FIREWALLS FOR SECURING CUSTOMER DATA IN A MULTI-TENANT ENVIRONMENT
First Claim
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
- storing data for each of multiple tenants in a database system;
providing network access to the database system for each of the multiple tenants by an application server, wherein the application server is communicably coupled to the database system and to a network;
polling the database system for query plans by a query plan detection module;
analyzing the query plans by the query plan detection module; and
determining by the query plan detection module whether at least one of the query plans is suspect.
1 Assignment
0 Petitions
Accused Products
Abstract
Network security is enhanced in a multi-tenant database network environment using a query plan detection module to continually poll the database system to locate and raise an alert for suspect query plans. Security also can be enhanced using a firewall system sitting between the application servers and the client systems that records user and organization information for each client request received, compares this with information included in a response from an application server, and verifies that the response is being sent to the appropriate user. Security also can be enhanced using a client-side firewall system with logic executing on the client system that verifies whether a response from an application server is being sent to the appropriate user system by comparing user and organization id information stored at the client with similar information in the response.
18 Citations
10 Claims
-
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
-
storing data for each of multiple tenants in a database system; providing network access to the database system for each of the multiple tenants by an application server, wherein the application server is communicably coupled to the database system and to a network; polling the database system for query plans by a query plan detection module; analyzing the query plans by the query plan detection module; and determining by the query plan detection module whether at least one of the query plans is suspect. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A multi-tenant database system, comprising:
-
a processor; and one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; storing data for each of multiple tenants in a database system; providing network access to the database system for each of the multiple tenants by an application server, wherein the application server is communicably coupled to the database system and to a network; polling the database system for query plans by a query plan detection module; analyzing the query plans by the query plan detection module; and determining by the query plan detection module whether at least one of the query plans is suspect.
-
-
10. A method, comprising:
-
storing data for each of multiple tenants in a database system; providing network access to the database system for each of the multiple tenants by an application server, wherein the application server is communicably coupled to the database system and to a network; polling the database system for query plans by a query plan detection module; analyzing the query plans by the query plan detection module; and determining by the query plan detection module whether at least one of the query plans is suspect.
-
Specification