DATABASE ACCESS CONTROL FOR MULTI-TIER PROCESSING

US 20150347783A1
Filed: 08/14/2015
Published: 12/03/2015
Est. Priority Date: 02/25/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving an application request having an identification parameter to an application server at an application layer;

querying, at the application layer, a database objects map that maps the application request to a database object and a database operation in a database layer;

determining the database object and the database operation for the application request from the database objects map;

accessing one or more database access security rules for the identification parameter that specify a security action based on a security rule database object and a security rule database operation;

comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules; and

performing the security action in response to the database object and database operation determined from the application request being substantially similar to the security rule database object and security rule database operation from the one or more security rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure can include a method, a system, and a computer program product for controlling access to a database server in a multi-tiered processing system. The method can include receiving an application request having an identification parameter to an application server at an application layer. The method can also include querying a database objects map that maps the application request to a database object and a database operation in a database layer. The method can also include accessing one or more database access security rules for the identification parameter that specify a security action based on the database object and the database operation. The method can also include comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules.

51 Citations

View as Search Results

8 Claims

1. A method comprising:
- receiving an application request having an identification parameter to an application server at an application layer;
  
  querying, at the application layer, a database objects map that maps the application request to a database object and a database operation in a database layer;
  
  determining the database object and the database operation for the application request from the database objects map;
  
  accessing one or more database access security rules for the identification parameter that specify a security action based on a security rule database object and a security rule database operation;
  
  comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules; and
  
  performing the security action in response to the database object and database operation determined from the application request being substantially similar to the security rule database object and security rule database operation from the one or more security rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - establishing a session from the application server to a database server.
  - 3. The method of claim 2, wherein the performing the security action includes:
    - dropping the application request to the application server.
  - 4. The method of claim 3, wherein dropping the application request includes ignoring a Uniform Resource Locator (URL) to the application server.
  - 5. The method of claim 2, wherein the performing the security action includes:
    - performing the security action while maintaining the session.
  - 6. The method of claim 1, further comprising:
    - allowing the application request to the application server in response to the database object and database operation determined from the application request not being substantially similar to the security rule database object and the security rule database operation from the one or more security rules.
  - 7. The method of claim 1, wherein querying a database objects map includes:
    - receiving a database request derived from the application request;
      
      determining the database object and the database operation from the database request; and
      
      mapping the database object and database operation to the application request in the database objects map.
  - 8. The method of claim 1, wherein receiving the application request includes receiving the application request having the identification parameter that specifies a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Rodniansky, Leonid

Application Number

US14/826,314
Publication Number

US 20150347783A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/86   Mapping to a database

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

H04L 67/10   in which an application is ...

H04L 67/141   Setup of application sessio...

DATABASE ACCESS CONTROL FOR MULTI-TIER PROCESSING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

DATABASE ACCESS CONTROL FOR MULTI-TIER PROCESSING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links