CA2510633A1 - Access control list checking - Google Patents
Access control list checking Download PDFInfo
- Publication number
- CA2510633A1 CA2510633A1 CA 2510633 CA2510633A CA2510633A1 CA 2510633 A1 CA2510633 A1 CA 2510633A1 CA 2510633 CA2510633 CA 2510633 CA 2510633 A CA2510633 A CA 2510633A CA 2510633 A1 CA2510633 A1 CA 2510633A1
- Authority
- CA
- Canada
- Prior art keywords
- access control
- control list
- checking
- authentication provider
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
Method and system for dynamically checking an access control list during the data transfers between a client web browser and a web server. The method and syst em allow checking of access control list by an application firewall, independent from the web application. The rules, upon which the checking is based, can be easily updated without affecting the web application.
Claims (27)
1. A method of checking an access control list for a web application comprising the steps of:
a) receiving a request from a web client;
b) parsing the request to an application firewall; said application firewall having a rule and residing independently of the web application, said rule having syntax to identify a parameter in the request;
c) checking the received request based on said rule;
d) allowing the received request passing through the application firewall upon matching the rules; and e) checking the access control list with an authentication provider.
a) receiving a request from a web client;
b) parsing the request to an application firewall; said application firewall having a rule and residing independently of the web application, said rule having syntax to identify a parameter in the request;
c) checking the received request based on said rule;
d) allowing the received request passing through the application firewall upon matching the rules; and e) checking the access control list with an authentication provider.
2. The method as claimed in claim 1, wherein the access control list is provided by an independent authentication provider.
3. The method as claimed in claim 1, wherein the authentication provider is a remote software module.
4. The method as claimed in claim 1, wherein the authentication provider is a remote system.
5. The method as claimed in claim 1, wherein the application firewall is operatively responsible for a plurality of web applications.
6. The method as claimed in claim 1, wherein the syntax is selected from a group consisting of name, operand type; context, method, content, and combination thereof.
7. The method as claimed in claim 1, wherein the access control list is checked for a user's permission to access an object within a system.
8. The method as claimed in claim 1, wherein the access control list is checked for a user's capability to access a service provided by a system.
9. The method as claimed in claim 6, wherein the method is selected from a group consisting of GET or POST.
10. The method as claimed in claim 6, wherein the content is selected from a group consisting of HTTP encoded form variables, and XML content.
11. The method as claimed in claim 6, wherein the context is dependent of the web application.
12. A computer software product for checking an access control list for a web application comprising:
a memory having microcontroller-readable code embedded therein for checking an access control list for a web application, said code comprising:
code means for receiving a request from a web client;
code means for parsing the request to an application firewall, said application firewall having a rule and residing independently of the web application, said rule having syntax to identify a parameter in the request;
code means for checking the received request based on said rule;
code means for allowing the received request passing through the application firewall upon matching the rules; and code means for checking the access control list with an authentication provider.
a memory having microcontroller-readable code embedded therein for checking an access control list for a web application, said code comprising:
code means for receiving a request from a web client;
code means for parsing the request to an application firewall, said application firewall having a rule and residing independently of the web application, said rule having syntax to identify a parameter in the request;
code means for checking the received request based on said rule;
code means for allowing the received request passing through the application firewall upon matching the rules; and code means for checking the access control list with an authentication provider.
13. The computer software product as claimed in claim 12, wherein the access control list is provided by an independent authentication provider.
14. The computer software product as claimed in claim 12, wherein the authentication provider is a remote software module.
15. The computer software product as claimed in claim 12, wherein the authentication provider is a remote system.
16. The computer software product as claimed in claim 12, wherein the application firewall is operatively responsible for a plurality of web applications.
17. The computer software product as claimed in claim 12, wherein the syntax is selected from a group consisting of name, operand type; context, method, content, and combination thereof.
18. The computer software product as claimed in claim 12, wherein the access control list is checked for a user's permission to access an object within a system.
19. The computer software product as claimed in claim 12, wherein the access control list is checked for a user's capability to access a service provided by a system.
20. A system for checking an access control list for a web application, comprising:
means for receiving a request from a web client;
means for parsing the request to an application firewall, said application firewall having a rule and residing independently of the web application, said rule having syntax to identify a parameter in the request;
means for checking the received request based on said rule;
means for allowing the received request passing through the application firewall upon matching the rules; and means for checking the access control list with an authentication provider.
means for receiving a request from a web client;
means for parsing the request to an application firewall, said application firewall having a rule and residing independently of the web application, said rule having syntax to identify a parameter in the request;
means for checking the received request based on said rule;
means for allowing the received request passing through the application firewall upon matching the rules; and means for checking the access control list with an authentication provider.
21. The system as claimed in claim 20, wherein the access control list is provided by an independent authentication provider.
22. The system as claimed in claim 20, wherein the authentication provider is a remote software module.
23. The system as claimed in claim 20, wherein the authentication provider is a remote system.
24. The system as claimed in claim 20, wherein the application firewall is operatively responsible for a plurality of web applications.
25. The system as claimed in claim 20, wherein the syntax is selected from a group consisting of name, operand type; context, method, content, and combination thereof.
26. The system as claimed in claim 20, wherein the access control list is checked for a user's permission to access an object within a system.
27. The system as claimed in claim 20, wherein the access control list is checked for a user's capability to access a service provided by a system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2510633A CA2510633C (en) | 2005-06-23 | 2005-06-23 | Access control list checking |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA2510633A CA2510633C (en) | 2005-06-23 | 2005-06-23 | Access control list checking |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2510633A1 true CA2510633A1 (en) | 2006-12-23 |
| CA2510633C CA2510633C (en) | 2010-11-09 |
Family
ID=39343578
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2510633A Active CA2510633C (en) | 2005-06-23 | 2005-06-23 | Access control list checking |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2510633C (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2320622A4 (en) * | 2008-08-14 | 2017-06-28 | ZTE Corporation | Report form normalization processing method, apparatus and system |
| US10958682B2 (en) | 2011-09-21 | 2021-03-23 | SunStone Information Defense Inc. | Methods and apparatus for varying soft information related to the display of hard information |
-
2005
- 2005-06-23 CA CA2510633A patent/CA2510633C/en active Active
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2320622A4 (en) * | 2008-08-14 | 2017-06-28 | ZTE Corporation | Report form normalization processing method, apparatus and system |
| US10958682B2 (en) | 2011-09-21 | 2021-03-23 | SunStone Information Defense Inc. | Methods and apparatus for varying soft information related to the display of hard information |
| US11283833B2 (en) | 2011-09-21 | 2022-03-22 | SunStone Information Defense Inc. | Methods and apparatus for detecting a presence of a malicious application |
| US11943255B2 (en) | 2011-09-21 | 2024-03-26 | SunStone Information Defense, Inc. | Methods and apparatus for detecting a presence of a malicious application |
Also Published As
| Publication number | Publication date |
|---|---|
| CA2510633C (en) | 2010-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9369475B2 (en) | System and method for securing a third party communication with a hosting web page | |
| CN102457378B (en) | Security model for industrial devices | |
| WO2008067128A3 (en) | Methods and systems for dynamically associating access rights with a resource | |
| WO2007065146A8 (en) | Method and apparatus for providing authentication credentials from a proxy server to a virtualized computing environment to access a remote resource | |
| WO2006124411A3 (en) | A digital publication system and apparatus | |
| WO2001086394A3 (en) | Method and apparatus to obtain service capability credentials | |
| US20060272008A1 (en) | Method and security system for indentifying and blocking web attacks by enforcing read-only parameters | |
| WO2008099402A3 (en) | A method and system for dynamic security using authentication server | |
| WO2004090667A3 (en) | Method and apparatus for extending protected content access with peer to peer applications | |
| WO2005046278A3 (en) | Method for managing the security of applications with a security module | |
| WO2004015567A3 (en) | Validation framework for validating input in a markup language page on a client computer | |
| WO2011112964A3 (en) | System and method for providing information as a service via web services | |
| CN108540434A (en) | Automatic media playing content element is provided from across source resource | |
| WO2006066257A3 (en) | Management of network devices via email | |
| WO2008140219A3 (en) | System and method for security using one-time execution code | |
| US10931790B2 (en) | Systems and methods for securely transferring selective datasets between terminals with multi-applications support | |
| WO2011149512A3 (en) | System and method for subsidized internet access through preferred partners | |
| WO2007000703A3 (en) | Security system and method for securing the integrity of at least one arrangement comprising multiple devices | |
| CA2510633A1 (en) | Access control list checking | |
| WO2003025720A3 (en) | A method for providing database security | |
| WO2003032158A3 (en) | System and method for specifying access to resources in a mobile code system | |
| KR101688390B1 (en) | System for detecting and preventing malicious code based on website | |
| US20120054494A1 (en) | Method for securing a gadget access to a library | |
| WO2008038277A3 (en) | A system and a method for secure web browsing using server-based computing configuration | |
| CN103078912A (en) | Single-point logging method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |