Creating a web portal to access multiple databases (security and best practice?)

I am looking to create a website.

There will be a portal, from which the user (and thier associated users) can create/access one or more databases. There will be many different databases in the background (for historical reasons, please just go with that bit).

It must obviously be as secure as possible.

I thought it probably needs a database that then has links for the other databases to be accessed. So, the portal might have a schema like simplified example below.

enter image description here

When the user clicks a database link, the 'initialAccessKey' would create a session token with which the database could be accessed.

My questions are:

1. Is this a reasonable way to approach the task?

2. Is there a better way?

3. Is it secure? It seems like all the sensitive info is in one place! A bug could enable access to someone elses database, which would be catastrophic.

Any help much appreciated.

EDIT: Ben Whyall's answer is good for an environment where AD can be used (have upvoted). If anyone has a suggestion without AD, I'd be interested to know.

• 3
  "100% secure" against what? Think about and write down your threat model. Role-based security is fine for most cases, though. You can consider mapping it directly to databases' roles / users, e.g. by creating views only including the right subsets of tables / rows for the role.

  9000

  – 9000

  2018年03月08日 17:27:25 +00:00

  Commented Mar 8, 2018 at 17:27
• 3
  There's no such thing as "100% secure."

  Robert Harvey

  – Robert Harvey

  2018年03月08日 17:28:06 +00:00

  Commented Mar 8, 2018 at 17:28

1 Answer 1

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.