Good day Tom and All,<br><br>WOW, this is a fully loaded question.<br><br>Database Views <b>could be a far fetch example </b>of polymorphism if you look at the fact that even thou you have a single database view define you could get different results when you access the database view. The view is interpreted as the user is accessing the DB. So if the data within the tables he has access to has changed he may get different results. Poly means multiple and Morph means form, which means the data might be presented to the user in multiple forms. However the term is usually use only with Object Oriented Programming (OOP). I have not seen it use as a generic term within DB and views. A view is a view and Polymorphism is polymorphism.<br>
<br><b>POLYMORPHISM</b><br><br>However, in the context of the CBK and Application Security, the term polymorphism relates to how two different objects will produce different results even thou you send the exact same same method or command is sent to each of the object. On the Sun Microsystem web site they have a nice example of this using one object which was created from the bicycle class and another object created from the furniture class. The first object is the bicycle wheel, when you send the command SPIN to the bicycle wheel it will start turning. If you send the command SPIN to a picture frame object created using the furniture class, the frame on the wall will go from being displayed vertically to being displayed horizontally. Same command but two completely different behavior according to the object you interact with. That is polymorphism within object oriented.<br>
<br>The description above is a simplified view of polymorphism. There are different types of polymorphisms but you do not need to get that low in the details.<br><br>It could also be two objects crated from the same class but containing different variables/data. If you send the same command or call the same method on both objects, the results might be different if they store different data. So that could be another case as well where the same class is used to create the objects.<br>
<br><br><b>POLYINSTANTIATION</b><br><br>Let's take the table below as an example:<br><br>Name of ship Departure Arrival Cargo Security Clearance<br><br>OKLAHOMA Norfolk Haiti FOOD Unclassified<br>
OKLAHOMA Norfolk Ukraine WEAPON Secret<br><br>In this case you have different version of the information that will be presented according to the security clearance of the subject accessing the data within the DB. If you have a Secret security clearance you would see that the ship is loaded with weapon going from Norfolk to Ukraine. If you are a clerk on base without the need to know and having only an unclassified security clearance you would see within the DB that the ship is going from Norfolk to Haiti with food. That would satisfy your curiosity and you would not know about the real cargo.<br>
<br>I hope this helps<br><br>Take care<br><br>Clement<br><br><br><br><div class="gmail_quote">On Thu, Feb 11, 2010 at 08:49, <span dir="ltr"><<a href="mailto:twitwicki@hannaford.com">twitwicki@hannaford.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
All,<br>
Here's a question that come out of a sample question that I've been<br>
puzzling over:<br>
<br>
Are Database Views an example of Polymorphism or Polyinstantiation?<br>
The case for Polymorphism is that the different output is produced from the<br>
same input to two different objects - the "objects" in this case being<br>
different views of the database. This is the author's answer.<br>
The case for Polyinstantiation is that it is frequently used to<br>
hide/replace attributes that may not be accessed by a lower security level<br>
such as in preventing inference attacks.<br>
<br>
Any insight from the group would be appreciated. By the way, my exam date<br>
is Feb 20 in Boston. I feel prepared, but there is a lot of material and<br>
my fear is that some questions may go deeper into some areas. Wish me<br>
luck!<br>
<br>
Tom Witwicki, CIPP<br>
Director, Information Security<br>
Hannaford Bros. Co.<br>
207-885-2073<br>
<br>
Join me on Linkedin!<br>
<a href="http://www.linkedin.com/in/tomwitwicki" target="_blank">http://www.linkedin.com/in/tomwitwicki</a><br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
CISSPstudy mailing list<br>
<a href="mailto:CISSPstudy@cccure.org">CISSPstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
</blockquote></div><br>