Support: 888-4-BiTKOO or +1-818-985-4700 | Contact Us

• Products
  • Keystone
  • Keystone for SharePoint
  • DB-Wall
  • SecureWithin
  • Agent-Less SSO
• Solutions
  • XACML
  • SharePoint 2010 Security
  • Database Security
  • Cloud Security
• Services
  • Implementation
  • Training
  • Support
• Resources
• News & Events
  • Blog
• Partners
• About BiTKOO
  • Company Overview
  • Management Team
  • Careers
  • Contact Us

Product

• DB-Wall
  • Product Overview
  • Features and Benefits
  • How it Works
  • Delivery Model

• Schedule
• demo
• Download

How it Works

DB-Wall™ provides exclusive row and column level access control by acting as a database proxy communicating in SSL with clients and SQL Server using the TDS protocol. The DB-Wall proxy is deployed in between callers and SQL Server 2005, 2008, 2008 R2, or Microsoft SQL Server Azure. Callers believe they are communicating with SQL Server directly, but in reality they are communicating with DB-Wall.

In the diagram above, users interact with an application.

1. The application requests data from the middle tier which “thinks” it is talking to the database.
2. The middle tier may employ technologies such as LINQ to SQL, LINQ to Entity Framework, ADO.NET, ODBC, etc.
3. The middle tier sends the SQL command to DB-Wall™, “thinking” it is sending a request to the database.
• The communication is handled over SSL using the TDS protocol.
4. DB-Wall™ then parses the incoming request using an intelligent optimized parser / engine which then modifies the query to support any level of complexity in row and column level security.

Simple Use Case

DB-Wall™ builds upon Keystone’s fine grained access control mechanism and offers an unprecedented level of control. In the simplest form a user would send a request such as “Select * from customer” and based on a defined rule DB-Wall™ would send the database engine a query such as “Select * from customer where region = ‘east coast’ and manager = 123”. DB-Wall™ supports very sophisticated rules and performs at near wire speed.

Prevents SQL-injection attacks:

1. Embedded DDL statements are automatically blocked by the rights given to the DB-Wall™ login on the server.  The recommended/default rights should be limited to db_dataReader and db_dataWriter. These two rights preclude DDL statements. 
2. DB-Wall™ analyzes statements to insure one statement per batch request.  Attempts to embed additional statements with semi-colons in a request are automatically limited.  Only the first statement is processed.
3. All details of a statement are analyzed to insure that the user has assigned access to each specified data object for the operation involved.
4. Complete details of all access requests are logged by DB-Wall™ so that any attempts can be examined and evaluated.

© Copyright 2011 Quest Software, Inc. All Rights Reserved

• 
• 
• 

• Sitemap | Legal | privacy Contact Us