Companies often permit users to access secure databases for a variety of purposes over untrusted networks such as the internet. When providing access to a database through an untrusted network, the owner of the database often implements some form of security measures to ensure that its database is not compromised and remains secure. This includes not only restricting the access of the user to entire databases, but also includes restricting a user's access to specific portions of databases through conventional security measures such as tunneling. But, these security measures only restrict the user's access to the data within a secure database and do not control or restrict the applications that are linked with the secure database. A secure database is usually associated with one or more database applications that can access/manipulate the data. Even though a user may be properly restricted to a certain portion of a database, without controls on the applications and the functions within an application that can be accessed by the user, the user may be able to manipulate the data in an unauthorized way.
Also, secure databases that are accessible over an untrusted network are typically first replicated and the replicated copy is made available to users thereby maintaining the integrity of the original database. This approach provides reasonable security if the database copy is made available in a “de-militarized zone” or “DMZ” on separate hardware, software and/or segregated network. However, this approach is very expensive due to the additional hardware, software and production support required to maintain the additional database and to synchronize the DMZ database with the original.
Thus, there is a need for a method for allowing secure access to specific portions of a secure database while also restricting the control of specific database applications associated with those portions of the database without the need to replicate the database and/or data.