Editorial Rss

Modern Database Security

Most database engines have some form of security built in. The security is designed to authenticate the client credentials and to grant or revoke rights against the database objects. Most engines have schemas owning database objects to which users are assigned. Encryption is sometimes included in the engine to product the database contents under different circumstances.

Years ago I used most of these capabilities extensively. Applications were two tiered. The database was the location where user permissions were segregated. Each user had a unique database login, and rights assigned individually or through group or schema permissions.

Today many modern applications do not rely on the relational database to handle the authentication and/or the authorization. As applications grow in tiers or distributed data relational database security techniques are no longer adequate. Other techniques are implemented resulting in a single client credential being used for all user access to a database. This simplifies the database access considerably, and makes it much easier to handle applications with thousands of individual users.

How much do you use SQL credentials for more than a few accounts today? How important is granular detailed permission management in a database engine? Do you find yourself managing more than a few database user accounts? Share your thoughts here or by email to