Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Daniel Hofer; Stefan Nadschläger; Aya Mohamed; Josef Küng

doi:10.1007/978-3-031-12426-6_6

Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Daniel Hofer, Stefan Nadschläger, Aya Mohamed, Josef Küng

Publikation: Beitrag in Buch/Bericht/Konferenzband › Konferenzbeitrag › Begutachtung

Abstract

Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

Originalsprache	Englisch
Titel	Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II
Herausgeber*innen	Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil
Erscheinungsort	Cham
Verlag	Springer
Seiten	71-83
Seitenumfang	13
Band	13427
ISBN (Print)	978-3-031-12426-6
DOIs	https://doi.org/10.1007/978-3-031-12426-6_6
Publikationsstatus	Veröffentlicht - Juli 2022

Publikationsreihe

Name	Lecture Notes in Computer Science (LNCS)

Wissenschaftszweige

102 Informatik

JKU-Schwerpunkte

Digital Transformation

Zugriff auf Dokument

10.1007/978-3-031-12426-6_6

Dieses zitieren

Hofer, D., Nadschläger, S., Mohamed, A., & Küng, J. (2022). Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil (Hrsg.), Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II (Band 13427, S. 71-83). (Lecture Notes in Computer Science (LNCS)). Springer. https://doi.org/10.1007/978-3-031-12426-6_6

Hofer, Daniel ; Nadschläger, Stefan ; Mohamed, Aya et al. / Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Hrsg. / Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil. Band 13427 Cham : Springer, 2022. S. 71-83 (Lecture Notes in Computer Science (LNCS)).

@inproceedings{9587db01791f4454a15daefacd5c922f,

title = "Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation",

abstract = "Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.",

author = "Daniel Hofer and Stefan Nadschl{\"a}ger and Aya Mohamed and Josef K{\"u}ng",

year = "2022",

month = jul,

doi = "10.1007/978-3-031-12426-6\_6",

language = "English",

isbn = "978-3-031-12426-6",

volume = "13427",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "71--83",

editor = "\{Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil\}",

booktitle = "Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II",

}

Hofer, D, Nadschläger, S, Mohamed, A & Küng, J 2022, Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil (Hrsg.), Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Bd. 13427, Lecture Notes in Computer Science (LNCS), Springer, Cham, S. 71-83. https://doi.org/10.1007/978-3-031-12426-6_6

Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. / Hofer, Daniel; Nadschläger, Stefan; Mohamed, Aya et al.
Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Hrsg. / Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil. Band 13427 Cham: Springer, 2022. S. 71-83 (Lecture Notes in Computer Science (LNCS)).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Konferenzbeitrag › Begutachtung

TY - GEN

T1 - Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

AU - Hofer, Daniel

AU - Nadschläger, Stefan

AU - Mohamed, Aya

AU - Küng, Josef

PY - 2022/7

Y1 - 2022/7

N2 - Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

AB - Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

U2 - 10.1007/978-3-031-12426-6_6

DO - 10.1007/978-3-031-12426-6_6

M3 - Conference proceedings

SN - 978-3-031-12426-6

VL - 13427

T3 - Lecture Notes in Computer Science (LNCS)

SP - 71

EP - 83

BT - Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II

A2 - Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil, null

PB - Springer

CY - Cham

ER -

Hofer D, Nadschläger S, Mohamed A, Küng J. Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil, Hrsg., Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Band 13427. Cham: Springer. 2022. S. 71-83. (Lecture Notes in Computer Science (LNCS)). doi: 10.1007/978-3-031-12426-6_6