Wouldn't it be possible to create a trigger and check for the where clause
there?
----------------------------------------------------------------
Travis Bauer | CS Grad Student | IU |www.cs.indiana.edu/~trbauer
----------------------------------------------------------------
On Wed, 28 Jun 2000, John Morton wrote:
> I'm working on building a system for storing customer credit card details
> for reuse in an ecommerce system. The present design involves keeping the
> shopping cart details, products, orders and mundane customer details in
> one database, and the specific credit card details in another, more
> heavily restricted database.
>
> The heavily restricted database is only accessable from another machine
> running the secure web server. Periodically customers will enter their
> credit card details into that database via forms, and they will need
> access to keep it up to date. They access their record via a
> username/password combo that maps to a unique customer_id, which was
> generated randomly from a pool of 2^92 possible combinations.
>
> No problems so far, until some black hat gets root on the secure web
> server. This doesn't necessarily imply they can get root on the database,
> but it does mean they have the same access as the web server had, so the
> can basically grab all the credit card details with one select query.
>
> What I'd like to be able to do is have the database drop any SELECT,
> UPDATE or DELETE queries unless they have something fairly specific in
> their WHERE clause. As there are no SELECT triggers, I guess it will have
> to involve rules, but it doesn't look like any of them can alter or act on
> what's in a WHERE clause. How deep am I going to have to hack to get this
> sort of functionality working?
>
> [And, no, limiting won't help either :-( They can just loop around a query like
> this: select * from customers where primary_key_field not in
> (list_of_previously_seen_keys); ]
>
> TAI,
> John
>
>
>
>
>