Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Description

Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

Period	24 Aug 2022
Event title	DEXA 2022
Event type	Conference
Location	AustriaShow on map