Firewalls for securing customer data in a multi-tenant environment
First Claim
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
- storing data for each of multiple tenants in at least one database of a database system having hardware and software that is shared by the multiple tenants, wherein the data stored for each of the multiple tenants is located in a logically separate partition of the at least one database;
providing users of each of the multiple tenants access to the database system including;
receiving login information from the user,verifying the user using the login information, andin response to the verification, logging an authentication of the user including a login of the user to the database system, wherein the logged authentication includes a date and time of the login;
providing each of the multiple tenants network access to the at least one database by;
receiving, over a network at one or more load balancing servers, requests from the users of the tenants to access the data stored in the at least one database, wherein the load balancing servers implement load balancing functions,distributing the requests from the one or more load balancing servers to one or more firewall servers, according to the load balancing functions,forwarding the requests from the one or more firewall servers to one or more application servers, wherein the application servers are each communicably coupled to the at least one database for retrieving the data requested by the tenants, andlogging an authorization of the users including the requests for which the data isretrieved from the at least one database;
providing a query plan detection module as a component separate from the at least one database, wherein the query plan detector module executes a process that runs independently of the at least one database;
polling the database system for query plans of users of the multiple tenants by the query plan detection module, wherein the query plans each include a set of steps used to access at least a portion of the data in the at least one database of the database system;
analyzing the query plans of the users of the multiple tenants by the query plan detection module;
determining by the query plan detection module whether at least one of the query plans of the users of the multiple tenants is suspect, including;
determining that the at least one of the query plans of the users of the multiple tenants is suspect when the at least one of the query plans of the users of the multiple tenants is of a predetermined type;
in response to determining that at least one of the query plans of the users of the multiple tenants is suspect, logging information associated with the suspect at least one query plan, the information indicating the query plan and an identifier of the user;
wherein, for each of the requests to access the data received from the users of the tenants, the one or more firewall servers;
record first information, the first information identifying a first tenant and a first user of the first tenant from which the request was received,receive, in a response to the request generated by one of the application servers, second information identifying a second tenant and a second user of the second tenant to which the response is destined, andcompare the recorded first information with the received second information to verify that the recorded first information matches the received second information and that the response generated by the one of the application servers is being sent to the first user of the first tenant from which the request to access the data was received.
1 Assignment
0 Petitions
Accused Products
Abstract
Network security is enhanced in a multi-tenant database network environment using a query plan detection module to continually poll the database system to locate and raise an alert for suspect query plans. Security also can be enhanced using a firewall system sitting between the application servers and the client systems that records user and organization information for each client request received, compares this with information included in a response from an application server, and verifies that the response is being sent to the appropriate user. Security also can be enhanced using a client-side firewall system with logic executing on the client system that verifies whether a response from an application server is being sent to the appropriate user system by comparing user and organization id information stored at the client with similar information in the response.
-
Citations
19 Claims
-
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
-
storing data for each of multiple tenants in at least one database of a database system having hardware and software that is shared by the multiple tenants, wherein the data stored for each of the multiple tenants is located in a logically separate partition of the at least one database; providing users of each of the multiple tenants access to the database system including; receiving login information from the user, verifying the user using the login information, and in response to the verification, logging an authentication of the user including a login of the user to the database system, wherein the logged authentication includes a date and time of the login; providing each of the multiple tenants network access to the at least one database by; receiving, over a network at one or more load balancing servers, requests from the users of the tenants to access the data stored in the at least one database, wherein the load balancing servers implement load balancing functions, distributing the requests from the one or more load balancing servers to one or more firewall servers, according to the load balancing functions, forwarding the requests from the one or more firewall servers to one or more application servers, wherein the application servers are each communicably coupled to the at least one database for retrieving the data requested by the tenants, and logging an authorization of the users including the requests for which the data is retrieved from the at least one database; providing a query plan detection module as a component separate from the at least one database, wherein the query plan detector module executes a process that runs independently of the at least one database; polling the database system for query plans of users of the multiple tenants by the query plan detection module, wherein the query plans each include a set of steps used to access at least a portion of the data in the at least one database of the database system; analyzing the query plans of the users of the multiple tenants by the query plan detection module; determining by the query plan detection module whether at least one of the query plans of the users of the multiple tenants is suspect, including; determining that the at least one of the query plans of the users of the multiple tenants is suspect when the at least one of the query plans of the users of the multiple tenants is of a predetermined type; in response to determining that at least one of the query plans of the users of the multiple tenants is suspect, logging information associated with the suspect at least one query plan, the information indicating the query plan and an identifier of the user; wherein, for each of the requests to access the data received from the users of the tenants, the one or more firewall servers; record first information, the first information identifying a first tenant and a first user of the first tenant from which the request was received, receive, in a response to the request generated by one of the application servers, second information identifying a second tenant and a second user of the second tenant to which the response is destined, and compare the recorded first information with the received second information to verify that the recorded first information matches the received second information and that the response generated by the one of the application servers is being sent to the first user of the first tenant from which the request to access the data was received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A multi-tenant database system, comprising:
-
a processor; and one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; storing data for each of multiple tenants in at least one database of a database system having hardware and software that is shared by the multiple tenants, wherein the data stored for each of the multiple tenants is located in a logically separate partition of the at least one database; providing users of each of the multiple tenants access to the database system including; receiving login information from the user, verifying the user using the login information, and in response to the verification, logging an authentication of the user including a login of the user to the database system, wherein the logged authentication includes a date and time of the login; providing each of the multiple tenants network access to the at least one database by; receiving, over a network at one or more load balancing servers, requests from the users of the tenants to access the data stored in the at least one database, wherein the load balancing servers implement load balancing functions, distributing the requests from the one or more load balancing servers to one or more firewall servers, according to the load balancing functions, forwarding the requests from the one or more firewall servers to one or more application servers, wherein the application servers are each communicably coupled to the at least one database for retrieving the data requested by the tenants, and logging an authorization of the users including the requests for which the data is retrieved from the at least one database; providing a query plan detection module as a component separate from the at least one database, wherein the query plan detector module executes a process that runs independently of the at least one database; polling the database system for query plans of users of the multiple tenants by the query plan detection module, wherein the query plans each include a set of steps used to access at least a portion of the data in the at least one database of the database system; analyzing the query plans of the users of the multiple tenants by the query plan detection module; determining by the query plan detection module whether at least one of the query plans of the users of the multiple tenants is suspect, including; determining that the at least one of the query plans of the users of the multiple tenants is suspect when the at least one of the query plans of the users of the multiple tenants is of a predetermined type; in response to determining that at least one of the query plans of the users of the multiple tenants is suspect, logging information associated with the suspect at least one query plan, the information indicating the query plan and an identifier of the user; wherein, for each of the requests to access the data received from the users of the tenants, the one or more firewall servers; record first information, the first information identifying a first tenant and a first user of the first tenant from which the request was received, receive, in a response to the request generated by one of the application servers, second information identifying a second tenant and a second user of the second tenant to which the response is destined, and compare the recorded first information with the received second information to verify that the recorded first information matches the received second information and that the response generated by the one of the application servers is being sent to the first user of the first tenant from which the request to access the data was received.
-
-
19. A method, comprising:
-
storing data for each of multiple tenants in at least one database of a database system having hardware and software that is shared by the multiple tenants, wherein the data stored for each of the multiple tenants is located in a logically separate partition of the at least one database; providing users of each of the multiple tenants access to the database system including; receiving login information from the user, verifying the user using the login information, and in response to the verification, logging an authentication of the user including a login of the user to the database system, wherein the logged authentication includes a date and time of the login; providing each of the multiple tenants network access to the at least one database by; receiving, over a network at one or more load balancing servers, requests from the users of the tenants to access the data stored in the at least one database, wherein the load balancing servers implement load balancing functions, distributing the requests from the one or more load balancing servers to one or more firewall servers, according to the load balancing functions, forwarding the requests from the one or more firewall servers to one or more application servers, wherein the application servers are each communicably coupled to the at least one database for retrieving the data requested by the tenants, and logging an authorization of the users including the requests for which the data is retrieved from the at least one database; providing a query plan detection module as a component separate from the at least one database, wherein the query plan detector module executes a process that runs independently of the at least one database; polling the database system for query plans of users of the multiple tenants by the query plan detection module, wherein the query plans each include a set of steps used to access at least a portion of the data in the at least one database of the database system; analyzing the query plans of the users of the multiple tenants by the query plan detection module; determining by the query plan detection module whether at least one of the query plans of the users of the multiple tenants is suspect, including; determining that the at least one of the query plans of the users of the multiple tenants is suspect when the at least one of the query plans of the users of the multiple tenants is of a predetermined type; in response to determining that at least one of the query plans of the users of the multiple tenants is suspect, logging information associated with the suspect at least one query plan, the information indicating the query plan and an identifier of the user; wherein, for each of the requests to access the data received from the users of the tenants, the one or more firewall servers; record first information, the first information identifying a first tenant and a first user of the first tenant from which the request was received, receive, in a response to the request generated by one of the application servers, second information identifying a second tenant and a second user of the second tenant to which the response is destined, and compare the recorded first information with the received second information to verify that the recorded first information matches the received second information and that the response generated by the one of the application servers is being sent to the first user of the first tenant from which the request to access the data was received.
-
Specification