Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Daniel Hofer; Stefan Nadschläger; Aya Mohamed; Josef Küng

doi:10.1007/978-3-031-12426-6_6

Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

Daniel Hofer, Stefan Nadschläger, Aya Mohamed, Josef Küng

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

Abstract

Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

Original language	English
Title of host publication	Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II
Editors	Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil
Place of Publication	Cham
Publisher	Springer
Pages	71-83
Number of pages	13
Volume	13427
ISBN (Print)	978-3-031-12426-6
DOIs	https://doi.org/10.1007/978-3-031-12426-6_6
Publication status	Published - Jul 2022

Publication series

Name	Lecture Notes in Computer Science (LNCS)

Fields of science

102 Computer Sciences

JKU Focus areas

Digital Transformation

Access to Document

10.1007/978-3-031-12426-6_6

Cite this

Hofer, D., Nadschläger, S., Mohamed, A., & Küng, J. (2022). Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. In Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil (Ed.), Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II (Vol. 13427, pp. 71-83). (Lecture Notes in Computer Science (LNCS)). Springer. https://doi.org/10.1007/978-3-031-12426-6_6

Hofer, Daniel ; Nadschläger, Stefan ; Mohamed, Aya et al. / Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. editor / Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil. Vol. 13427 Cham : Springer, 2022. pp. 71-83 (Lecture Notes in Computer Science (LNCS)).

@inproceedings{9587db01791f4454a15daefacd5c922f,

title = "Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation",

abstract = "Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.",

author = "Daniel Hofer and Stefan Nadschl{\"a}ger and Aya Mohamed and Josef K{\"u}ng",

year = "2022",

month = jul,

doi = "10.1007/978-3-031-12426-6_6",

language = "English",

isbn = "978-3-031-12426-6",

volume = "13427",

series = "Lecture Notes in Computer Science (LNCS)",

publisher = "Springer",

pages = "71--83",

editor = "{Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil}",

booktitle = "Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II",

}

Hofer, D, Nadschläger, S, Mohamed, A & Küng, J 2022, Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. in Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil (ed.), Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. vol. 13427, Lecture Notes in Computer Science (LNCS), Springer, Cham, pp. 71-83. https://doi.org/10.1007/978-3-031-12426-6_6

Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. / Hofer, Daniel; Nadschläger, Stefan; Mohamed, Aya et al.
Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. ed. / Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil. Vol. 13427 Cham: Springer, 2022. p. 71-83 (Lecture Notes in Computer Science (LNCS)).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceedings › peer-review

TY - GEN

T1 - Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation

AU - Hofer, Daniel

AU - Nadschläger, Stefan

AU - Mohamed, Aya

AU - Küng, Josef

PY - 2022/7

Y1 - 2022/7

N2 - Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

AB - Enforcing authorization for web applications must be done on the server side. Thus, either the backend or the persistent storage are suitable layers. From a developer's point of view, we want to use a framework to automate creating persistent storage models and to map the entities between storage and backend. However, not all such frameworks offer sufficient authorization support. From a scientist's perspective, we want to generally combine the filtering capabilities of the persistent storage with the advantages of using a mapper framework. Therefore, we propose to intercept the communication between the backend and the mapper framework and thus provide a central point of authorization. This offers the advantage that developers are unlikely to inadvertently introduce security vulnerabilities. The request is modified by adding a filter to return only authorized entities. Filtering directly in the storage saves performance and bandwidth besides reducing development and maintenance effort.

U2 - 10.1007/978-3-031-12426-6_6

DO - 10.1007/978-3-031-12426-6_6

M3 - Conference proceedings

SN - 978-3-031-12426-6

VL - 13427

T3 - Lecture Notes in Computer Science (LNCS)

SP - 71

EP - 83

BT - Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II

A2 - Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil, null

PB - Springer

CY - Cham

ER -

Hofer D, Nadschläger S, Mohamed A, Küng J. Extending Authorization Capabilities of Object Relational/Graph Mappers by Request Manipulation. In Christine Strauss, Alfredo Cuzzocrea, Gabriele Kotsis, A Min Tjoa, Ismail Khalil, editor, Database and Expert Systems Applications 33rd International Conference, DEXA 2022, Vienna, Austria, August 22–24, 2022, Proceedings, Part II. Vol. 13427. Cham: Springer. 2022. p. 71-83. (Lecture Notes in Computer Science (LNCS)). doi: 10.1007/978-3-031-12426-6_6