Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-08-04
2001-09-04
Homere, Jean R. (Department: 2177)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C707S793000, C707S793000, C709S202000, C709S229000, C713S152000
Reexamination Certificate
active
06286104
ABSTRACT:
BACKGROUND
This invention relates to relational database management systems. More particularly, a system and methods are provided for allowing a middle-tier server in a relational database system to perform database operations on behalf of clients in a manner that ensures proper authentication, accountability and auditing at each tier.
Relational database management systems often employ a multi-tier structure to manage access to data stored in the system. A three-tier structure, for example, may comprise a database server storing data, a middle-tier server (e.g., an application server) and any number of clients (e.g., users or processes requiring access to the data). In this structure clients may connect to the middle-tier server which then accesses the data stored on the database server.
Existing systems and methods by which a middle-tier server accesses data on a database server and is able to perform operations on behalf of clients possess inherent deficiencies and vulnerabilities. In one method, the middle-tier server acts as a sort of “super” client that has sufficient privileges and roles to access any data that a client may require and perform virtually any operation, that is possible on the database server. In another method, the middle-tier server assumes a particular client's identity, including privileges and roles, in order to access data and perform database operations on a client's behalf.
The first method, in which the middle-tier server acts as a “super” client, makes the data and database server vulnerable to the middle-tier server. For example, if the operator or administrator of the database server has little or no oversight of the middle-tier server, or the operator of the middle-tier server is unscrupulous or incompetent, the database may be at risk of unauthorized alteration. Because the middle-tier server is connected under cover of its own identity, there is typically no way for the database server to tell which client, if any, the middle-tier server is acting for. Further, there is generally no way to limit the operations that may be performed by a middle-tier server acting on behalf of a client, as opposed, for example, to when the client connects directly to the database server. In short, in an environment in which a middle-tier server can act as a “super” client with an abundance of privileges, there is little, if any, possibility of accurate and reliable authentication, accountability and auditing of the super client's behavior.
The second method is little better. Here the middle-tier server takes on the identity of a user, including its privileges or roles, in order to access the database server. Typically, the middle-tier server does this by establishing a connection to the database server in the name of the client using the client's password. This method therefore requires the middle-tier server to retain sensitive information concerning each client for which it may act (e.g., password). There is nothing, however, to keep the middle-tier server from assuming one client's identity (e.g., one with high-level privileges) and performing database operations on its own behalf or on behalf of a different user. As with the first method there is little, if any, accountability over the middle-tier server's actions and no way to verify, through auditing or otherwise, which actions are being performed by the server itself and which actions are performed on behalf of the client.
Thus, there is a need for a relational database system that allows a database administrator to limit or restrict the authority and ability of middle-tier servers. In such a system a middle-tier server's actions would be auditable and the administrator would be able to limit the privileges and/or roles of clients and middle-tier servers when a client connects to a data server through a middle-tier server.
SUMMARY
In one embodiment of the invention a database system is provided in which a middle-tier server's database operations on behalf of clients and/or on its own behalf may be restricted or controlled. A database system according to this embodiment includes one or more data servers, a plurality of clients and one or more middle-tier servers through which clients may connect to the data server(s). In one particular embodiment of the invention a client is a web browser and a middle-tier server is an application server such as a web server.
A middle-tier server through which clients connect to a data server is configured to connect to (e.g., establish a session with) a data server under the middle-tier server's own identity (e.g., application name, server name). However, the middle-tier server is also configured to establish sessions for one or more clients in order to perform database operations on their behalf. In these client sessions the middle-tier server connects using the clients' identities (e.g., usernames). When connected under its own identity, the middle-tier server is granted a limited set of roles or privileges, thus preventing it from performing undesired operations and carrying out operations that clients are not authorized to perform. Requiring the middle-tier server to perform client operations under a client's identity promotes proper authentication and accountability for a database administrator. Advantageously, in this embodiment of the invention the middle-tier server need not retain or use sensitive client information such as passwords in order to establish a client session.
In one embodiment of the invention a middle-tier server establishes its own session with a data server before it can perform data operations on the data server on behalf of a client. When the middle-tier server establishes its own session under its own identity, it receives a credential from the data server that it is to use when connecting on behalf of a client. When a client later requires an operation on the data server, the middle-tier server establishes a client session that is separate from the middle-tier server's session. In this embodiment, the middle-tier server establishes the session in the client's name (e.g., username) but, instead of storing and using the client's password, the middle-tier server uses the credential received from the data server to verify the connection (i.e., in place of the client's password). Thereafter, the middle-tier server may switch from one session or connection to another in order to perform a database operation for a particular client or for itself.
In this embodiment, a client is authenticated to the middle-tier server to which the client first connects. Each middle-tier server situated between the client and a target data server may then be trusted to provide the client's true identity to a succeeding middle-tier server and, finally, the data server. Similarly, a final middle-tier server is authenticated to the data server before the data server allows the middle-tier server to perform database operations on a client's behalf. In another embodiment of the invention, data servers may be authenticated to middle-tier servers and middle-tier servers may be authenticated to clients.
REFERENCES:
patent: 5586260 (1996-12-01), Hu
patent: 5604490 (1997-02-01), Blakley, III et al.
patent: 5764890 (1998-06-01), Glasser et al.
patent: 5875296 (1999-02-01), Shi et al.
patent: 5913025 (1999-06-01), Higley et al.
patent: 6023684 (2000-02-01), Pearson
patent: 6052785 (2000-04-01), Lin et al.
patent: 6067623 (2000-05-01), Blakley, III et al.
patent: 6076092 (2000-06-01), Goldberg et al.
patent: 6115040 (2000-09-01), Bladow et al.
patent: 6134594 (2000-10-01), Helland et al.
patent: 6141759 (2000-10-01), Braddy
Buhle Gordon
Wessman Richard R.
Homere Jean R.
Oracle Corporation
Park Vaughan & Fleming LLP
Wassum Luke S
LandOfFree
Authentication and authorization in a multi-tier relational... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication and authorization in a multi-tier relational..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication and authorization in a multi-tier relational... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2449930