| 摘要 |
Techniques for implementing secure normal forms are provided. In one embodiment, in response to a request for data from a client, a database server is operable to enforce a column-level security policy that is defined for a particular column of some, but not necessarily all, rows of a table stored in a database. After retrieving a set of rows from the table and before returning a result set of rows to the client, the database server modifies the retrieved set of rows into the result set of rows by applying the security policy to each row of the retrieved set of rows, where applying the security policy to a row comprises: determining whether the security policy is satisfied for the particular column of that row; replacing, in the result set of rows, a data value in the particular column of that row with a security-NULL value when the security policy is not satisfied; and including the data value in the particular column of that row into the result set of rows when the security policy is satisfied. After generating the result set of rows, the database server returns the result set of rows to the client.
|
