Veil2And What Does It Provide?
Veil2Virtual Private Database - Overview
Veil2ERD and Database Objects
Veil2 is a Postgres add-on for implementing
relational security systems.
A relational security system Is one in which access to data is determined, at least partly, by a user’s relationships to that data. Many access controls may therefore be implicit rather than explicit.
The primary aims of a relational security system are to make the management of access to data a seamless, and necessary, component of your application, and to make its implementation as simple as possible and as sophisticated as needed.
Veil2 is designed to make the implementation
of relational security systems as easy as possible. It provides
an extensible framework of permissions, permission checks, and
user authentication so that you can start building a secure
database in a matter of hours.
Veil2 we secure the database itself and
not just applications that use it. This means that even if your
application server is compromised, an attacker's ability to
access data will be limited to the data for which they can steal
access credentials. This gives them little more access than
the application itself would give them.
The security of database applications is more usually managed by
building the access control rules into application servers, and
typically these access control rules offer a fairly coarse level
of granularity. This is often because reasoning about access
controls at the level of functionality is difficult. With
relational security modelling, it can be much easier to reason
about what sort of user needs what sort of access, and using
Veil2 the implementation of access control
rules becomes trivial.