Virtual Database Connections (VuConn): In Development

Objective Statement: VuConn helps analysts, customers, dbas, security and engineering teams implement data security controls, user permissions, user access, and databases objects at scale. The virtualization layer provides extended functionality not generally available to data servers. Implementing VuConn is simple, as it sits in between requests and the databases connection, the platform doesn’t require any changes to your data, schema or how your users or applications interact with data.

Overview: At the heart of every internet based application is a database backend. Direct connections allow developers full logical control of how data is interacted with; the connection enforces a series of permissions, however it is still a shared environment that requires developers to have a level of trust amongst each other. For data that requires to be shared amongst not trusted users, APIs and GraphQL are standard options.

APIs allow controlled access to data, enabling organizations to share information securely with external entities while maintaining control over who can access what. This is essential for collaborations and partnerships. However, this precision removes all flexibilty from then end user. APIs requires each new use case to be communicated to a developer inorder to implement a new API endpoint. The middle man approach for APIs does not scale well especially as developers can be overburdened with one off requests. GraphQL, developed by Facebook, introduced a query language for APIs that allows clients to request only the data they need. It offers a more flexible alternative to traditional REST APIs for certain use cases, but its flexibility is still limited. VuConn provides the full flexibility of SQL with the security restraints of REST APIs and GraphQL.

Centered image

Pipeline Steps:

  1. Each user has a virtual user connection that allows individual and group permissions to be handled through the http or tcp connection protocols.
  2. When a query is sent through VuConn, the request is evaulated for the necessary permissions. If valid, modificaitons to the request are made to enforce rules.
  3. The rewritten query is evaluated for any temporary credentials that should be considered.
  4. The final request is then forwarded to the target server.

Use Cases:

  • Zero Trust: Each user, request or end point has explicit rules enforced by VuConn. This allows full freedom of expression within an enforced ruleset. The vitrual nature of the system allows for an unlimitted set of permissions and roles to be easily created, managed and enforced.
  • Self Service: VuConn allows any user regardless of coding knowledge to properly access their data. Those with developer skills sets have access to standards programming languages that allows proper customization for each use case.
  • JIT Permissions: Real time authorization system provides first class security protocols. Altered permissions are enforced at time of change.
  • Virtual Objects: Virtual objects allows simple abstraction of coding and database objects amongst users. Views, schemas and functions can be stored within the virtual environment allowing for a clean and sparse server environment for company DBAs to maintains.
  • Sql Injection Prevention: The JIT compiler and validator is designed to prevent all SQL Injection attacks
  • Data Control and Security: Seamless create and enforce fine-grained access control, dynamic data masking, data auditing and monitoring, and differential privacy
  • Resource Optimizations: Scale low code and custom code apps. AI enabled discovery of order of operations for large scale integrated analytics.