Database proxy service
First Claim
Patent Images
1. A system, comprising:
- a plurality of databases that maintain a collection of data on behalf of an entity, wherein a first database of the plurality of databases maintains a first subset of the collection; and
a computing node that at least;
receives, from an administrative client associated with the entity, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of the plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries;
provides, to the administrative client of the entity, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases;
receives, from the administrative client of the entity, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and
causes a first query to be executed on the first database in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A hosted database service may include a proxy service in which connections to the hosted database may be routed through a proxy. A first function may be provided to the proxy, by a client of the hosted database service, to analyze requests to connect or execute queries on a database. The analysis may identify an attribute of the query. A second function may be provided to the proxy, by the client, to implement a policy decision based on the attribute. The policy decision may include determining to execute a query on a database based on determining that executing the query is consistent with the policy.
27 Citations
20 Claims
-
1. A system, comprising:
-
a plurality of databases that maintain a collection of data on behalf of an entity, wherein a first database of the plurality of databases maintains a first subset of the collection; and a computing node that at least; receives, from an administrative client associated with the entity, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of the plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries; provides, to the administrative client of the entity, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases; receives, from the administrative client of the entity, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and causes a first query to be executed on the first database in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method, comprising:
-
receiving, from an administrative client, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of a plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries; providing, to the administrative client, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases; receiving, from the administrative client, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and causing a first query to be executed on a first database, of the plurality of databases, in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon instructions that, upon execution by one or more computing devices, cause the one or more computing devices at least to:
-
receive, from an administrative client, a first definition of a first function, the first definition comprising instructions for analyzing requests to execute queries on one or more of a plurality of databases, wherein the analyzing comprises identifying one or more attributes of the queries on one or more of a plurality of databases; send, to the administrative client, information indicative of the one or more attributes, the information obtained by invoking the first function in response to receiving the requests to execute the queries on the one or more of the plurality of databases; receive, from the administrative client, a second definition of a second function, the second definition comprising instructions for enforcing a policy associated with the one or more attributes; and cause a first query to be executed on a first database in response to receiving a request to execute the first query on at least one of the plurality of databases and determining, based at least in part on invoking the second function, that executing the first query on the first database is consistent with the policy. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification