Database sandbox

US 8,326,872 B2
Filed: 02/22/2008
Issued: 12/04/2012
Est. Priority Date: 02/22/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented system comprising the following computer executable components:

a database having one or more computer-readable storage devices configured to store database objects; and

one or more computer-executable components, wherein the one or more computer-executable components, when executed, cause the computer implemented system to;

receive a request from an executable module to operate on a database object, wherein execution of the request has different permissions associated with each of;

(i) a database administrator;

(ii) a default authenticator who is a server user who becomes an authenticator for module security execution context instead of a database owner; and

(iii) one or more users, wherein the database administrator has less restrictive permissions than the default authenticator, database owner, and the one or more users;

determine that the request is to operate on a database object outside of the database;

identify an operator of the computer implemented system from whom the request from the executable module originated; and

qualify access to the database object by sandboxing the database, wherein the request of the executable module is treated such that;

when the request originated from one of the one or more users, access to the database object is based on permissions associated with the one of the one or more users and permissions associated with the default authenticator, whichever is more restrictive; and

when the request originated from the database administrator, access to the database object for the database administrator is based on permissions associated with the default authenticator, despite the database administrator having less restrictive permissions than the default authenticator, such that the database administrator is granted access to the database object in a manner that is more restrictive than defined by the permissions associated with the database administrator.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that qualify and/or restrict access of codes associated with a database to objects located outside thereof and in other databases—even though a person executing such code does in fact have permission to interact with the object that the code is attempting to access. A sandbox component can regulate access from one database to another database, by managing authenticator permission and/or trust permission levels. Hence, the set of privileges assigned to security execution context of an executable module (procedure, trigger, computed column) in an un-trusted database is restricted not to exceed a privilege set assigned to database owner.

51 Citations

View as Search Results

19 Claims

1. A computer implemented system comprising the following computer executable components:
- a database having one or more computer-readable storage devices configured to store database objects; and
  
  one or more computer-executable components, wherein the one or more computer-executable components, when executed, cause the computer implemented system to;
  
  receive a request from an executable module to operate on a database object, wherein execution of the request has different permissions associated with each of;
  
  (i) a database administrator;
  
  (ii) a default authenticator who is a server user who becomes an authenticator for module security execution context instead of a database owner; and
  
  (iii) one or more users, wherein the database administrator has less restrictive permissions than the default authenticator, database owner, and the one or more users;
  
  determine that the request is to operate on a database object outside of the database;
  
  identify an operator of the computer implemented system from whom the request from the executable module originated; and
  
  qualify access to the database object by sandboxing the database, wherein the request of the executable module is treated such that;
  
  when the request originated from one of the one or more users, access to the database object is based on permissions associated with the one of the one or more users and permissions associated with the default authenticator, whichever is more restrictive; and
  
  when the request originated from the database administrator, access to the database object for the database administrator is based on permissions associated with the default authenticator, despite the database administrator having less restrictive permissions than the default authenticator, such that the database administrator is granted access to the database object in a manner that is more restrictive than defined by the permissions associated with the database administrator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer implemented system of claim 1, wherein the default authenticator is also a database owner assigned to the database, and wherein the database owner has more restrictive permissions than the database administrator.
  - 3. The computer implemented system of claim 1, wherein the database administrator is also a database owner, such that the default authenticator is neither the database owner nor the database administrator.
  - 4. The computer implemented system of claim 1, further comprising an authorization trust link for database object access.
  - 5. The computer implemented system of claim 1, wherein the database object is within one or more Structured Query Language servers remote from the database.
  - 6. The computer implemented system of claim 1, wherein the executable module is contained within the database.
  - 7. The computer implemented system of claim 1, wherein the computer implemented system is further caused to determine whether the request is to operate on a database object within the database.
  - 8. The computer implemented system of claim 1, further comprising an anti-virus application that scans the executable module.

9. A computer implemented method of controlling retrieval of data, comprising:
- at a computing system that includes a database, receiving a request from executable code to operate on a database object, wherein the database has permissions associated with each of;
  
  a database administrator, a database owner, and one or more users, and wherein the permissions of the database administrator are unlimited;
  
  determining that the request is to operate on a database object outside of the database in the computing system;
  
  identifying an operator of the computing system from whom the request from the executable code originated; and
  
  qualifying access to the database object by applying a sandbox, such that;
  
  when the request originated from one of the one or more users, access to the database object is based on permissions associated with the one of the one or more users or the permissions associated with the database owner, whichever is more restrictive; and
  
  when the request originated from the database administrator, access to the database object for the database administrator is based on permissions associated with the database owner, despite the database administrator having unlimited permissions, such that the database administrator is granted only restricted access to the database object.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The computer implemented method of claim 9, further comprising:
    - accessing a sandboxing attribute, the sandboxing attribute identifying whether or not access to an untrusted database should be qualified.
  - 11. The computer implemented method of claim 10, wherein the sandboxing attribute is modifiable by the server administrator but not the database owner.
  - 12. The computer implemented method of claim 10, wherein when the sandboxing attribute identifies that access to the untrusted database should be qualified, access is restricted so that no operator can have access permissions greater than the permissions assigned to the database owner.
  - 13. The computer implemented method of claim 9, further comprising attaching an external database to a server of the computing system.
  - 14. The computer implemented method of claim 13, further comprising determining whether the external database is trusted.
  - 15. The computer implemented method of claim 14, wherein when the external database is trusted as expressed by an issued authentication, the external database is trusted as a local database.
  - 16. The computer implemented method of claim 14 further comprising limiting security execution context of executable code for the database to privileges assigned to the database owner except when:
    - (i) the request is to access a local database;
      
      or (ii) the request is to access a trusted database, in which case operators maintain their own permissions.
  - 17. The computer implemented method of claim 9, further comprising halting execution of the code.
  - 18. The computer implemented method of claim 9, further comprising establishing an authorization trust link for accessing objects of other databases.

19. A computer implemented system comprising the following computer executable components:
- a database that includes one or more computer readable storage devices configured to store database objects; and
  
  one or more computer-executable modules, wherein the one or more computer-executable modules, when executed, cause the computer implemented system to;
  
  receive a request from executable code to operate on a database object, wherein execution of the request has different permission sets associated with each of a database administrator, a database owner, and one or more users, wherein the database administrator has less restrictive permissions than the database owner and the one or more users;
  
  identify an operator causing the executable code to issue the request;
  
  determine whether the request is to operate on a database object outside of the database;
  
  when the request is to operate on a database object within the database, apply the permissions corresponding to the identified operator;
  
  when the request is to operate on a database object outside the database, determine whether the database object resides in an external database that is trusted by the database;
  
  when the external database is trusted, apply the permissions corresponding to the identified operator;
  
  when the external database is untrusted, qualify access to the database object by using a sandbox, such that;
  
  when the identified operator is one of the one or more users, access to the database object is based on permissions that are the more restrictive of the permissions associated with the one of the one or more users and the permissions associated with the database owner; and
  
  when the request originated from the database administrator, access to the database object for the database administrator is based on permissions associated with the database owner, despite the database administrator having less restrictive permissions than the database owner, such that the database administrator is granted access to the database object in a manner that is more restrictive than defined by the permissions associated with the database administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zwilling, Michael J., Garcia, Raul, Ovechkin, Ruslan Pavlovich
Primary Examiner(s)
Trujillo, James
Assistant Examiner(s)
Casanova, Jorge A

Application Number

US12/035,548
Publication Number

US 20090216768A1
Time in Patent Office

1,747 Days
Field of Search

707/999.009, 707781-787, 707/789, 707/694, 707/702, 707/687
US Class Current

707/783
CPC Class Codes

G06F 16/25 Integrating or interfacing ...

Database sandbox

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Database sandbox

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others