1. Field of the Invention
The invention pertains in general to security of distributed systems, and more particularly to systems and methods for authenticating and authorizing users, e.g., applications, to access other applications and resources within the distributed system.
2. Background of the Invention
In a typical multi-tier application architecture with a front end firewall, one or more application servers, a data tier firewall, and one or more database servers, the connections to the database server or servers normally originate from the application server or servers. Prior art password based database access authentication methods assumed that a decipherable image of the database access credentials were stored in persistent memory, and the persistent memory had to be accessible from the application server.
As a consequence, the database access credentials were relatively non-secure and could be acquired by an intruder who compromised the application tier security and thereby gained access to one or more of the application servers. Once this compromise occurs the intruder would then be able to request a database connection using the wrongfully acquired credentials. The intruder, with the wrongfully acquired credentials, will then be successfully authenticated by the database's security mechanism.
Thus, a clear need exists for a security system that does not rely on secreted security credentials stored in the database server that can be easily compromised from an application server.