Security component for a computing device
First Claim
1. A network server, comprising:
- an Internet server to receive a request for a resource maintained on the network server and, in response to the request, implement security policies to prevent unauthorized access to the resource;
a security component that is registerable with the Internet server during run-time, the security component having;
a validation component to determine whether the request will pose a security risk to the network server by determining if a total number of characters defining all of the arguments of the request exceeds a maximum number of characters; and
an integrity verification component to;
determine whether the resource will pose a security risk to the network server upon receipt of the request;
formulate a descriptor corresponding to the resource;
compare the formulated descriptor with a cached descriptor, the cached descriptor corresponding to the resource and formulated when the resource is initially requested;
determine that the resource is not a security risk if the formulated descriptor and the cached descriptor are equivalent;
if the formulated descriptor and the cached descriptor are not equivalent, formulate a second descriptor corresponding to an original resource maintained on a file server remotely located from the network server, the resource being replicated from the original resource;
compare the formulated descriptor with the second descriptor; and
determine that the resource is not a security risk if the formulated descriptor and the second descriptor are equivalent.
2 Assignments
0 Petitions
Accused Products
Abstract
A security component determines whether a request for a resource poses a security risk to a computing device and verifies the integrity of the requested resource before the request is allowed. For a request having arguments and a resource path with a filename that identifies the resource, the security component determines that the request does not pose a security risk if the resource path does not exceed a maximum number of characters, individual arguments do not exceed a maximum number of characters, the arguments combined do not exceed a maximum number of characters, and the filename has a valid extension. The security component verifies the integrity of a requested resource by formulating a descriptor corresponding to the resource and comparing the descriptor with a cached descriptor corresponding to the resource.
118 Citations
31 Claims
-
1. A network server, comprising:
-
an Internet server to receive a request for a resource maintained on the network server and, in response to the request, implement security policies to prevent unauthorized access to the resource; a security component that is registerable with the Internet server during run-time, the security component having; a validation component to determine whether the request will pose a security risk to the network server by determining if a total number of characters defining all of the arguments of the request exceeds a maximum number of characters; and an integrity verification component to; determine whether the resource will pose a security risk to the network server upon receipt of the request; formulate a descriptor corresponding to the resource; compare the formulated descriptor with a cached descriptor, the cached descriptor corresponding to the resource and formulated when the resource is initially requested; determine that the resource is not a security risk if the formulated descriptor and the cached descriptor are equivalent; if the formulated descriptor and the cached descriptor are not equivalent, formulate a second descriptor corresponding to an original resource maintained on a file server remotely located from the network server, the resource being replicated from the original resource; compare the formulated descriptor with the second descriptor; and determine that the resource is not a security risk if the formulated descriptor and the second descriptor are equivalent. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer readable media containing a security application, comprising:
-
a security component that is registerable with an Internet server during run-time, the security component having; a validation component to determine whether a request for a resource poses a security risk by determining if a total number of characters defining all of the arguments of the request exceeds a maximum number of characters; and an integrity verification component to determine whether the resource poses a security risk, the integrity verification component further configured to; formulate a descriptor corresponding to the resource when the security application receives the request; compare the formulated descriptor with a cached descriptor, the cached descriptor corresponding to the resource and formulated when the resource is initially requested; if the formulated descriptor and the cached descriptor are not equivalent, formulate a second descriptor corresponding to an original resource remotely located, the resource being replicated from the original resource; compare the formulated descriptor with the second descriptor; and determine that the resource is not a security risk if the formulated descriptor and the second descriptor are equivalent. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
registering a security component with an Internet server during run-time; receiving a request for a replica resource stored on a computing device, the request designating a resource locator having a resource path identifying a location of the replica resource, the request further designating the resource locator having a plurality of arguments; implementing security policies to prevent unauthorized access to the replica resource; determining whether the request will pose a security risk if allowing the request, and allowing the request if said determining that the replica resource does not pose a security risk to the computing device; redirecting the request to indicate that the replica resource is not available if determining that the request poses a security risk to the computing device; determining that the request does not pose a security risk if individual arguments do not exceed a maximum number of characters, and if a total number of characters defining all of the arguments do not exceed a maximum number of characters; formulating a descriptor corresponding to the replica resource; comparing the formulated descriptor with a cached descriptor corresponding to an original resource stored on a second computing device remotely located from the computing device, the replica resource being replicated from the original resource; determining that the replica resource does not pose a security risk if the formulated descriptor and the cached descriptor are equivalent; if the formulated descriptor and the cached descriptor are not equivalent, formulating a second descriptor corresponding to the original resource; comparing the formulated descriptor with the second descriptor; and determining that the replica resource does not pose a security risk if the formulated descriptor and the second descriptor are equivalent. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method, comprising:
-
registering a security component with an Internet server during run-time; receiving a request for a resource; implementing security policies to prevent unauthorized access to the resource; determining whether the request will pose a security risk by determining if a total number of characters defining all of the arguments of the request exceeds a maximum number of characters; determining whether the resource will pose a security risk if allowing the request; formulating a descriptor corresponding to the resource; comparing the formulated descriptor with a cached descriptor corresponding to the resource and formulated when the resource is initially requested; determining that the resource does not pose a security risk if the formulated descriptor and the cached descriptor are equivalent; if the formulated descriptor and the cached descriptor are not equivalent, formulating a second descriptor corresponding to an original resource remotely located, the resource replicated from the original source; comparing the formulated descriptor with the second descriptor; and determining that the resource does not pose a security risk if the formulated descriptor and the second descriptor are equivalent. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
Specification