Re: [Squirrel-sql-develop] SQuirreL security plugin

[Robert M. <rob...@gm...>]

On Mon, Jul 14, 2008 at 6:32 AM, <Gui...@lo...> wrote:

> Hi,
>
> I am looking for a SQL tool we could give to our developpers in order to
> access safely our production databases.
> Because our databases contain confidential data, we would like to trace or
> restrict the actions the developers could perform. This is a requirement
> of our Security Dept (I am working in a bank, security is strict). The
> tool would be installed on dedicated workstations with restricted
> permissions (no administrative rights).
>
> One possibility is to use Squirrel, and develop our plugin to meet our
> requirements.
> Basicaly, the plugin should :
> - prevent the user to export data by disabling some menu actions
> - trace in a log-file all sql queries that are executed (not only those
> sent by clicking on the "Run SQL" button, but also when the user edits the
> results returned in the "Results" tab)
>
>
> Can you confirm me that it is possible to develop such a plugin
> (technically speaking) ?
> I have no doubt that the first point (disabling a menu action) could be
> easily developed. But about the second point (trace in a logfile), does
> IPlugin have a callback method that I could implement and that would be
> called before any SQL command is sent through jdbc ?


Our current table editing component (DataSetUpdateableTableModelImpl)
doesn't allow
you to register a listener for it's SQL executing actions.  We would need to
add support for
that.  However, for the SQL tab, your plugin can register a
ISQLExecutionListener  and
get a callback prior to each statement to support auditing.  Of course,
plugins can be
disabled using the plugin summary dialog - if that's a show stopper, that
menu item could
be disabled as well.

Rob