Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2004-03-10
2009-02-03
Vital, Pierre M (Department: 2169)
Data processing: database and file management or data structures
Database design
Data structure types
C726S023000, C707S793000
Reexamination Certificate
active
07487149
ABSTRACT:
One embodiment of the present invention provides a system that facilitates using query signatures to provide security for a database system. During operation, the database system receives a query. Next, the system parses the query to determine a signature for the query. This signature specifies a structure based on operators for the query and is independent of the value of literals in the query. The system then determines if the signature can be found in a signature cache which contains valid query signatures. If so, the system processes the query.
REFERENCES:
patent: 4991087 (1991-02-01), Burkowski et al.
patent: 5819288 (1998-10-01), De Bonet
patent: 6167523 (2000-12-01), Strong
patent: 6240407 (2001-05-01), Chang et al.
patent: 6347314 (2002-02-01), Chidlovskii
patent: 6557009 (2003-04-01), Singer et al.
patent: 7194451 (2007-03-01), Chaudhuri et al.
patent: 2003/0014394 (2003-01-01), Fujiwara et al.
ASP Alliance, http://www.aspalliance.com, Dec. 29, 2003.
The PHP Group, http://www.php.net/, Nov. 27, 2003.
Waybackmachine, http://web.archive.org/web/20031229145454/http://authors/aspalliance.com/aspxtreme/webforms/validation/introductiontovalidatinguserinputinwebforms.aspx.
Waybackmachine, http://web.archive.org/web/20031127041408/http://us2.php.net/errorfunc.
PBDR, http://pbdr.com/vbtips/asp/ReplaceSQL.htm, Jun. 24, 2003 Waybackmachine, http://web.archive.org/web/20030624033542/http://www.pbdr.com/vbtips/asp/ReplaceSQL.htm.
Sin Yeung Lee et al.: “Learning fingerprints for a database intrusion dectection system” Computer security—Esorics 2002. 7thEuropean Symposium on Research in Computer Security. Proceedings (Lecture Notes in Computer Science vol. 2502) Springer-Verlag Berlin Germany, ′Online! 2002, pp. 264-279, XP002336186 ISBN: 3-540-44345-2 Retrieved from the Internet: URL:http://www.springerlink.com/media/87EXNPMXRL03JQ64QWTM/Contributions/N/T/K/1/NTK16QDVfJHRBDJA.pdf 'retrieved on Jul. 14, 2005.
Daniel Lutz: “Vertiedigung gegen SQL-Injection-Angriffe” Semesterarbeit Department Für Informatik Eidgenössische Technische Hochschule Zürich, CH Retrieved from the Internet URL:http://www.infsec.ethz.ch/people/psevinc/sqliadReport/pdf> 'retrieved on Jul. 14, 2005.
Chris Anley: “Advanced SQL Injection In SQL Server Applications” NGSSOFTWARE Insight Security Research (NISR) Publication, “Online! 2002, pp. 1-25, XP002336188 Retrieved from the Internet” URL:http://www.nextgenss.com/papers/advanced—sql—injection.pdf> 'retrieved on Jul. 14, 2005.
Publication: “Access control in a relational data base management system by query modification” by Stonebraker and Wong, Proc.ACM Ann. Conf. San Diego, Ca, Nov. 1974, pp. 180-187.
Grundler Edward J.
Oracle International Corporation
Park Vaughan & Fleming LLP
Raab Christopher J
Vital Pierre M
LandOfFree
Method and apparatus for providing query-level security in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for providing query-level security in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for providing query-level security in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4089988