Method and apparatus for enabling database privileges
First Claim
Patent Images
1. A method for enabling privileges comprising:
- establishing a session on behalf of a user;
receiving a request to enable database privileges for the user;
verifying trusted security logic has been executed prior to receiving the request to enable database privileges; and
enabling database privileges for the user if the trusted security logic has been executed prior to receiving the request to enable the database privileges.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods for enabling database privileges are provided. The methods eliminate strict dependency on tradition password, or “secret” based security systems. Instead, database privileges are enabled based on verifying information stored in one or more frames of a call stack corresponds to trusted security logic. In another embodiment, database privileges are enabled based on policies identified in the trusted security logic. The methods and techniques described herein provide a flexible and extensible mechanisms for verifying that trusted security logic has been executed prior to enabling database privileges.
75 Citations
25 Claims
-
1. A method for enabling privileges comprising:
-
establishing a session on behalf of a user;
receiving a request to enable database privileges for the user;
verifying trusted security logic has been executed prior to receiving the request to enable database privileges; and
enabling database privileges for the user if the trusted security logic has been executed prior to receiving the request to enable the database privileges. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A client-server computer system comprising:
-
a computer including;
a processor, a main memory communicatively coupled to the processor; and
a disk storage communicatively coupled to the processor;
a database running on the computer from the main memory, the database further comprising;
one or more data structures stored in the disk storage, and a call stack stored in the main memory;
an application program coupled to the database and configured to support a user; and
a metadata repository embodied in the one or more data structures stored in the disk storage, the metadata repository comprising trusted security logic;
whereinthe application program is configured to initiate a call to enable database privileges, the call causing call information to be stored in one or more frames of the call stack and one or more security functions to be executed; and
whereinthe database is configured to;
verify the call stack comprises one or more frames corresponding to the trusted security logic; and
enable database privileges for the user if the trusted security logic is contained in the one or more frames. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-readable medium have stored therein one or more sequences of instructions for enabling privileges, the one or more sequences of instructions causing one or more processors to perform a number of acts, said acts comprising:
-
establishing a session on behalf of a user;
receiving a request to enable database privileges for the user;
verifying trusted security logic has been executed prior to receiving the request to enable database privileges; and
enabling database privileges for the user if the trusted security logic has been executed prior to receiving the request to enable the database privileges. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for enabling privileges comprising:
-
receiving a request to enable a role;
generating a list of security policies associated with the role, the list of security policies selected from a metadata repository;
executing each security policy identified in the list;
returning a value indicating a successful or unsuccessful execution of each security policy; and
enabling database privileges associated with the role if the value returned by all the executed security policies indicates each was successful. - View Dependent Claims (23, 24, 25)
-
Specification