Abstract: Replicas may be added to a multi-leader replica group for a data set. A new replica may be added to a group of replicas by copying a version of the data set according to a point in time to the new replica. As updates may occur at different ones of the replicas when the new replica is added, updates that occurred at a source replica for the snapshot and other replicas may be replicated by the different replicas according to the point in time at which the snapshot is created without blocking updates at any of the replicas in the replica group.

Abstract: A service provider network may provider one or more global cloud services across multiple regions. A client may submit a request to create multiple replicas of a service resource in respective instantiations of a service in the multiple regions. The receiving region of the request may determine the capacities of the multiple regions as to serving respective replicas of the service resource. The receiving region may provide a response to the client based on the determined capacities of the regions.

Abstract: The static data masking system may perform one or more operations including unbinding tables in a database, evaluating masking operations on the tables to determine that at least one masking operation on a particular column of a candidate table is a complex masking operation that cannot be completed using a query, adding a temporary key column with unique values to the candidate table, generating a temporary table including the temporary key column and an empty masked column, generating masked values for the particular column at a client, and populating the masked values for the particular column in the empty masked column of the temporary table.

Abstract: Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.

Abstract: Systems and methods are disclosed to implement, in a database system, global table management operations for global tables or objects that are replicated across multiple locations. In embodiments, for a regional replica of a global table, a requested change to a metadata property of the replica (e.g., an attribute data type, a write throughput limit, or a time-to-live setting) is propagated to other replicas of the global table at other locations. In embodiments, before performing the requested management operation, the database system may first verify that the operation can be successfully performed in all locations. In embodiments, the operation may be performed optimistically without verification, and rolled back if it cannot be performed everywhere. In embodiments, to serialize management operations on a global table, the database system may check for other pending management operations via a shared control object, and proceed when any pending operations are finished.

Abstract: Systems and methods are disclosed to implement, in a database system, global table management operations for global tables or objects that are replicated across multiple locations. In embodiments, for a regional replica of a global table, a requested change to a metadata property of the replica (e.g., an attribute data type, a write throughput limit, or a time-to-live setting) is propagated to other replicas of the global table at other locations. In embodiments, before performing the requested management operation, the database system may first verify that the operation can be successfully performed in all locations. In embodiments, the operation may be performed optimistically without verification, and rolled back if it cannot be performed everywhere. In embodiments, to serialize management operations on a global table, the database system may check for other pending management operations via a shared control object, and proceed when any pending operations are finished.

Abstract: Query processors often receive queries to be processed against a data set, such as by inserting user input into parameterized fields of a query template. Some queries may be manipulated by user input (e.g., injection attacks) to introduce intentional errors in the query, where the error message reveals a protected detail about the data set, such as the existence or number of records or tables, the data set schema, and/or the configuration of the query processor. Instead, when the processing of a query results in an error message that contains a protected detail about the data set (including the query processor), the error message may be redacted to redact the protected detail before providing a redacted error message that avoids revealing information that might otherwise be usable to exploit the contents of the data set and/or the integrity of the data processor.

Abstract: The static data masking system may perform one or more operations including unbinding tables in a database, evaluating masking operations on the tables to determine that at least one masking operation on a particular column of a candidate table is a complex masking operation that cannot be completed using a query, adding a temporary key column with unique values to the candidate table, generating a temporary table including the temporary key column and an empty masked column, generating masked values for the particular column at a client, and populating the masked values for the particular column in the empty masked column of the temporary table.

Abstract: Query processors often receive queries to be processed against a data set, such as by inserting user input into parameterized fields of a query template. Some queries may include a conditional statement, and manipulation of user input (e.g., injection attacks) may introduce a delay through a conditional branch. The time required to fulfill the query may indicate which conditional branch was taken, thus revealing properties of the data set that are intended to be withheld. Instead, a query processor may examine the query to identify, between a pair of conditional branches, a processing delay of the first conditional branch as compared with the second conditional branch. The query processor may identify a query adaptation that reduces the processing delay of the first conditional branch as compared with the second conditional branch, and evaluate the query against the data set according to the query adaptation to present a query result.

Abstract: Identifying suspicious activity at a database of a multi-database system. A global evaluation of a plurality of interactions associated with a plurality of databases included within the multi-database system may be performed. A local evaluation of a plurality of interactions associated with a particular database of the plurality of databases may also be performed. The plurality of interactions associated with the particular database may comprise a subset of the plurality of interactions associated with the plurality of databases. A combination of both the global evaluation and the local evaluation may be analyzed to thereby identify one or more suspicious activities occurring at the particular database. Based on the analysis of the combination of the global evaluation and the local evaluation, one or more suspicious activities occurring at the particular database may then be identified.

Abstract: Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.

Abstract: Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.

Abstract: Query processors often receive queries to be processed against a data set, such as by inserting user input into parameterized fields of a query template. Some queries may include a conditional statement, and manipulation of user input (e.g., injection attacks) may introduce a delay through a conditional branch. The time required to fulfill the query may indicate which conditional branch was taken, thus revealing properties of the data set that are intended to be withheld. Instead, a query processor may examine the query to identify, between a pair of conditional branches, a processing delay of the first conditional branch as compared with the second conditional branch. The query processor may identify a query adaptation that reduces the processing delay of the first conditional branch as compared with the second conditional branch, and evaluate the query against the data set according to the query adaptation to present a query result.

Abstract: Query processors often receive queries to be processed against a data set, such as by inserting user input into parameterized fields of a query template. Some queries may be manipulated by user input (e.g., injection attacks) to introduce intentional errors in the query, where the error message reveals a protected detail about the data set, such as the existence or number of records or tables, the data set schema, and/or the configuration of the query processor. Instead, when the processing of a query results in an error message that contains a protected detail about the data set (including the query processor), the error message may be redacted to redact the protected detail before providing a redacted error message that avoids revealing information that might otherwise be usable to exploit the contents of the data set and/or the integrity of the data processor.

Abstract: Identifying suspicious activity at a database of a multi-database system. A global evaluation of a plurality of interactions associated with a plurality of databases included within the multi-database system may be performed. A local evaluation of a plurality of interactions associated with a particular database of the plurality of databases may also be performed. The plurality of interactions associated with the particular database may comprise a subset of the plurality of interactions associated with the plurality of databases. A combination of both the global evaluation and the local evaluation may be analyzed to thereby identify one or more suspicious activities occurring at the particular database. Based on the analysis of the combination of the global evaluation and the local evaluation, one or more suspicious activities occurring at the particular database may then be identified.

Abstract: Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.

Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.

Abstract: A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.