Abstract: Techniques for computer security are provided. A request to access a first file referenced as a variable in a source code of an application is received. A file name of the first file is then retrieved from a runtime stack, and the file name is stored in a system-wide accessible cross-reference file.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.

Abstract: Techniques for computer security are provided. A request to access a first file referenced as a variable in a source code of an application is received. A file name of the first file is then retrieved from a runtime stack, and the file name is stored in a system-wide accessible cross-reference file.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, wherein the data file is referenced by a variable name in a source code of the application, receiving data describing the request, wherein the data describing the request is obtained from a runtime stack of the application and includes a name of the application and a name of the data file, wherein the name of the data file is used as a value for the variable name, and storing an indication that the application accessed the data file in a cross-reference data store for the system.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, wherein the data file is referenced by a variable name in a source code of the application, receiving data describing the request, wherein the data describing the request is obtained from a runtime stack of the application and includes a name of the application and a name of the data file, wherein the name of the data file is used as a value for the variable name, and storing an indication that the application accessed the data file in a cross-reference data store for the system.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from a first application to obtain a set of call information based on runtime stack information related to calls of the first application requesting access to the file, storing the set of call information in a data file, receiving a request for access to the file from a second application, obtaining call information from a runtime stack from the second application, comparing the call information with the set of call information, determining the request for access is an abnormal request based on the comparing, and taking an action based on the determination.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, storing the permission and identity information in a data file, determining for the application and a file of the set of files, privileges available to the application for the available authority based on the stored data file, determining a set of privileges needed by the application to access the file based on the stored data file, selecting privileges for a user of the application based on set of privileges needed by the application and the authority available to the application, and assigning the privileges for the user based on the selected privileges.

Abstract: A program identifier, a limit identifier, a minimum value, and an increment value are stored to limit data. The limit identifier identifies a first variable used by the program. In response to storing a data value to a second variable, the stored limit identifier is found and a determination is made whether the stored limit identifier identifies the second variable. If the stored limit identifier identifies the second variable, a determination is made whether the data value is greater than the minimum value. If the data value is greater than the minimum value, the data value is stored to a log if an absolute value of the data value minus a most recently logged data value that was previously stored to the second variable is greater than the increment value. The execution of the program is halted or a user is notified in response to the storing to the log.

Abstract: A program identifier, a limit identifier, a minimum value, and an increment value are stored to limit data. The limit identifier identifies a first variable used by the program. In response to storing a data value to a second variable, the stored limit identifier is found and a determination is made whether the stored limit identifier identifies the second variable. If the stored limit identifier identifies the second variable, a determination is made whether the data value is greater than the minimum value. If the data value is greater than the minimum value, the data value is stored to a log if an absolute value of the data value minus a most recently logged data value that was previously stored to the second variable is greater than the increment value. The execution of the program is halted or a user is notified in response to the storing to the log.

Abstract: An index advice record engine generates and stores index advice records. An index advice policy mechanism allows a user to define an index advice policy that specifies criteria for autonomic index creation, modification and deletion. An autonomic index mechanism reads the index advice records, compares this information with the criteria in the user-defined index advice policies, and determines whether an index should be created, modified or deleted based on the information in the index advice records and the index advice policies. By automating the process of creating, modifying and deleting indexes according to user-defined policies, the preferred embodiments alleviate human users from most of the work of manually creating, modifying and deleting indexes.

Abstract: An index advice record engine generates and stores index advice records. An index advice policy mechanism allows a user to define an index advice policy that specifies criteria for autonomic index creation. An autonomic index creation mechanism reads the index advice records, compares this information with the criteria in the user-defined index advice policies, and determines whether an index should be created based on the information in the index advice records and the index advice policies. By automating the process of creating indexes according to user-defined policies, the preferred embodiments alleviate human users from most of the work of manually creating indexes.

Abstract: An index advice record engine generates and stores index advice records. An index advice policy mechanism allows a user to define an index advice policy that specifies criteria for autonomic index creation, modification and deletion. An autonomic index mechanism reads the index advice records, compares this information with the criteria in the user-defined index advice policies, and determines whether an index should be created, modified or deleted based on the information in the index advice records and the index advice policies. By automating the process of creating, modifying and deleting indexes according to user-defined policies, the preferred embodiments alleviate human users from most of the work of manually creating, modifying and deleting indexes.

Abstract: A database query optimizer includes an access plan storage mechanism that stores execution detail corresponding to a query statement in an access plan cache. By storing execution detail in the access plan cache along with the query statement, the execution detail is available when needed to debug database problems, even after a problem occurs. The execution detail stored in the access plan cache may be mined and analyzed after-the-fact, producing a very powerful tool for debugging database problems. Snapshots of the execution detail may also be created by a user. In addition, the user may setup autonomic snapshots and comparisons so that a user may be alerted from a degradation in database performance between two snapshots.

Abstract: An index advice record engine generates and stores index advice records. An index advice policy mechanism allows a user to define an index advice policy that specifies criteria for autonomic index creation, modification and deletion. An autonomic index mechanism reads the index advice records, compares this information with the criteria in the user-defined index advice policies, and determines whether an index should be created, modified or deleted based on the information in the index advice records and the index advice policies. By automating the process of creating, modifying and deleting indexes according to user-defined policies, the preferred embodiments alleviate human users from most of the work of manually creating, modifying and deleting indexes.

Abstract: A database graphical comparison tool allows comparing database items that include multiple database statements and graphically displaying the comparison results in a ranked list of database statements. The graphical comparison tool includes a graphical user interface that allows a user to easily configure the tool for both manual and automatic (or scheduled) comparisons. In addition, the user may specify one or more actions that may be autonomically performed when the comparison of database items meets predefined criteria. Database items that may be compared using the database graphical comparison tool include optimizer monitors and plan cache snapshots.

Abstract: A method and apparatus for tracking a plurality of database resource consumers is provided. A request is received from a job for a database resource of a plurality of resources. Based on the request, a database resource allocation amount for the job is updated. The database resource allocation amount specifies an amount of the database resource allocated to the job. It is determined whether the job is a primary consumer for the resource. A primary consumer is defined according to a consumption of the database resource relative to other database resource consumers. The determining is based on the database resource amount allocated to the job; and a respective database resource amount allocated to each of the plurality of database resource consumers. Upon determining that the job is one of the plurality of primary consumers, the job is added to a stored list identifying the primary consumers for the database resource.

Abstract: An apparatus, program product and method utilize policy-driven management of a pool of cursors in a database management system. Cursor usage statistics are determined for a plurality of cursors, and a plurality of cursor criteria defined in a policy are used to identify one or more cursors to close based upon the determined statistics. Among the statistics that are collected is a query time statistic that specifies, for each cursor, how long the query with which that cursor is associated, took to execute. As a result, a cursor that is associated with query that took a relatively longer time to execute will generally be less likely to be closed than a cursor that is associated with a query that took a relatively shorter time to execute. Consequently, should a cursor be needed for a particular query after the cursor has been closed, the performance penalty associated with recreating that cursor and its associated objects will be reduced.