This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use Stack Overflow.

Multiple Database Users - Principle of Least Privilege

This forum is for non code-based questions, best practises, IDEs, version control tools, work opportunities, etc.

Multiple Database Users - Principle of Least Privilege

by monkeyfunky » Mon Mar 10, 2014 4:00 pm

I am definitely a Symfony noob and I'm on the uphill of the learning curve at the moment, but I'm still trucking along - we've all been there at some point.

I've read several resources in designing my application and one of them was the principle of least privilege in information security:

In information security, computer science, and other fields, the principle of least privilege, also known as the principle of minimal privilege or just least privilege, requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user or a program on the basis of the layer we are considering) must be able to access only such information and resources that are necessary to its legitimate purpose.

With this in mind I decided that I require 3 distinct database users to access my database:

  1. Read only
  2. Volatile - Insert, update, delete
  3. Admin - lock, backup, alter


With Symfony it seems to me that it's designed with a single database user in mind and although it appears that it's possible to use multiple users/connections (http://symfony.com/doc/current/cookbook/doctrine/multiple_entity_managers.html) it also appears that this is not recommended as the standard practice:

Using multiple entity managers is pretty easy, but more advanced and not usually required. Be sure you actually need multiple entity managers before adding in this layer of complexity.


My questions then are:

  1. Am I making this more complicated that it needs to be?
  2. Does using a single database user make my Symfony less secure?
  3. Is the article I linked to the correct way to achieve the least privilege principle in Symfony?
monkeyfunky
Junior Member
 
Posts: 3
Joined: Mon Mar 10, 2014 3:50 pm

Re: Multiple Database Users - Principle of Least Privilege

by nymo » Tue Mar 11, 2014 10:06 am

Hi,
have a look at FosUserBundle https://github.com/FriendsOfSymfony/FOSUserBundle . In your application you will have more than one user but each user has different roles. So in your case you will have three different roles like: ROLE_ADMIN, ROLE_VOLATILE, ANONYMOUS.
When you're user logs into your application you assign him his role. And with this role he's allowed to do a special kind of things other user with different roles are not allowed to do. All of this is possible with just one entity manager. Your entity manager handles only the connection to your database. And in your case one database will be enough :)
nymo
Senior Member
 
Posts: 174
Joined: Fri Jan 07, 2011 11:37 pm
Location: Germany

Re: Multiple Database Users - Principle of Least Privilege

by monkeyfunky » Tue Mar 11, 2014 1:48 pm

Maybe I'm not making myself clear. I'm looking at implementing multiple backend database users. 1 user is read only since 90% or so of the requests will be reads, not writes. Another user is for INS/UPD/DEL.

This is good practice, if an attacker gets hold of the password for the read user they may have a copy of the database, but they can't modify the live one so it's a prevention strategy.

Is this possible? Is this recommended?
monkeyfunky
Junior Member
 
Posts: 3
Joined: Mon Mar 10, 2014 3:50 pm

Re: Multiple Database Users - Principle of Least Privilege

by nymo » Wed Mar 12, 2014 11:23 am

Now I understand you. Problem is that your database configuration for multiple entity managers is saved in the parameters.yml file at one place. So if the attacker gets there he has access to all three accounts. In this case you made the development of your application harder for yourself but from the security side you have no benefit. I'm not sure how other people handle such things but I wouldn't do that.
nymo
Senior Member
 
Posts: 174
Joined: Fri Jan 07, 2011 11:37 pm
Location: Germany

Re: Multiple Database Users - Principle of Least Privilege

by monkeyfunky » Wed Mar 12, 2014 1:08 pm

Thanks for point this out. I hadn't quite seen the big picture. I'll stick to a single user.
monkeyfunky
Junior Member
 
Posts: 3
Joined: Mon Mar 10, 2014 3:50 pm