摘要 |
A method is provided for ensuring effective and accurate authentication and authorization in an N-tier relational database management system. An N-tier relational database management system comprises a set of clients, one or more data servers and one or more middle-tier servers through which the clients may access the data servers. A method is provided for enabling a middle-tier server to connect to a data server and perform database operations on behalf of a client while promoting the ability to ensure the middle-tier server does not exceed its authorized privileges or roles. In this method a middle-tier server first establishes a session with the data server using the middle-tier server's own identity (e.g., username) and verification (e.g., password). The middle-tier server may be granted limited roles when acting under its own identity in order to prevent it from performing unauditable or unaccountable operations on behalf of clients. The middle-tier server receives from the data server a credential that it provides when it needs to operate on behalf of a client. In this method, after the middle-tier server establishes its own session and receives a credential, it may then establish a session with the data server using the identity (e.g., username) of a client. Instead of storing and using the client's password, however, the middle-tier server presents the credential to the data server as verification of its authorization to access the database. The middle-tier server may then switch between clients' sessions and its own session to perform database operations.
|