Using MySqlClientPermission Class on Connector/Net 6.5 to restrict data access

We have a new feature as part of the 6.5 release. There is a new class that you can use to restrict access to specific connection strings that you want to use in all the connections in applications that use MySQL databases.

The following example shows how you can use the MySQLClientPermission class to restrict access to a specific server name and a database, while allowing any value for the User Id and Password within the connection string:

MySqlClientPermission permission = new MySqlClientPermission(PermissionState.None);

permission.Add("server=localhost;database=test;", " user id=; password=;",

KeyRestrictionBehavior.AllowOnly);

permission.PermitOnly();

MySqlConnection myconn = new MySqlConnection();

myconn.ConnectionString = "server=localhost; user id=QueryUser; database=test;";

myconn.Open();  // Attempt to use the connection string

The first line of code creates a new instance of the MySqlClientPermission class. Notice the value on the constructor method that restricts all connections strings.  Then you must add the connection strings that you want to allow by calling the Add method, as seen on the second line. The first argument should be the set of connections strings that you want to permit in a list with all the required keys and values.

For this case we're defining the server name and database name. All the connections must have these specified values in order to pass the security check. The second argument is a semi-colon delimited list of all the optional attributes. All the connection strings can have any value for these attributes to pass the security check. The third and final argument controls whether you're granting or denying permission for the connection strings that match this pattern. 

If the connection string that you use after this security definition does not match all the requirements, the attempt to do the connection will throw a SecurityException before even attempting to connect to the specified database.

The MySqlClientPermission instance can have multiple connections and any call to MySqlConnection.Open will not succeed if the connection string fails at least one of those checks.

It is always a good practice that you start by restricting all permissions and then allow the specific access your application requires.

Happy MySql/Net Codding!! 


Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Here's where you'll hear about all the new and fun stuff we are doing with MySQL on Windows.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
5
6
7
8
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today