Contents
A Veil2
based relational security implementation
has the following advantages over a more traditional security
implementation:
by implementing data access controls in the database, your data can be protected even in the event of a breach of, or bugs in, your application or its server;
new functionality can be added to your application, without risk of impact to the underlying data security;
if you have multiple applications, the same restrictions can be applied universally, without having multiple implementations;
by building the security into the database relations themselves, access controls can be managed in a more natural way;
fine degrees of access control can be implemented without increasing the complexity of your application;
you will be able to implement a security model that is complete and about which you can reason;
most of the details of the access controls can be hidden from your application developers, potentially making their jobs easier
with
Veil2
much of the hard work of dealing with scopes, contexts, roles and privileges has already been developed for you;with
Veil2
you have complete control of your security implementation: you can customize and extend it in any way you see fit.
Note that even though you no longer have to
implement access controls in your applications, your application
should be written to avoid any access that the database would
prevent. This is simply good practice. You should not allow
Veil2
's presence to make your developers lazy.