1. Field of the Invention
The present invention generally relates to data security systems and, in particular, to a system and method for preventing unauthorized access of a information stored within a column of a data table.
2. Related Art
Current database systems store a variety of information, and it is often desirable to keep the information stored within many database systems private. Therefore, in many applications, it is important to allow only authorized users to access the information stored within a database system. Furthermore, it is often desirable for authorized users to access the information within the database system from remote locations.
In many prior art systems, a server at the premises of the database system is utilized to enable remote access to the database system. To retrieve data from the database system remotely, an authorized user establishes communication with the server, and the server verifies that the user is an authorized user. For example, the server typically requires the user to enter a valid password before allowing the user to connect to the database system. If the user enters a valid password, then the server allows the user""s computer (the client) to connect to the database system. The client then queries the database system through Structured Query Language (SQL) queries (or other types of queries) in order to retrieve the desired data from databases within the database system.
Many times, the user is only authorized to access certain data within the database system. Therefore, the database system typically includes security features that restrict the user""s access to certain data within the database system based on the user""s password, which identifies the user. For example, many database systems include a plurality of data tables where each data table include multiple columns of information. A particular user might be authorized to access information in some of the columns but unauthorized to access information in other columns. Consequently, many secure database systems require a user password before allowing the user to retrieve information. The user password identifies the user to the database and is used by the database to deny access to any of the columns of information designated as unauthorized to the user.
However, in some situations, restricting an authorized user""s access to columns of information within database system may not be sufficient. In this regard, a column of information in current database system is usually divided into a plurality of rows. It may be desirable to further restrict the data accessible to a user according to certain rows within the column. Furthermore, if an unauthorized user manages to discover a valid password, the impact of the breach of security can be minimized if the discovered password enables access only to certain tables and to certain rows within these certain tables.
Most current database systems, however, restrict access to a data table only to certain columns of information. Therefore, a valid password enables access to all of the information contained within a column that is accessible via the password. Consequently, the password supplied to a server may be used to restrict database access to certain authorized users and to certain columns of information within a database system. However, most current database systems fail to restrict database access of authorized users to certain rows of information stored within the columns of the database.
Thus, a heretofore unaddressed need exists in the industry for providing a more system and method for restricting access to the information within an accessible column of information in a database.
The present invention overcomes the inadequacies and deficiencies of the prior art as discussed herein. In general, the present invention provides a system and method for utilizing a server computer to restrict access to certain information within a column of database.
The present invention utilizes a client computer (client), a server computer (server), and a database system. The client establishes communication with the server and submits a request for data to the server. The server receives the request and retrieves data from a column within a table of the database system in response to the request. The server then determines which rows within the column can be accessed by a user of the client. The server discards data or requests for data associated with rows that the user is not authorized to access.
In accordance with another feature of the present invention, the server includes a security information table. The security information table includes predefined values that indicate which rows of information within the database system are accessible to the user. The server analyzes these values in order to determine whether the user is authorized to access a particular row.
The present invention has many advantages, a few of which are delineated hereafter, as mere examples.
An advantage of the present invention is that an authorized user can be prevented from accessing certain data within a column of a data table that is accessible to the user.
Another advantage of the present invention is that a database system can be remotely accessible without allowing unauthorized users to connect with the database system.
Another advantage of the present invention is that an authorized user only gains access to certain information within the database system.
Other features and advantages of the present invention will become apparent to one skilled in the art upon examination of the following detailed description, when read in conjunction with the accompanying drawings. It is intended that all such features and advantages be included herein within the scope of the present invention, as is defined by the claims.