the client and the server are authenticated) is shown in Table 6. The challenge in this example is a random value, to which the correct response is the hash of the challenge sent to the other party with the received challenge and the password. ...
Citations
... This proposal emerged from the work done in (Pereira et al., 2015;Regateiro et al., 2014;Pereira et al., 2014), where a distributed access control framework allows the clients to connect to a database through runtime generated access control mechanisms. There, client applications can use an interface based on JDBC, where the methods are only implemented by the access control mechanisms to access and manipulate data stored in a database if the user has permission to use them. ...
Database applications are a very pervasive tool that enable businesses to make the most out of the data they collect and generate. Furthermore, they can also be used to provide services on top of such data that can access, process, modify and explore it. It was argued in the work this paper extends that when client applications that access a database directly run on public or semi-public locations that are not highly secured (such as a reception desk), the database credentials used could be stolen by a malicious user. To prevent such an occurrence, solutions such as virtual private networks (VPNs) can be used to secure access to the database. However, VPNs can be bypassed by accessing the database from within the business network in an internal attack, among other problems. A methodology called Secure Proxied Database Connectivity (SPDC) is presented which aims to push the database credentials out of the client applications and divides the information required to access them between a proxy and an authentication server, while supporting existing tools and protocols that provide access to databases, such as JDBC. This approach will be shown and further detailed in this paper in terms of attack scenarios, implementation and discussion.
