Two phase intermediate query security using access control

Assignee

• International Business Machines Corporation · US

Inventors

• Nicholas K. Puz · San Jose, US
• Randal J. Richardt · San Jose, US
• Rupa Bhaghavan · San Jose, US
• Vitaliy Bondar · San Jose, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99939
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method, system and article of manufacture for two phase intermediate query security using access control. A networked client-server computer system having a plurality of users of the client-server system and including software performing database queries via a DBMS for users of the system implements the method. The method includes receiving a query string from one of the users by the client system, the query string including references to database objects. The received query string is transformed by the client system to an intermediate query string, and a first phase query security is performed by the client system including identifying the referenced database objects and inserting a security marker into the intermediate query string for each respective identified database object, and sending the intermediate query string to the server system. Access control checks are performed by the server system on the inserted security markers in the intermediate query string, and the inserted security markers are replaced with corresponding DBMS code to enforce access control.