公开(公告)号：US11277435B2

公开(公告)日：2022-03-15

申请号：US15705113

申请日：2017-09-14

Applicant: Oracle International Corporation

Inventor： Krishna Mohan Itikarlapalli ,  Santanu Datta ,  Srinath Krishnaswamy ,  Lakshminarayanan Chidambaran ,  Rajesh Kumar ,  Sumit Sahu ,  Rajendra Pingte

IPC: H04L29/00 ,  H04L29/06 ,  G06F9/54 ,  G06F16/00

Abstract: Techniques described herein improve database security by reducing network attack surface area in conjunction with deep input validation. In an embodiment, a database session receives one or more network packets sent via a network, the database session including a database session state that specifies one or more database privileges. The database session reads said one or more network packets into one or more request-packet-buffers, wherein said one or more request-packet-buffers include an RPC op code for a database operation. Based on the one or more database privileges associated with the user associated with the database session, the database session determines whether the RPC op code may be executed. In response to determining that the RPC op code may be executed by said database session, the RPC op code is executed. In response to determining that the op code may not be executed by said database session, the execution of the RPC op code is prevented.

公开(公告)号：US20180077196A1

公开(公告)日：2018-03-15

申请号：US15705113

申请日：2017-09-14

Applicant: Oracle International Corporation

Inventor： Krishna Mohan Itikarlapalli ,  Santanu Datta ,  Srinath Krishnaswamy ,  Lakshminarayanan Chidambaran ,  Rajesh Kumar ,  Sumit Sahu ,  Rajendra Pingte

IPC: H04L29/06

CPC classification number: H04L63/1441 ,  G06F9/547 ,  G06F16/00 ,  H04L63/0245 ,  H04L63/102

Abstract: Techniques described herein improve database security by reducing network attack surface area in conjunction with deep input validation. In an embodiment, a database session receives one or more network packets sent via a network, the database session including a database session state that specifies one or more database privileges. The database session reads said one or more network packets into one or more request-packet-buffers, wherein said one or more request-packet-buffers include an RPC op code for a database operation. Based on the one or more database privileges associated with the user associated with the database session, the database session determines whether the RPC op code may be executed. In response to determining that the RPC op code may be executed by said database session, the RPC op code is executed. In response to determining that the op code may not be executed by said database session, the execution of the RPC op code is prevented.