DATABASE SANDBOX

US 20090216768A1
Filed: 02/22/2008
Published: 08/27/2009
Est. Priority Date: 02/22/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented system comprising the following computer executable components:

a sandbox component that restricts an executable module in a database to access objects outside the database, an executor of the executable module with permission to access the object; and

a sandboxing attribute(s) for operation of the sandbox component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that qualify and/or restrict access of codes associated with a database to objects located outside thereof and in other databases—even though a person executing such code does in fact have permission to interact with the object that the code is attempting to access. A sandbox component can regulate access from one database to another database, by managing authenticator permission and/or trust permission levels. Hence, the set of privileges assigned to security execution context of an executable module (procedure, trigger, computed column) in an un-trusted database is restricted not to exceed a privilege set assigned to database owner.

Citations

20 Claims

1. A computer implemented system comprising the following computer executable components:
- a sandbox component that restricts an executable module in a database to access objects outside the database, an executor of the executable module with permission to access the object; and
  
  a sandboxing attribute(s) for operation of the sandbox component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer implemented system of claim 1 further comprising a set of privileges assignable to the executable module.
  - 3. The computer implemented system of claim 1 further comprising a default database authenticator.
  - 4. The computer implemented system of claim 3 further comprising an authorization trust link for object access.
  - 5. The computer implemented system of claim 3, the database associated with a database management system with Structured Query Language servers.
  - 6. The computer implemented system of claim 3, the executable module is contained within the database.
  - 7. The computer implemented system of claim 6, the sandbox component further comprises an authenticator component.
  - 8. The computer implemented system of claim 7, a stored procedure with assignable privileges by the authenticator component.
  - 9. The computer implemented system of claim 7 further comprising an anti-virus application that scans the code.

10. A computer implemented method of retrieving data comprising:
- setting attributes associated with sandboxing a database by an administrator of a server;
  
  qualifying access of a code associated with the database to objects outside the database, the administrator with permission to access the objects.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The computer implemented method of claim 10 further comprising authenticating security execution by an owner of the database.
  - 12. The computer implemented method of claim 10 further comprising assigning set of privileges to security execution context.
  - 13. The computer implemented method of claim 10 further comprising executing the code to level assigned privileges.
  - 14. The computer implemented method of claim 10 further comprising attaching an external database to the server.
  - 15. The computer implemented method of claim 14 further comprising determining whether the code requires accessing an object in another database.
  - 16. The computer implemented method of claim 15 further comprising executing the code.
  - 17. The computer implemented method of claim 15 further comprising halting execution of the code.
  - 18. The computer implemented method of claim 15 further comprising establishing an authorization trust link for accessing objects of other databases.
  - 19. The computer implemented method of claim 15 further comprising limiting security execution context of executable model for the database to privileges assigned to owner of the database.

20. A computer implemented system comprising the following computer executable components:
- restricting means for restricting a code in a database to access objects in another database, andmeans for enabling the restricting means by an administrator of the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ovechkin, Ruslan Pavlovich, Zwilling, Michael J., Garcia, Raul

Granted Patent

US 8,326,872 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/25 Integrating or interfacing ...

DATABASE SANDBOX

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATABASE SANDBOX

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links