Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Daniel Hofer; Stefan Nadschläger; Aya Mohamed; Josef Küng

doi:10.1007/978-3-031-12426-6_6

Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Daniel Hofer
, Stefan Nadschläger
, Aya Mohamed
, Josef Küng

Publikation: Beitrag in Buch/Bericht/Konferenzband › Konferenzbeitrag › Begutachtung

Abstract

Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

Originalsprache	Englisch
Titel	Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II
Herausgeber*innen	Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, Ismail Khalil, A Min Tjoa
Erscheinungsort	Cham
Verlag	Springer
Seiten	71-83
Seitenumfang	13
Band	13427
ISBN (Print)	9783031124259
DOIs	https://doi.org/10.1007/978-3-031-12426-6_6
Publikationsstatus	Veröffentlicht - Juli 2022

Publikationsreihe

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band	13427 LNCS
ISSN (Print)	0302-9743
ISSN (elektronisch)	1611-3349

Wissenschaftszweige

102 Informatik

JKU-Schwerpunkte

Digital Transformation

Zugriff auf Dokument

10.1007/978-3-031-12426-6_6

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

Dieses zitieren

Hofer, D., Nadschläger, S., Mohamed, A., & Küng, J. (2022). Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in C. Strauss, A. Cuzzocrea, G. Kotsis, I. Khalil, & A. M. Tjoa (Hrsg.), Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II (Band 13427, S. 71-83). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 13427 LNCS). Springer. https://doi.org/10.1007/978-3-031-12426-6_6

Hofer, Daniel ; Nadschläger, Stefan ; Mohamed, Aya et al. / Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Hrsg. / Christine Strauss ; Alfredo Cuzzocrea ; Gabriele Kotsis ; Ismail Khalil ; A Min Tjoa. Band 13427 Cham : Springer, 2022. S. 71-83 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9587db01791f4454a15daefacd5c922f,

title = "Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation",

abstract = "Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.",

author = "Daniel Hofer and Stefan Nadschl{\"a}ger and Aya Mohamed and Josef K{\"u}ng",

year = "2022",

month = jul,

doi = "10.1007/978-3-031-12426-6\_6",

language = "English",

isbn = "9783031124259",

volume = "13427",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "71--83",

editor = "Christine Strauss and Alfredo Cuzzocrea and Gabriele Kotsis and Ismail Khalil and Tjoa, \{A Min\}",

booktitle = "Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II",

}

Hofer, D, Nadschläger, S, Mohamed, A & Küng, J 2022, Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in C Strauss, A Cuzzocrea, G Kotsis, I Khalil & AM Tjoa (Hrsg.), Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Bd. 13427, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bd. 13427 LNCS, Springer, Cham, S. 71-83. https://doi.org/10.1007/978-3-031-12426-6_6

Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. / Hofer, Daniel; Nadschläger, Stefan; Mohamed, Aya et al.
Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Hrsg. / Christine Strauss; Alfredo Cuzzocrea; Gabriele Kotsis; Ismail Khalil; A Min Tjoa. Band 13427 Cham: Springer, 2022. S. 71-83 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Band 13427 LNCS).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Konferenzbeitrag › Begutachtung

TY - GEN

T1 - Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

AU - Hofer, Daniel

AU - Nadschläger, Stefan

AU - Mohamed, Aya

AU - Küng, Josef

PY - 2022/7

Y1 - 2022/7

N2 - Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

AB - Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

UR - https://www.scopus.com/pages/publications/85136140551

U2 - 10.1007/978-3-031-12426-6_6

DO - 10.1007/978-3-031-12426-6_6

M3 - Conference proceedings

SN - 9783031124259

VL - 13427

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 71

EP - 83

BT - Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II

A2 - Strauss, Christine

A2 - Cuzzocrea, Alfredo

A2 - Kotsis, Gabriele

A2 - Khalil, Ismail

A2 - Tjoa, A Min

PB - Springer

CY - Cham

ER -

Hofer D, Nadschläger S, Mohamed A, Küng J. Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in Strauss C, Cuzzocrea A, Kotsis G, Khalil I, Tjoa AM, Hrsg., Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Band 13427. Cham: Springer. 2022. S. 71-83. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-12426-6_6