Impersonating request-based security in connection-based security environment

    公开(公告)号:US12058176B1

    公开(公告)日:2024-08-06

    申请号:US17161491

    申请日:2021-01-28

    CPC classification number: H04L63/20 H04L63/0807 H04L63/0876 H04L63/1483

    Abstract: A connection-based service impersonates request-based security for requests from clients that do not include credentials for the requests (e.g., data plane requests made via a connection-oriented security). A connection between a client and a connection-based service is established based on connection credentials that are based on security credentials from a request-based security service. The credentials are sent by a security component of the service to a local agent of the remote security service to be authenticated by the security service. An impersonation token is returned by the security service and cached by the local agent. Requests from the client to perform operations do not include credentials. For each request, the service passes an identifier for the client and the operation to a local authorization component that calls the agent for authorization of the requested operation. The agent uses the impersonation token to obtain authorization for the requested operation.

    Aggregating and emitting database activity record batches

    公开(公告)号:US11481397B1

    公开(公告)日:2022-10-25

    申请号:US16356335

    申请日:2019-03-18

    Abstract: Techniques for aggregating and emitting database activity record batches are described. Database activity records can be written to a shared memory queue and emitted to a destination using a remote procedure call (RPC). Individual database connection server processes can write client activity records to the queue. An activity monitor plugin in the database engine can monitor the audit records and aggregate the audit records into batches. Batches of audit records can be sent via RPC to their final or intermediate destination. Each instance host in a database service can include a client backend process configured to define how to submit audit records to shared memory. The activity monitor plugin can batch audit records in to messages and submit those messages via RPC to a security host manager and relaying response back to each relevant client backend.

    IMPERSONATING REQUEST-BASED SECURITY IN CONNECTION-BASED SECURITY ENVIRONMENT

    公开(公告)号:US20240356985A1

    公开(公告)日:2024-10-24

    申请号:US18762541

    申请日:2024-07-02

    CPC classification number: H04L63/20 H04L63/0807 H04L63/0876 H04L63/1483

    Abstract: A connection-based service impersonates request-based security for requests from clients that do not include credentials for the requests (e.g., data plane requests made via a connection-oriented security). A connection between a client and a connection-based service is established based on connection credentials that are based on security credentials from a request-based security service. The credentials are sent by a security component of the service to a local agent of the remote security service to be authenticated by the security service. An impersonation token is returned by the security service and cached by the local agent. Requests from the client to perform operations do not include credentials. For each request, the service passes an identifier for the client and the operation to a local authorization component that calls the agent for authorization of the requested operation. The agent uses the impersonation token to obtain authorization for the requested operation.

    Database proxy
    7.
    发明授权

    公开(公告)号:US11500824B1

    公开(公告)日:2022-11-15

    申请号:US15478017

    申请日:2017-04-03

    Abstract: A proxy server acts as an intermediary between a database client and a database server. The proxy server is configured with a set of user-defined rules. When a request is received from the database client, the proxy server may apply rules that modify, route, reject, log, or pass the request to the database server. Individual rules may be based on attributes of the client computer system, database server, or the request itself. In one embodiment, a rule may be used to translate a request from a format provided by the client into a format preferred by a destination database. In one embodiment, a rule may route a particular request to one of a number of databases based on the nature of the request.

    Database proxy connection management

    公开(公告)号:US11182496B1

    公开(公告)日:2021-11-23

    申请号:US15478010

    申请日:2017-04-03

    Abstract: A proxy server acts as an intermediary between a database client and a database server. The proxy server establishes and maintains a set of logical connections to the database server. The proxy server receives a request from the database client, and generates a set of database commands that, when performed by the database server, are capable of fulfilling the request. The proxy server selects a particular logical connection from the set of logical connections based at least in part on a characteristic of the request, and submits the set of database commands to the database server via the selected particular logical connection. In various examples, the particular logical connection is selected so that various performance, efficiency, and security objectives are achieved.

    Database command replay
    9.
    发明授权

    公开(公告)号:US11106540B1

    公开(公告)日:2021-08-31

    申请号:US15477989

    申请日:2017-04-03

    Abstract: A proxy server receives requests from a client computer system and generates corresponding sets of database commands that are capable of fulfilling the requests when submitted to a database server. The proxy server may repeat processing associated with a particular request more than once under different operational conditions in order to improve future performance. In some examples, the proxy server submits a particular database command sequence to the database server using various operational parameters, and measures the performance of each submission to identify a particular set of operational parameters to be applied to the database server with future submissions. In another example, the proxy server determines a number of alternative command sequences that fulfill a particular request, and measures the performance of each of the alternative command sequences to determine how command sequences are generated for future requests.

Patent Agency Ranking