473,889 Members | 1,352 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

tough choices

Hello:
We are designing two multi-user client server applications that
performs large number of transactions on database servers. On an
average Application A has a 50% mix of select and update/insert/delete
statements and application B has 80-20 mix of select and
update/insert/delete statements. Being able to scale the databases as
needed so the performance is unaffected, is one of our critical
requirements. We've been investigating Oracle 10g RAC and DB2 ESE as
alternatives and in both cases unfortunately, we get a lot more
marketing spin than real answers. I've looked through some of the
newsgroup postings on oracle and ibm's websites and most of the
discussions seem to be about high availability(an d technology
evangelism). The information we've gathered so far seems to point to:

1. The critical factor (and possibly the bottleneck) for Oracle's RAC
performance is the network and the storage access speed- if the
network does not have ample unused bandwidth or the rate at which
storage can be accessed by various nodes has reached the point of
diminishing returns - we won't get any additional performance by
simply increasing the number of nodes. Also, the application that
performs more writes will hugely increase the network traffic because
of synchronization requirements.

2. DB2 can deliver better performance but only if the data that is
accessed together is physically laid out together and the application
has knowledge of the physical data layout (so it can connect to the
right node in the cluster ). However, if, we separate the application
logic from physical layout of the data the performance will be
unpredictable.

All this is just hypotheses - if anyone has some real world experience
with these two offerings and can offer an objective opinion - we'd
really appreciate it.
Nov 12 '05
198 11617
Serge Rielau apparently said,on my timestamp of 26/06/2004 12:34 PM:
... WHERE has_privileges( ) = 1

has_privileges( ) can be a UDF which dows whatever you please.
Looking at any credentials the DBMS provides.


It's not a problem of credentials, Serge. I don't think
has_privileges( ) can access the currently to-be-selected data
and check it as if it was a normal predicate where clause.

Of course, it can check all sorts of other things. That is also
available in any database that supports stored procedures/functions
and their use in SQL, like Oracle and DB2 do.

--
Cheers
Nuno Souto
wi*******@yahoo .com.au.nospam
Nov 12 '05 #191
Larry wrote:
Mark,

Thank you for being honest in your answer.

One of the reasons that I asked is because frankly, I really didn't know
the answer (I only have a base of experience with a very specific set of
customers ... although over about 13 years now).
Hmm - your specific question was "how many customers need to control
acces to data down to the level of which IP the query is coming from.
The answer is very few. However, many people (as can be seen from
answers from people on this thread) use row level security
The other is that earlier in this thread, a claim was made that DB2
relied on Tivoli to provide "even the most basic security". Now ... I
know we've beaten it to death already ... and I don't want to continue
to do so. But ... as so frequently happens in the IT world, this boils
down to semantics. I propose that DB2 UDB (without Tivoli) does have
much in the way of "basic" rdbms security authorization and
authentication support. It may be a different implementation than
Oracle. But it's there. And I also submit that "basic" covers the
security needs of the vast majority of users and companies (if not more
than that). I also know that when a requirement is brought forward to
IBM, and it is a frequently requested requirement ... it will likely
find its way into the product ... sooner rather than later if the market
deems it important enough (as I'm sure is the case with Oracle also).

There have been a few requests for this to date in DB2 land that I can see

http://tinyurl.com/2dfbe
http://tinyurl.com/33nl5
http://tinyurl.com/2ppzh
http://tinyurl.com/2rjof
http://tinyurl.com/2ubxc

Many of the initial "sponsors" at Oracle for the row level security
stuff were the non-name customers alluded to earlier, and they tend not
to post to newsgroups ;-)
Larry Edelstein

Mark Townsend wrote:
Larry wrote:
Question though. How many customers in reality have security
requirements that are this granular and that need to be met based on
only an IP address coming in?


At that level of granularity, just a few. And in fact, some of them
don't even exist :-)

"As I was going down the stair, I saw a man who wasn't there. He
wasn't there again today; He must be from the ..."

However, many companies have policies over what data can and cannot be
accessed when on a wireless network or internet via dial up or VPN (as
opposed to the intranet). I know Oracle does for some of the more
significant IP.


Nov 12 '05 #192
Buck Nuggets wrote:
I've got an application that has implemented some very complex
security policies like this in the application layer and it is a
maintenance nightmare.
Doing it once in the database reduces this maintenance nightmare.
Anyhow, in my
circumstance the vendor hasn't provided the maintenance tools to
really manage this complexity. Being completely pragmatic here - does
Oracle have a good grasp on this today? Can you easily determine in a
proactive fashion:
- all the users & ip ranges that any given row can be accessed by?
- all the rows & columns that a given user can access?
If not, are there tools coming out to help with this?
If you are willing to express your security policies via access labels,
then Oracle has a packaged solutiuon, called Oracle Label Security, that
will automate the generation and maintenance of your policies for you.
Of course, that brings up the other potential
challenge with policies like these - can they be implemented as easily
on the BI (data warehousing, data mart, olap) side as they are on the
OLTP side? Or is the best practice implementation for those very high
security apps that don't ever allow the data out of a single
centralized repository?


People use this stuff A LOT for Data Warehouses, often to remove the
need to proliferate multiple downstream data marts. A classic is a bank
that increases the privacy of customer information internally, the more
money the customer has. Generally, I guess they would tend to see a
secure, single centralized repository as a good thing, not a bad thing.

Nov 12 '05 #193
OK, let me see if I get this straight.
Oracle provides a set of procedures which are used to manage "policies"
against specific tables (or table like objects)/columns. A policy is
associated with a function.
the function is user defined and spits out a predicate string which
Oracle injects into the SQL Statement.
Whatever smarts (policies) there are are in the user written function.
Presumable for column level access control some form of CASE expression
is used to NULL out the data (?)

The promised value add is:
* in not needing to alter the view, or introduce views for encapsulation
in the first place.
* The predicate may be injected or not - depending on whatever the
policy maker pleases (such as time of day, mood of the boss)
* There is some level of encapsulation (i.e. the policy package).

The policy maker is responsible to keep up to date with schema changes
(or the predicates may break) and to ensure proper indexing exists (or
else the predicates may bring the query to a grinding halt).

Did I miss anything?
Cheers
Serge
--
Serge Rielau
DB2 SQL Compiler Development
IBM Toronto Lab
Nov 12 '05 #194
Serge Rielau apparently said,on my timestamp of 27/06/2004 12:55 AM:
Oracle provides a set of procedures which are used to manage "policies"
against specific tables (or table like objects)/columns. A policy is
associated with a function.
Not quite. The user creates the procedure, not Oracle. And the
policy itself. And associates one with the other.
Which means for example from now on, when in that table you do:
SELECT * FROM THAT_TABLE
WHERE TABLE_ID = 2178;
what really executes is:
SELECT * FROM THAT_TABLE
WHERE TABLE_ID = 2178
AND MY_FUNCTION(wha tever) = TRUE;
and no one knows about it except the authorized user who created
the policy and administrators. Want to change the policy? Good,
change the function. Want to create a view on the table?
Good, but the view will still have the policy's function added
to any predicate for that table after view merge. Want to restrict
the policy to SELECT? Nothing could be easier: just create a policy
only for SELECT. And so on.
The promised value add is:
* in not needing to alter the view, or introduce views for encapsulation
in the first place.
yes, that is one advantage. Although I prefer to create a view
on the table THEN add the policy to the view. This means I can
(to a degree) isolate alterations to definition from the policy.
* The predicate may be injected or not - depending on whatever the
policy maker pleases (such as time of day, mood of the boss)
Not quite. Bottom line is: the policy is always active, it's
the function that controls partial or time access in your example.
Note that the function is stored PL/SQL, as complex as you may
want to make it. Of course there is a penalty to pay for
added complexity.
* There is some level of encapsulation (i.e. the policy package).
Very much so.

The policy maker is responsible to keep up to date with schema changes
(or the predicates may break) and to ensure proper indexing exists (or
else the predicates may bring the query to a grinding halt).
Or they may stay just like they were. Or use new indexes.
It's just a predicate, like any other on that table.
It either evaluates to true or false, then gets added
to all other predicates, whatever indexes they may use
or not.
Did I miss anything?


Not much. Hopefully it will become clear with the example
above.

--
Cheers
Nuno Souto
wi*******@yahoo .com.au.nospam
Nov 12 '05 #195
Serge Rielau wrote:
OK, let me see if I get this straight.
Oracle provides a set of procedures which are used to manage "policies"
against specific tables (or table like objects)/columns. A policy is
associated with a function.
the function is user defined and spits out a predicate string which
Oracle injects into the SQL Statement.
Whatever smarts (policies) there are are in the user written function.
Presumable for column level access control some form of CASE expression
is used to NULL out the data (?)

The promised value add is:
* in not needing to alter the view, or introduce views for encapsulation
in the first place.
* The predicate may be injected or not - depending on whatever the
policy maker pleases (such as time of day, mood of the boss)
* There is some level of encapsulation (i.e. the policy package).

The policy maker is responsible to keep up to date with schema changes
(or the predicates may break) and to ensure proper indexing exists (or
else the predicates may bring the query to a grinding halt).

Did I miss anything?
Cheers
Serge


Only the fact that if someone logs on without going through the approved
front-end tool there is no means of bypassing the imposed security.

Your assumption that the policy must be changed to keep up with schema
changes is valid but your extention to that being likely to cause a
problem is out of proportion to reality. Adding tables, adding columns,
dropping columns, etc. will only cause an issue if the objects referred
to no longer exist. And if that were the case the code would not compile
and or run. Hardly something that would ever make it through development
and testing.

--
Daniel Morgan
http://www.outreach.washington.edu/e...ad/oad_crs.asp
http://www.outreach.washington.edu/e...oa/aoa_crs.asp
da******@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Nov 12 '05 #196
Mark Townsend <ma***********@ comcast.net> wrote in message news:<Y2gDc.120 188$0y.88598@at tbi_s03>...
Buck Nuggets wrote:
I've got an application that has implemented some very complex
security policies like this in the application layer and it is a
maintenance nightmare.
Doing it once in the database reduces this maintenance nightmare.


Well, it certainly would have some advantages - like the ability to
apply to any application that connects. But I was actually wondering
about management functionality that would allow you to easily audit
the rules - to know what is covered and what isn't. That need exists
regardless of which platforms security is implemented on.
If you are willing to express your security policies via access labels,
then Oracle has a packaged solutiuon, called Oracle Label Security, that
will automate the generation and maintenance of your policies for you.


cool, i'll check this out.
Of course, that brings up the other potential
challenge with policies like these - can they be implemented as easily
on the BI (data warehousing, data mart, olap) side as they are on the
OLTP side? Or is the best practice implementation for those very high
security apps that don't ever allow the data out of a single
centralized repository?


People use this stuff A LOT for Data Warehouses, often to remove the
need to proliferate multiple downstream data marts. A classic is a bank
that increases the privacy of customer information internally, the more
money the customer has. Generally, I guess they would tend to see a
secure, single centralized repository as a good thing, not a bad thing.


Not me. I've seen *far* too many warehouse projects killed due to
slow construction and adaptation speed. Over-centralization is often
one of the causes. Additionally, there are cost and scalability
issues as well. I'd prefer to see multiple databases communicate
these policies between one another via an ldap service, etc.

If I've got to centralize all my data on a single database in order to
take advantage of a security option then it forces me to accept
another major risk factor. Not to say that there aren't times when
this isn't best, just not often in my opinion.

buck
Nov 12 '05 #197

Did I miss anything?
Cheers
Serge


First and foremost - a security policy cannot be bypassed - its attached
to the table. Think about is a constraint - not a lot of sense using
views to define the constraint, at some stage somebody is going to
update the table directly.

Then there is some refinement (this has been out in the market since
Oracle8i, so it's had at least 3 major release revisions, and plenty of
minor ones)

Secure Application Contexts - what the policy uses to make decisions
(User name, time of day, IP address etc). Basically what the database
understands to be significant about you. There is a series of defaults
scraped from the client environment, and additional ones can be user
defined, and there is no way to spoof them.

Multi Tier Proxies - a secure way to pass a user's identity etc through
a middle tier without having to re-authenticate the user. So I don't
need to give you my password - the database trusts you, you trust me,
therefore the database trusts you telling it that its me.

Relevant Column Enforcement - I don't care if you select Larry's name,
email, telephone number etc from the employee table , but if you do
select salary, then I want to apply a policy that makes sure you are
worthy to see it. Similarly - lets say you can see details about
departments, but only total salary cost for your own department - you
can still select salary, but it get masked for the departments you
aren't allowed to see.

Then there is the whole audit side of the business. Audit policies based
on who the user is, and what data they want to see etc. For instance,
unlisted numbers aren't really unlisted. Operators have access to them,
they are just not allowed to give them out. You simply cannot audit all
operator access to all numbers - too may audit transactions. Instead you
can say "Only audit access to Cameron Diaz's unlisted number". Then, if
she has a stalker, the telephone company can prove that they didn't
provide the number. This area is growing fast with HIPA, Sarbox etc.

Nov 12 '05 #198


Mark Townsend wrote:
"As I was going down the stair, I saw a man who wasn't there. He wasn't
there again today; He must be from the ..."


CIA?

Nov 12 '05 #199

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
3006
by: Mica Cooper | last post by:
Hi, I have a series of Select menus on a page. I am trying to allow the user to click on the Select title and have it popup a help window. This works fine with the following code except that all the Select choices are lost. <A HREF="javascript:location='menu.jsp';window.open('menuhelp.jsp?menuID=5','me nuhelp',)">MenuTitle</A> I saw an example of a popup on a website that did not lose the menu choices.
4
1324
by: frank | last post by:
Hi there. Before anyone gripes about cross posting, Ill say upfront that I just posted this message to am SQL server newsgroup because I want feedback from database developers as well as asp coders... I want to create a web based software rating database. I have a number of objectives that I would need to achieve to make this a useable tool and some are not easy figure out considering my begginning level of db and asp knowledge. I am...
6
1739
by: apngss | last post by:
When an application needs to get information from another machine over the network, how many distributed computing choices out there? Here are the choices I know of, classifying by different programming languages HTTP (any??) RPC (C, C++) ..NET (Microsoft)
6
1537
by: Kennedy_f | last post by:
I did better in terms of score on this one than 291, but I found it much harder. Wordings of questions are difficult like the rest, but the DNS and CA scenarios were very tough to figure out. Take your time on the questions. I used uecrtify exam simulation. Make sure you know exactly what they are asking for and think it through. You will not pass unless you have experience with the product and have done a lot of prep work. Read the...
9
1692
by: Rhino | last post by:
How hard (and desireable) would it be to give the user certain choices when it comes to printing web pages? The pages on my site use colours and pictures and contain an imbedded menu, among other things. Now, I could make certain assumptions on the user's behalf, such as making the background white and the text black, suppressing the menu from the printed page, and even suppressing the printing of the pictures if they are merely...
2
1578
by: Tedros.G | last post by:
Okay this is a slightly tricky one for us newbies, butI'm guessing it'll be breeze for ou experts! Problem: You recieve a xml message which conforms to a common schema. Everything is great and your clients (who send you their data based on this agreed schema), do everything works as agreed and planned. Over the next few months a few clients suddenly decide to add extra nodes, therby breaking the schema validation. Then another client...
4
1917
by: wideasleep | last post by:
Hello everyone, I am looking for a way to remove choices from cascading combo boxes as each selection is made. Here's how this is laid out. The initial combo box is STAGE and it will have choices STAGE1, STAGE2, STAGE3 and that will cascade to the CODE combo box. The CODE selections will also have lb. amounts for each code item. For example purposes here's the layout for the STAGE choices in the CODE combo box and use your imagination...
5
2050
by: vajra1987 | last post by:
Hello everybody I am working on a Website built on JSP and Servlets . one of the features of the site is to give user the chance to subscribe to different newsletters under different categories. So for example, user1 surfs to the page which displays category sport and under that some options (check boxes) and he can choose zero or more, and he clicks to add the next catetory options , for example entertainement. I am new at Java and...
1
1531
by: jej1216 | last post by:
Background: I have an PHP form that inserts data into a MySQL DB, and it works. Severity of Incident: <select name="severity" size="1"> <option value="">Select a Severity Option</option> <option value="Level1 - No Obvious Harm">Level 1 - No Obvious Harm</option> <option value="Level2 - Non-permanent Harm">Level 2 - Non-permanent Harm</option> <option value="Level3 - Semi-permanent Harm">Level 3 - Semi-permanent Harm</option> <option...
0
11188
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10789
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10889
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10441
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
7993
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7150
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5828
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
6028
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
2
4251
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.