4GL Patterns #15 – Security Patterns

This is Part #15 in a series of posts on 4GL RAD Patterns. You can find out more here – 4GL patterns.

RWOP

Databases may implement a security pattern known as Run with Owner’s Permission (RWOP). This is also known as a Trusted Proxy, or On Behalf Of. (Unix users may observe it’s the same idea as setuid).

One use case is a power user has designed a report which other users can use. However, other users might not have permissions to the underlying tables. The power user can assign his permissions to the other users; temporarily elevating their permissions to that of his, in order to run the reports.

Client Data Storage

In client-server applications, the data may be cached on the client computer. This not only requires security to be duplicated on the server-side (Client Input Filters), but also consideration of the storage of sensitive data on the local computer. For instance, it might be a public computer, or the computer/device might be stolen.

Reference

Security Models – On Behalf Of, Oren Eini

Security Patterns Repository (local copy), Kienzle et al.

Giving Permission Through SQL Stored Procedures , Erland Sommarskog