Re: [Squirrel-sql-develop] SQuirreL security plugin
A Java SQL client for any JDBC compliant database
Brought to you by:
colbell,
gerdwagner
From: Gerd W. <ger...@t-...> - 2008-07-23 09:36:38
|
Here is a different approach that we use not for security reasons but merely for logging: Create a wrapper JDBC driver that wraps your original driver. Then register this driver instead of the original driver within SQuirreL. Any call that SQuirreL sends to the database will then pass through the wrapper. Here you'd be in control of everything. If you don't want a call to execute simply make the wrapper throw an SQLException. SQuirreL should handle such exceptions the way it does any other database exceptions. To create such a driver wrapper can be simplified a lot using JDKs Proxy API. See http://java.sun.com/j2se/1.5.0/docs/api/java/lang/reflect/Proxy.html Hope this helps. Gerd Robert Manning wrote: > On Mon, Jul 14, 2008 at 6:32 AM, <Gui...@lo...> wrote: > >> Hi, >> >> I am looking for a SQL tool we could give to our developpers in order to >> access safely our production databases. >> Because our databases contain confidential data, we would like to trace or >> restrict the actions the developers could perform. This is a requirement >> of our Security Dept (I am working in a bank, security is strict). The >> tool would be installed on dedicated workstations with restricted >> permissions (no administrative rights). >> >> One possibility is to use Squirrel, and develop our plugin to meet our >> requirements. >> Basicaly, the plugin should : >> - prevent the user to export data by disabling some menu actions >> - trace in a log-file all sql queries that are executed (not only those >> sent by clicking on the "Run SQL" button, but also when the user edits the >> results returned in the "Results" tab) >> >> >> Can you confirm me that it is possible to develop such a plugin >> (technically speaking) ? >> I have no doubt that the first point (disabling a menu action) could be >> easily developed. But about the second point (trace in a logfile), does >> IPlugin have a callback method that I could implement and that would be >> called before any SQL command is sent through jdbc ? > > > Our current table editing component (DataSetUpdateableTableModelImpl) > doesn't allow > you to register a listener for it's SQL executing actions. We would need to > add support for > that. However, for the SQL tab, your plugin can register a > ISQLExecutionListener and > get a callback prior to each statement to support auditing. Of course, > plugins can be > disabled using the plugin summary dialog - if that's a show stopper, that > menu item could > be disabled as well. > > Rob > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Squirrel-sql-develop mailing list > Squ...@li... > https://lists.sourceforge.net/lists/listinfo/squirrel-sql-develop > |