06286104 is referenced by 196 patents and cites 12 patents.

A method is provided for ensuring effective and accurate authentication and authorization in an N-tier relational database management system. An N-tier relational database management system comprises a set of clients, one or more data servers and one or more middle-tier servers through which the clients may access the data servers. A method is provided for enabling a middle-tier server to connect to a data server and perform database operations on behalf of a client while promoting the ability to ensure the middle-tier server does not exceed its authorized privileges or roles. In this method a middle-tier server first establishes a session with the data server using the middle-tier server's own identity (e.g., username) and verification (e.g., password). The middle-tier server may be granted limited roles when acting under its own identity in order to prevent it from performing unauditable or unaccountable operations on behalf of clients. The middle-tier server receives from the data server a credential that it provides when it needs to operate on behalf of a client. In this method, after the middle-tier server establishes its own session and receives a credential, it may then establish a session with the data server using the identity (e.g., username) of a client. Instead of storing and using the client's password, however, the middle-tier server presents the credential to the data server as verification of its authorization to access the database. The middle-tier server may then switch between clients' sessions and its own session to perform database operations.

Authentication and authorization in a multi-tier relational database management system
Application Number
Publication Number
6286104 (B1)
Application Date
August 4, 1999
Publication Date
September 4, 2001
Richard R Wessman
Gordon Buhle
Boulder Creek
Park Vaughan & Fleming
Oracle Corporation
G06F 17/30
View Original Source