Re: [Squirrel-sql-develop] SQuirreL security plugin
A Java SQL client for any JDBC compliant database
Brought to you by:
colbell,
gerdwagner
From: Robert M. <rob...@gm...> - 2008-07-23 09:10:00
|
On Mon, Jul 14, 2008 at 6:32 AM, <Gui...@lo...> wrote: > Hi, > > I am looking for a SQL tool we could give to our developpers in order to > access safely our production databases. > Because our databases contain confidential data, we would like to trace or > restrict the actions the developers could perform. This is a requirement > of our Security Dept (I am working in a bank, security is strict). The > tool would be installed on dedicated workstations with restricted > permissions (no administrative rights). > > One possibility is to use Squirrel, and develop our plugin to meet our > requirements. > Basicaly, the plugin should : > - prevent the user to export data by disabling some menu actions > - trace in a log-file all sql queries that are executed (not only those > sent by clicking on the "Run SQL" button, but also when the user edits the > results returned in the "Results" tab) > > > Can you confirm me that it is possible to develop such a plugin > (technically speaking) ? > I have no doubt that the first point (disabling a menu action) could be > easily developed. But about the second point (trace in a logfile), does > IPlugin have a callback method that I could implement and that would be > called before any SQL command is sent through jdbc ? Our current table editing component (DataSetUpdateableTableModelImpl) doesn't allow you to register a listener for it's SQL executing actions. We would need to add support for that. However, for the SQL tab, your plugin can register a ISQLExecutionListener and get a callback prior to each statement to support auditing. Of course, plugins can be disabled using the plugin summary dialog - if that's a show stopper, that menu item could be disabled as well. Rob |