System and method for verifying database security across multiple platforms

US 6,917,953 B2
Filed: 12/17/2001
Issued: 07/12/2005
Est. Priority Date: 12/17/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for analyzing database security, said method comprising:

connecting to one or more servers, wherein each server includes an instance, the instance including one or more databases, wherein at least one of the databases is selected from the group consisting of a database, a backup database, and a directory of databases;

selecting one of the databases;

identifying a user id, wherein the user id has access to the selected databases;

retrieving a permitted user id list corresponding to the selected database;

determining whether the user id is included in the permitted user id list, the determining further comprising;

identifying a violation message type wherein the violation message type is selected from the group consisting of a removed users check, a DB files and logs access check, and a DB backup files and logs access check; and

reporting the user id in response to the determining.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for verifying database security across multiple platforms is presented. Servers are queried to obtain a user id access list of a particular database, directory, or file. The user id access list is compared with a validated access list. A report file is generated that includes user id'"'"'s that have access to a database, directory, or file but do not have proper permission. The report file includes a submission of how to correct each security violation.

Citations

14 Claims

1. A method for analyzing database security, said method comprising:
- connecting to one or more servers, wherein each server includes an instance, the instance including one or more databases, wherein at least one of the databases is selected from the group consisting of a database, a backup database, and a directory of databases;
  
  selecting one of the databases;
  
  identifying a user id, wherein the user id has access to the selected databases;
  
  retrieving a permitted user id list corresponding to the selected database;
  
  determining whether the user id is included in the permitted user id list, the determining further comprising;
  
  identifying a violation message type wherein the violation message type is selected from the group consisting of a removed users check, a DB files and logs access check, and a DB backup files and logs access check; and
  
  reporting the user id in response to the determining.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as described in claim 1 further comprising:
    - retrieving a resolution corresponding to the determining; and
      
      including the resolution in the reporting.
  - 3. The method as described in claim 1 wherein the connection is secure.
  - 4. The method as described in claim 1 wherein the permitted user id list is selected from the group consisting of a database instance owner, a sysadm group, and a sysmaint group.
  - 5. The method as described in claim 1 wherein the servers are on different operating platforms.

6. An information handling system comprising:
- one or more processors;
  
  a memory accessible by the processors;
  
  one or more nonvolatile storage devices accessible by the processors; and
  
  a database analysis tool to analyze database security, the database analysis tool including;
  
  means for connecting to one or more servers, wherein each server includes an instance, the instance including one or more databases, wherein at least one of the databases is selected from the group consisting of a database, a backup database, and a directory of databases;
  
  means for selecting one of the databases;
  
  means for identifying a user id, wherein the user id has access to the selected databases;
  
  means for retrieving a permitted user id list corresponding to the selected database;
  
  means for determining whether the user id is included in the permitted user id list, the determining further comprising;
  
  identifying a violation message type wherein the violation message type is selected from the group consisting of a removed users check, a DB files and logs access check, and a DB backup files and logs access chock; and
  
  means for reporting the user id in response to the determining.
- View Dependent Claims (7, 8, 9)
- - 7. The information handling system as described in claim 6 further comprising:
    - retrieving a resolution corresponding to the determining; and
      
      including the resolution in the reporting.
  - 8. The information handling system as described in claim 6 wherein the permitted user id list is selected from the group consisting of a database instance owner, a sysadm group, and a sysmaint group.
  - 9. The information handling system as described in claim 6 wherein the servers are on different operating platforms.

10. A computer program product stored in a computer operable media for analyzing database security, said computer program product comprising:
- means for connecting to one or more servers, wherein each server includes an instance, the instance including one or more databases, wherein at least one of the databases is selected from the group consisting of a database, a backup database, and a directory of databases;
  
  means for selecting one of the databases;
  
  means for identifying a user id, wherein the user id has access to the selected databases;
  
  means for retrieving a permitted user id list corresponding to the selected database;
  
  means for determining whether the user id is included in the permitted user id list, the determining further comprising;
  
  identifying a violation message type wherein the violation message type is selected from the group consisting of a removed users check, a DB files and logs access check, and a DB backup files and logs access check; and
  
  means for reporting the user id in response to the determining.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer program product as described in claim 10 further comprising:
    - retrieving a resolution corresponding to the determining; and
      
      including the resolution in the reporting.
  - 12. The computer program product as described in claim 10 wherein the connection is secure.
  - 13. The computer program product as described in claim 10 wherein the permitted user id list is selected from the group consisting of a database instance owner, a sysadm group, and a sysmaint group.
  - 14. The computer program product as described in claim 10 wherein the servers are on different operating platforms.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wijono, Jeffrey, Simon, Kimberly DaShawn
Primary Examiner(s)
Ali, Mohammad

Application Number

US10/015,291
Publication Number

US 20030115446A1
Time in Patent Office

1,303 Days
Field of Search

707 1- 10, 707100-1041, 707200-205
US Class Current

707/770
CPC Class Codes

G06F 21/604   Tools and structures for ma...

Y10S 707/959   Network

Y10S 707/99955   Archiving or backup

System and method for verifying database security across multiple platforms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for verifying database security across multiple platforms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links