• Title/Summary/Keyword: Database Account Separation

Search Result 2, Processing Time 0.016 seconds

A Study on Database Access Control using Least-Privilege Account Separation Model (최소 권한 계정 분리 모델을 이용한 데이터베이스 엑세스 제어 연구)

  • Jang, Youngsu
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.15 no.3
    • /
    • pp.101-109
    • /
    • 2019

  • In addition to enabling access, database accounts play a protective role by defending the database from external attacks. However, because only a single account is used in the database, the account becomes the subject of vulnerability attacks. This common practice is due to the lack of database support, large numbers of users, and row-based database permissions. Therefore if the logic of the application is wrong or vulnerable, there is a risk of exposing the entire database. In this paper, we propose a Least-Privilege Account Separation Model (LPASM) that serves as an information guardian to protect the database from attacks. We separate database accounts depending on the role of application services. This model can protect the database from malicious attacks and prevent damage caused by privilege escalation by an attacker. We classify the account control policies into four categories and propose detailed roles and operating plans for each account.

  • https://doi.org/10.17662/ksdim.2019.15.3.101 인용 PDF KSCI

Implementation of Non-SQL Data Server Framework Applying Web Tier Object Modeling (웹티어 오브젝트 모델링을 통한 non-SQL 데이터 서버 프레임웍 구현)

  • Kwon Ki-Hyeon;Cheon Sang-Ho;Choi Hyung-Jin
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.31 no.4B
    • /
    • pp.285-290
    • /
    • 2006

  • Various aspects should be taken into account while developing a distributed architecture based on a multi-tier model or an enterprise architecture. Among those, the separation of role between page designer and page developer, defining entity which is used for database connection and transaction processing are very much important. In this paper, we presented DONSL(Data Server of Non SQL query) architecture to solve these problems applying web tier object modelling. This architecture solves the above problems by simplifying tiers coupling and removing DAO(Data Access Object) and entity from programming logic. We concentrate upon these three parts. One is about how to develop the DAO not concerning the entity modification, another is automatic transaction processing technique including SQL generation and the other is how to use the AET/MET(Automated/Manual Execute d Transaction) effectively.

  • PDF KSCI