Identifying an application user as a source of database activity
First Claim
Patent Images
1. A method of determining a web application user as a source of database activity comprising:
- receiving, via a first thread, a communication associated with a web application user, the web application user having authenticated to a web application using a first set of credentials;
associating a second thread spawned by the web application in response to the communication, with the web application user, wherein the association is based at least in part on mapping a session identifier of the second thread to an identifier associated with the web application user;
associating the web application user with a database query generated by the second thread, wherein the second thread uses a second set of credentials, that are independent of the web application user and associated with the web application, to access a database for the database query, the database being separate from the web application, wherein associating the web application user with a database query comprises generating a dummy query containing an indicator associated with web application user;
providing the dummy query to a downstream database security monitor to indicate that the database query is associated with the web application user, wherein the dummy query is ignored by the database, and wherein the dummy query indicates that any subsequent queries received from the web application over the second thread are associated with the web application user; and
providing an interface for auditing and intrusion detection functionality, wherein the interface allows identification of a user associated with a database anomaly using at least in part the dummy query provided to the downstream database security monitor.
3 Assignments
0 Petitions
Accused Products
Abstract
Determining an application user as a source of database activity is disclosed. A communication is received. A thread that is configured to handle the communication is associated with an application user with which the communication is associated. The application user is associated with a database query generated by the thread.
19 Citations
17 Claims
-
1. A method of determining a web application user as a source of database activity comprising:
-
receiving, via a first thread, a communication associated with a web application user, the web application user having authenticated to a web application using a first set of credentials; associating a second thread spawned by the web application in response to the communication, with the web application user, wherein the association is based at least in part on mapping a session identifier of the second thread to an identifier associated with the web application user; associating the web application user with a database query generated by the second thread, wherein the second thread uses a second set of credentials, that are independent of the web application user and associated with the web application, to access a database for the database query, the database being separate from the web application, wherein associating the web application user with a database query comprises generating a dummy query containing an indicator associated with web application user; providing the dummy query to a downstream database security monitor to indicate that the database query is associated with the web application user, wherein the dummy query is ignored by the database, and wherein the dummy query indicates that any subsequent queries received from the web application over the second thread are associated with the web application user; and providing an interface for auditing and intrusion detection functionality, wherein the interface allows identification of a user associated with a database anomaly using at least in part the dummy query provided to the downstream database security monitor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 16)
-
-
10. A system for determining a web application user as a source of database activity, including:
-
a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to; receive, via a first thread, a communication associated with a web application user, the application user having authenticated to an application using a first set of credentials; associate a second thread, spawned by the application in response to the communication, with the web application user, wherein the association is based at least in part on mapping a session identifier of the second thread to the identifier associated with the web application user; associate the web application user with a database query generated by the second thread, wherein the second thread uses a second set of credentials, that are independent of the web application user and associated with the web application, to access a database for the database query, the database being separate from the web application, wherein associating the web application user with a database query comprises generating a dummy query containing an indicator associated with web application user; provide the dummy query to a downstream database security monitor to indicate that the database query is associated with the web application user, wherein the dummy query is ignored by the database, and wherein the dummy query indicates that any subsequent queries received from the web application over the second thread are associated with the web application user; and provide an interface for auditing and intrusion detection functionality, wherein the interface allows identification of a user associated with a database anomaly using at least in part the dummy query provided to the downstream database security monitor. - View Dependent Claims (14, 15, 17)
-
-
11. A computer readable medium for storing a computer program of instructions configured to be readable by at least one processor for determining a web application user as a source of database activity, the computer readable medium being embodied in a computer readable medium and comprising computer instructions for:
-
receiving, via a first thread, a communication associated with a web application user, the web application user having authenticated to a web application using a first set of credentials; associating a second thread, spawned by the web application in response to the communication, with the web application user, wherein the association is based at least in part on mapping a session identifier of the second thread to the identifier associated with the web application user; and associating the web application user with a database query generated by the thread, wherein the thread uses a second set of credentials, that are independent of the web application user and associated with the web application, to access a database for the database query, the database being separate from the web application, wherein associating the web application user with a database query comprises generating a dummy query containing an indicator associated with web application user; providing the dummy query to a downstream database security monitor to indicate that the database query is associated with the web application user, wherein the dummy query is ignored by the database, and wherein the dummy query indicates that any subsequent queries received from the web application over the second thread are associated with the web application user; and providing an interface for auditing and intrusion detection functionality, wherein the interface allows identification of a user associated with a database anomaly using at least in part the dummy query provided to the downstream database security monitor.
-
Specification