DATABASE SANDBOX
First Claim
1. A computer implemented system comprising the following computer executable components:
- a sandbox component that restricts an executable module in a database to access objects outside the database, an executor of the executable module with permission to access the object; and
a sandboxing attribute(s) for operation of the sandbox component.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods that qualify and/or restrict access of codes associated with a database to objects located outside thereof and in other databases—even though a person executing such code does in fact have permission to interact with the object that the code is attempting to access. A sandbox component can regulate access from one database to another database, by managing authenticator permission and/or trust permission levels. Hence, the set of privileges assigned to security execution context of an executable module (procedure, trigger, computed column) in an un-trusted database is restricted not to exceed a privilege set assigned to database owner.
-
Citations
20 Claims
-
1. A computer implemented system comprising the following computer executable components:
-
a sandbox component that restricts an executable module in a database to access objects outside the database, an executor of the executable module with permission to access the object; and a sandboxing attribute(s) for operation of the sandbox component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer implemented method of retrieving data comprising:
-
setting attributes associated with sandboxing a database by an administrator of a server; qualifying access of a code associated with the database to objects outside the database, the administrator with permission to access the objects. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer implemented system comprising the following computer executable components:
-
restricting means for restricting a code in a database to access objects in another database, and means for enabling the restricting means by an administrator of the database.
-
Specification