Fine-grained access control to web databases

Alex Roichman, Ehud Gudes

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

38 Scopus citations


Before the Web era, databases were well-protected by using the standard access control techniques such as Views and SQL authorization commands. But with the development of web systems, the number of attacks on databases increased and it has become clear that their access control mechanism is inadequate for web-based systems. In particular, the SQL Injection and other vulnerabilities have received considerable attention in recent years, and satisfactory solutions to these kinds of attacks are still lacking. We present a new method for protecting web databases that is based on fine-grained access control mechanism. This method uses the databases' built-in access control mechanisms enhanced with Parameterized Views and adapts them to work with web applications. The proposed access control mechanism is applicable for any existing databases and is capable to prevent many kinds of attacks, thus significantly decreases the web databases' attack surface.

Original languageEnglish
Title of host publicationSACMAT'07
Subtitle of host publicationProceedings of the 12th ACM Symposium on Access Control Models and Technologies
Number of pages10
StatePublished - 24 Aug 2007
EventSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies - Sophia Antipolis, France
Duration: 20 Jun 200722 Jun 2007

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT


ConferenceSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
CitySophia Antipolis


  • Access control
  • Database vulnerability
  • Parameterized view
  • Rolling key
  • Session key
  • Web database security

ASJC Scopus subject areas

  • General Computer Science


Dive into the research topics of 'Fine-grained access control to web databases'. Together they form a unique fingerprint.

Cite this