How can virtual directories affect the security of application deployments?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The information an application’s users want to access can frequently be spread across various database applications, and it’s usually not appropriate for users to access them directly -- information from an e-commerce application and shipping information from a logistics and supply-chain application, for example. To get around this problem, applications make use of virtual directories. They provide a way for the application and its users to access data regardless of where it resides. Let’s first answer the question: What is a virtual directory?
A virtual directory receives queries and directs them to the appropriate data sources. The directory presents the returned data to the client application as if it all had been stored in one location. This ability to reach into disparate data stores makes applications easier to deploy, avoids the need to consolidate and synchronize data from different sources and provides security efficiencies.
Presenting information in a consolidated application-specific view without a virtual directory entails using a meta-directory to pull all the information into another purpose-built database that users are granted access to, and which keeps all the data synchronized. This approach is not only costly in terms of development and deployment, but data is only as up to date as the last synchronization. The additional database also needs to be secured, audited and kept compliant with any relevant regulatory requirements.
In contrast, rather than replicating existing data, a virtual directory acts as a proxy to the back-end applications, passing security credentials, accessing live records and transforming data so it is displayed to users in the proper context. It removes the need to create a new security model or change underlying applications, as the security parameters of existing directory and databases can be used. Many virtual directory solutions allow a single security policy to be applied to all back-end applications. This not only reduces management and maintenance costs, but also reduces the complexity of permission and configuration settings, which is always good security practice.
Virtual directories are middleware applications, so they can log all traffic to and from the back-end applications and act as an identity firewall to provide an additional layer of access security for the primary databases. They must, however, be deployed with the same level of fault tolerance as the database applications they interact with. Also, if they’re not created with the proper resource allocation, they may slow the application’s performance.
Identity management is a fundamental aspect of virtual directory technology, so when you’re deploying an application into a production environment, you should verify the settings and permissions match your security requirements. Microsoft, Oracle Corp., Radiant Logic Inc. and Quest Software Inc., are some of the leaders in virtual directory solutions, while MyVD Virtual Directory is an open source Java-based LDAP Virtual Directory.
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.