Chapter 3. Why Use Veil2

A Veil2 based relational security implementation has the following advantages over a more traditional security implementation:

  1. by implementing data access controls in the database, your data can be protected even in the event of a breach of, or bugs in, your application or its server;

  2. new functionality can be added to your application, without risk of impact to the underlying data security;

  3. if you have multiple applications, the same restrictions can be applied universally, without having multiple implementations;

  4. by building the security into the database relations themselves, access controls can be managed in a more natural way;

  5. fine degrees of access control can be implemented without increasing the complexity of your application;

  6. you will be able to implement a security model that is complete and about which you can reason;

  7. most of the details of the access controls can be hidden from your application developers, potentially making their jobs easier

  8. with Veil2 much of the hard work of dealing with scopes, contexts, roles and privileges has already been developed for you;

  9. with Veil2 you have complete control of your security implementation: you can customize and extend it in any way you see fit.

Note that even though you no longer have to implement access controls in your applications, your application should be written to avoid any access that the database would prevent. This is simply good practice. You should not allow Veil2's presence to make your developers lazy.