Re: [JDBC] [SQL] Thoughts on a Isolation/Security problem.

From: Mark Lewis <mark(dot)lewis(at)mir3(dot)com>
To: Achilleus Mantzios <achill(at)matrix(dot)gatewaynet(dot)com>
Cc: Luckys <plpgsql(at)gmail(dot)com>, pgsql-sql(at)postgresql(dot)org, pgsql-admin(at)postgresql(dot)org, pgsql-general(at)postgresql(dot)org, pgsql-jdbc(at)postgresql(dot)org
Subject: Re: [JDBC] [SQL] Thoughts on a Isolation/Security problem.
Date: 2006-04-18 18:24:51
Message-ID: 1145384691.29754.50.camel@archimedes
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin pgsql-general pgsql-jdbc pgsql-sql

On Tue, 2006-04-18 at 14:32 +0300, Achilleus Mantzios wrote:
> Thanx for your thoughts, but this would require touching
> 173 tables +
> 2,594 SQL statements in a sum of 324 programs (which sum into 125,085
> lines of code)

We did a very similar conversion to the one proposed here a couple of
years back, and switched an old Java app from a dedicated schema-per-
client model to a shared schema with company ID model. I figured I'd
share our results, to at least give you a data point on what you could
expect if you went that route.

At the time, the application consisted of roughly 90 tables and 90,000
lines of code. Never counted the SQL statements there were probably
very roughly 1000.

We had the advantage of having the 90,000 LOC spread across only two
larger applications instead of a bunch of small programs.

It actually ended up being a much easier process than we had expected,
because the application logic didn't really need change all that much.
The major steps were:

1. Add an extra company FK to the top-level objects in our data model.
For example, we added companyId to the userdetail table, but not to the
address table which depends on the userdetail table. In our case, this
meant that we needed to add a column to about 30 (one third) of our
tables. Not very difficult.

2. Inserts into those 30 tables were modified to include an extra
parameter. The actual insert change is trivial, but depending on your
plumbing it might take some refactoring to get the companyId to the code
that does the inserts. This involved a moderate code refactoring, but
the changes were very straightforward and not too prone to errors.

3. Because we didn't support moving from one company to another, the
update and most of the select logic didn't change at all.

4. Needed to update all of the search queries to only search within the
current company. Fortunately, this type of query is relatively rare.
In our case, there were only about 20 that needed updates out of our
1000 queries. The change is also simple, just add one AND to the WHERE
clause.

5. Security checks. This is the only step that took a good chunk of
time, because our application is web-based and so a mischievous user
could muck with id's in the HTTP POSTS on pretty much any page in our
application. This meant that we needed to be careful to always do
company checks before processing any user input. Fortunately for us, at
the same time we were enhancing our security model anyway, so doing the
extra company check really added no extra time on top of the work that
needed to be done anyway.

Steps 1-4 took a single developer 3 days to implement. Step 5 was
harder to measure because as I mentioned we bundled it together with a
larger security overhaul, but to perform it separately (and do an audit
to make sure it was correct) would have taken perhaps a week or two.

Anyway, overall in our case we had a pretty successful conversion. It
ended taking significantly less time than anticipated, and the decreased
maintenance of only managing one database and the ease of building new
global administrative and reporting tools definitely made the project
worth while.

-- Mark Lewis

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Tom Lane 2006-04-18 19:15:26 Re: Invalid Page Headers
Previous Message Thomas F. O'Connell 2006-04-18 18:19:48 Re: Invalid Page Headers

Browse pgsql-general by date

  From Date Subject
Next Message elein 2006-04-18 19:13:24 Re: Vacuuming of indexes on tables.
Previous Message Marc Munro 2006-04-18 18:15:43 Re: Thoughts on a Isolation/Security problem

Browse pgsql-jdbc by date

  From Date Subject
Next Message Ash Grove 2006-04-18 18:53:51 Re: stored function, multiple queries, best practices
Previous Message Kris Jurka 2006-04-18 16:18:38 Re: Patch adding empty missing columns for getTables

Browse pgsql-sql by date

  From Date Subject
Next Message Andreas Kretschmer 2006-04-18 18:31:01 Re: Looking for some help with cascading updates...
Previous Message Mark True 2006-04-18 18:19:20 Looking for some help with cascading updates...