Error message redaction in query processing
US10733189B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 7, 2017 |
| Grant date | Aug 4, 2020 |
| Priority date | — |
| Expiry date | Aug 25, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/6227
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Query processors often receive queries to be processed against a data set, such as by inserting user input into parameterized fields of a query template. Some queries may be manipulated by user input (e.g., injection attacks) to introduce intentional errors in the query, where the error message reveals a protected detail about the data set, such as the existence or number of records or tables, the data set schema, and/or the configuration of the query processor. Instead, when the processing of a query results in an error message that contains a protected detail about the data set (including the query processor), the error message may be redacted to redact the protected detail before providing a redacted error message that avoids revealing information that might otherwise be usable to exploit the contents of the data set and/or the integrity of the data processor.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.