Skip to content
Snippets Groups Projects
Commit 8f6eba25 authored by Goik Martin's avatar Goik Martin
Browse files

qandaset title --> parent section

parent 70791c2f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 72 additions and 45 deletions
Sda1/sda1.xml
+ 72
45
View file @ 8f6eba25
...@@ -12039,57 +12039,84 @@ public class InsertPerson extends JFrame { ...@@ -12039,57 +12039,84 @@ public class InsertPerson extends JFrame {
</qandadiv> </qandadiv>
</qandaset> </qandaset>
   
<qandaset defaultlabel="qanda" xml:id="quandaentry_ArchSecurity"> <section xml:id="sectArchitectSecurityConsiderations">
<title>Architectural security considerations</title> <title>Architectural security considerations</title>
   
<qandadiv> <qandaset defaultlabel="qanda" xml:id="quandaentry_ArchSecurity">
<qandaentry> <qandadiv>
<question> <qandaentry>
<para>In <xref linkend="exerciseInsertLoginCredentials"/> we <question>
achieved end user credential protection. How about the overall <para>In <xref linkend="exerciseInsertLoginCredentials"/> we
application security? Provide improvement proposals if achieved end user credential protection. How about the
appropriate. Hint: Consider the way credentials are being overall application security? Provide improvement proposals
supplied.</para> if appropriate. Hint: Consider the way credentials are being
</question> supplied.</para>
</question>
   
<answer> <answer>
<para>Connecting the client to our database server solely <para>Connecting the client to our database server solely
depends on credentials <coref depends on credentials <coref
linkend="databaseUserHdmPassword"/> being stored in a linkend="databaseUserHdmPassword"/> being stored in a
properties file properties file
<filename>database.properties</filename>:</para> <filename>database.properties</filename>:</para>
   
<programlisting language="none">PersistenceHandler.jdbcUrl=jdbc:mysql://localhost:3306/hdm <programlisting language="none">PersistenceHandler.jdbcUrl=jdbc:mysql://localhost:3306/hdm
PersistenceHandler.username=hdmuser <co xml:id="databaseUserHdmUsername"/> PersistenceHandler.username=hdmuser <co xml:id="databaseUserHdmUsername"/>
PersistenceHandler.password=<emphasis role="bold">XYZ</emphasis> <co PersistenceHandler.password=<emphasis role="bold">XYZ</emphasis> <co
xml:id="databaseUserHdmPassword"/></programlisting> xml:id="databaseUserHdmPassword"/></programlisting>
<para>This properties file is user accessible and contains the <para>This properties file is user accessible and contains
password in clear text. Arbitrary applications connecting to the password in clear text. Arbitrary applications
the database server using this account do have all permissions connecting to the database server using this account do have
being granted to <code>hdmuser</code> <coref all permissions being granted to <code>hdmuser</code> <coref
linkend="databaseUserHdmUsername"/>. In order for our linkend="databaseUserHdmUsername"/>. In order for our
application to work correctly the set of granted permissions application to work correctly the set of granted permissions
contains at least inserting datasets. Thus new users e.g. contains at least inserting datasets. Thus new users e.g.
<code>smith</code> including credentials may be inserted. <code>smith</code> including credentials may be inserted.
Afterwards the original application can be started by logging Afterwards the original application can be started by
in as <code>smith</code>.</para> logging in as <code>smith</code>.</para>
<para>Conclusion: The current application architecture is <para>Conclusion: The current application architecture is
seriously flawed with respect to security.</para> seriously flawed with respect to security.</para>
<para>Rather then using a common database account <para>Rather then using a common database account
<code>hdmuser</code> we may configure per-user accounts on the <code>hdmuser</code> we may configure per-user accounts on
database server having individual user credentials. This way the database server having individual user credentials. This
user credentials are no longer stored in our way user credentials are no longer stored in our
<code>Person</code> table but are being managed by the <code>Person</code> table but are being managed by the
database server's user management and privilege facilities. database server's user management and privilege facilities.
This completely avoids storing credentials on the client This completely avoids storing credentials on the client
side.</para> side.</para>
</answer> </answer>
</qandaentry> </qandaentry>
</qandadiv> </qandadiv>
</qandaset> </qandaset>
</section>
<section xml:id="sectRelationadatal2Xml">
<title>Converting relational data to XML</title>
<qandaset defaultlabel="qanda" xml:base="qandaRelationaldata2Xml"
xml:id="qandaRelationaldata2Xml">
<title>Reversing Xml to Rdbms exercise</title>
<qandadiv>
<qandaentry>
<question>
<label>Exporting RDBMS data to XML.</label>
<para>Reverse exercise <xref
linkend="qandaXmldata2relational"/> to read Rdbms data via
JDBC and export corresponding XML data using Jdom.</para>
</question>
<answer>
<para>Not yet published.</para>
</answer>
</qandaentry>
</qandadiv>
</qandaset>
</section>
   
<section xml:id="sda1SaxRdbms"> <section xml:id="sda1SaxRdbms">
<title>SAX and RDBMS</title> <title>SAX and RDBMS</title>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment