Article: AN0001561Updated:
There are described security principles that should be considered when creating a new functionality/model in ObjectGears system.
Extension of current model
When developing new functionalities in ObjectGears environment, it is good to consider, if the new model/application shall e created or if current model/application shall be extended. One reason for extending current model/application might be a logical connection or the fact that the new functionality shall use existing objects of the model.
Limits: The same group of users has access to the modification of objects created within the new functionality and objects of the current model. If you want that the new functionality can be further modified by another users than those modifiing the current model, choose creation of a new model, that might be connected with the original one by means of enablinf classes for use by another model (see model detail).
Creation of a new model
If you want to separate users administering one model from users administering another model, choose a new model. In this way you ensure, that users creating one functionality cannot modify another functionality. If you want to refer from classes of one model to classes from another model, you can enable particular classes from one model to reference in classes of another particular model (see model detail).
Limits: Both models share one ObjectGears instance and therefore have same instance settings (e.g. enabling web service calls, restrictions for mass changes, authentication, way of assigning users to role etc.) a same group of administators. If you need another settings for the new model or you want to separate users with the basic built-in Administrator role, create a new ObjectGears instance on the webserver and use another database.
Another ObjectGears instance on a server
Another ObjecGears instance represents possibility of a special settings of global parameters and segregation of users with Administrator role. You can define new roles and new users in the new ObjectGears instance. ObjectGears instances can communicate together as two different systems by means of web services.
Limits: Both instances are located on a single server. Server administrator or user with access to the server file system can change web.config file and e.g. takeover ObjectGears Administrator role. In case of strong security requirements on a new functionality and separation of users, that might influence security of the system via web.config file, place the ObjectGears instance on a new server.
Another server for ObjectGears
Another ObjectGears server represents a high application autonomy in terms of security. ObjectGears instances located on different servers can communicate together as two different systems by means of web services.
When using one server per each ObjectGears instance, there is no problem with Windows service like in the previous case.
Database
Similar considerations have to be done also when considering database security and range of users that might gain access to it.
When using more models in a single ObjectGears system, following issues may occur and it is necessary to consider them in terms of security. All these issues may be solved by having a dedicated ObjectGears instance for each model or thorough model check (scripts, modules, queries). Assign the role of IT owner of the model only to reliable users. Check the models, that you install in ObjectGears, if they does not contain malicious code.
Perform also traing of users and IT owners regarding security risks.
Queries to somebody else`s data
In the query definition you may use whatever construction ofb the SELECT command or use a stored procedure. ObjectGears system does not perform check, which data you query and so it is possible to read also data from another model. Therefore, if you have a model, that contains sensitive data, place it into a new ObjectGears instance.
If this model requires also data from another models, you can synchronize them by means of exports and imports or use a database link and transfer the data via database.
Scripts
There is similar issue with scripts like with queries. ObjectGears does not check, what the script is performing. In the script you can call a stored procedure or enter SQL command, call modul procedure etc.
Modules
Module is a compiled .NET code. Be cautious when installing modules provided by a third party. Neither moduls limits themeselves on a single model.