Help Center> >Glossary


    • A
      authentication proxy

      The authentication proxy feature allows users to connect to database instances far away from networks where active directories reside while maintaining the authentication mechanism of Windows domains.


      • D
        data masking

        Pre-configured characters are used to partly or fully replace sensitive data based on masking rules.

        Database Security Service

        The Database Security Service (DBSS) is a security service that protects databases on clouds. Based on the reverse proxy and machine learning technologies, it provides functions such as data masking, database auditing, sensitive data discovery, and injection attack prevention.


        See Database Security Service

        dynamic data masking

        Based on a user's permissions and a policy, sensitive or personal data is dynamically masked in real time, without the need to modify the database or application (stored procedures and views can also be masked).


        • I
          intrusion detection system

          An intrusion detection system (IDS) monitors network transmissions in real time and sends alarms when it detects suspicious transmissions.

          intrusion prevention system

          An intrusion prevention system (IPS) is used between a firewall and a network device. When detecting an attack, the IPS stops the malicious communication before the attack spreads in the network.


          • K

            Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.


            • L
              learning mode

              Learning mode is the process of analyzing applications' access to databases, establishing a baseline for typical database access patterns, and creating a security policy from those patterns.

              Lightweight Directory Access Protocol

              Based on TCP/IP, the Lightweight Directory Access Protocol (LDAP) is a protocol that allows access to the Directory System Agent (DSA). LDAP involves some simplified functions of X.500.


              • R
                regex query pattern

                The regular expression is a simple and flexible method to specify and identify text character strings (for example, certain characters, words, or character modes). A regex mode is an object containing the following fields: name and regex-defined character string.

                risk profile

                Risk profiles are action groups configured for risky operations. Different actions (allowing and blocking) are configured for different operations (such as viewing, modifying, creating, deleting, and running) on objects such as servers, databases, and service blocks. In addition, whether or not the action is logged is also configured. You can use risk profiles to create risk-based IPS/IDS policies.


                • S
                  SQL injection

                  In an SQL injection attack, an attacker sends forged domain or page query strings to spoof a server into executing malicious SQL statements.


                  The syslog protocol is a protocol for message logging.