Protocol-agnostic Proxy

Overview

What Does It Do?

The UserClouds proxy sits between any database and any application. It intercepts queries to:

  • Minimize outbound data (e.g., convert [email protected] to s****@*****.com)
  • Control access (e.g., enforce rate limiting).
  • Log the who, when, why and how of data access.

The only required code change is to replace the database URI in your application with a UserClouds URI.

Why Use It?

Together with the UserClouds Data Decoder plug-in, the proxy enables you to minimize, control, and log data access in an application with minimal code changes. Some functionality can be unlocked simply by changing the database URI to UserClouds and applying off-the-shelf functionality in the UserClouds console. Advanced functionalities like user-specific rate limiting can be achieved by adding context (e.g., user tokens) inside comments on queries.

How It Works

The Proxy has four core functions:

  • Query Interception: Intercepts queries and applies additional security and privacy functionality.
  • Access Policies: Access policies can be applied without code changes in your application. By adding comments to your application, additional context like user roles can be considered.
  • Data Minimization: Reduces the amount of sensitive data exposed by transforming or masking data elements (e.g., converting email addresses to partially masked formats).
  • Logging: Maintains a comprehensive log of all intercepted queries, including details of the transformations and policies applied, to ensure transparency and auditability.

Quickstart Guide

In the UserClouds Console:

  1. Create a Tenant: Set up your tenant if you haven't already.
  2. Create a Database Connection: Add your database URI and credentials, test the connection and hit Save. You will see a proxy host name and a proxy port.

In Your Application Codebase:

  1. Replace Database Strings: Substitute the existing database URI and database port with the proxy host name and proxy port.

In Your Application:

  1. Use the application: Click through the application to trigger all its database queries.

In the UserClouds Console:

  1. Review Queries: Examine the list of intercepted queries in the Accessors page under Access Methods.
  2. Apply Data Transformers: On any query, you may mask outbound user data using transformers. This can be done in the Columns table of the accessor details page for that query. For more info, see Masking data in queries.
  3. Apply Access Policies: On any query, you may implement additional access policies. For more info, see Applying access policies to queries.
  4. Review Logs: Monitor the logs for a detailed account of data access.