Systems and methods that optimize row level database security
The systems and methods of the present invention facilitate database row-level security by utilizing SQL extensions to create and associate named security expressions with a query initiator(s). Such expressions include Boolean expressions, which must be satisfied by a row of data in order for that d...
Saved in:
Main Authors | , , , , |
---|---|
Format | Patent |
Language | English |
Published |
09.02.2010
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The systems and methods of the present invention facilitate database row-level security by utilizing SQL extensions to create and associate named security expressions with a query initiator(s). Such expressions include Boolean expressions, which must be satisfied by a row of data in order for that data to be made accessible to the query initiator. In general, a query is augmented with security expressions, which are aggregated and utilized during querying rows of data. The systems and methods variously place security expressions within a query in order to optimize query performance while mitigating information leaks. This is achieved by tagging security expressions as special and utilizing rules of predicate to pull or push non-security expressions above or below security expressions, depending on the likelihood of a non-security being safe, as determined via a static and/or dynamic analysis. |
---|---|
Bibliography: | Application Number: US20040885815 |