CN115455485A - Database access method, device, client and storage medium - Google Patents

Database access method, device, client and storage medium Download PDF

Info

Publication number
CN115455485A
CN115455485A CN202211162892.6A CN202211162892A CN115455485A CN 115455485 A CN115455485 A CN 115455485A CN 202211162892 A CN202211162892 A CN 202211162892A CN 115455485 A CN115455485 A CN 115455485A
Authority
CN
China
Prior art keywords
database
access
rule
request
access request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211162892.6A
Other languages
Chinese (zh)
Inventor
宋先旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Duodian Life Wuhan Technology Co ltd
Original Assignee
Duodian Life Wuhan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Duodian Life Wuhan Technology Co ltd filed Critical Duodian Life Wuhan Technology Co ltd
Priority to CN202211162892.6A priority Critical patent/CN115455485A/en
Publication of CN115455485A publication Critical patent/CN115455485A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to the technical field of databases, and provides a database access method, a device, a client and a storage medium, wherein the method comprises the following steps: receiving an access request for accessing a database; verifying the access request according to an access rule of the database, wherein the access rule is acquired from a synchronous log of the database, and the synchronous log is generated when the client updates the access rule to the database according to a preset service requirement; and if the access request passes the verification, sending the access request to the database, and responding to the access request according to a return result of the database. According to the method and the system, the client side updates the access rule to the synchronous log generated when the access rule is updated to the database according to the preset service requirement, the access rule is obtained from the synchronous log, the access rule is used for verifying the access request, only the access request passing the verification is sent to the database, the access request which does not meet the access rule cannot access the database, and therefore the compliance of the service data in the database is guaranteed.

Description

Database access method, device, client and storage medium
Technical Field
The invention relates to the technical field of databases, in particular to a database access method, a database access device, a client and a storage medium.
Background
A database is a "collection" of "business data" organized according to certain rules and methods for achieving a certain purpose. In the real world, data must meet a specific specification in a specific service scenario, and if the service data stored in the database does not meet the specific service specification, the service cannot operate normally, so how to ensure compliance of the service data in the database is an urgent problem to be solved by those skilled in the art.
Disclosure of Invention
The invention aims to provide a database access method, a database access device, a client and a storage medium, which can improve the compliance of service data in a database.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
in a first aspect, the present invention provides a database access method, applied to a client, where the client is in communication connection with a server running a database, and the method includes:
receiving an access request for accessing the database;
verifying the access request according to an access rule of the database, wherein the access rule is acquired from a synchronous log of the database, and the synchronous log is generated when the client updates the access rule to the database according to a preset service requirement;
and if the access request passes the verification, sending the access request to the database, and responding the access request according to a return result of the database.
Optionally, the method further comprises:
receiving an update request for updating the access rule;
and sending the updating request to the database so as to update the access rule in the database.
Optionally, the database includes a rule table for storing the access rule, the update request includes a table identifier of the rule table and the access rule, and the step of sending the update request to the database to update the access rule in the database includes:
and sending the access rule to the rule table according to the table identifier so as to update the access rule to the rule table.
Optionally, the database includes a field and an annotation of the field, the update request includes the access rule and a target field related to the access rule, and the step of sending the update request to the database to update the access rule in the database includes:
and sending the access rule and the target field to the database so that the database determines the field matched with the target field, and updating the access rule to the comment of the field matched with the target field.
Optionally, the method further comprises:
receiving a return result which is sent by the database and aims at the access request, wherein the return result comprises business data required to be read by the access request;
correcting the service data according to the access rule to obtain corrected data;
and responding the access request according to the corrected data.
Optionally, the client is in communication connection with the application, and the access request is sent to the client by the application, and the method further includes:
and if the access request is not verified, returning a response message of refusing to access the database to the application terminal.
Optionally, the client is in communication connection with multiple application terminals, each application terminal corresponds to an access rule for accessing the database, the access request is sent to the client terminal by a target application terminal in the multiple application terminals, and the step of verifying the access request according to the access rule of the database includes:
determining a target access rule corresponding to the target application terminal from a plurality of access rules;
and checking the access request according to the target access rule.
In a second aspect, the present invention provides a database access apparatus, applied to a client, where the client is communicatively connected to a server running a database, and the apparatus includes:
the receiving module is used for receiving an access request for accessing the database;
the verification module is used for verifying the access request according to an access rule of the database, wherein the access rule is acquired from a synchronous log of the database, and the synchronous log is generated when the client updates the access rule to the database according to a preset service requirement;
and the sending module is used for sending the access request to the database if the access request passes the verification and responding the access request according to a return result of the database.
In a third aspect, the present invention provides a client, including a memory and a processor, where the memory stores a computer program, and the processor implements the database access method according to the first aspect when executing the computer program.
In a fourth aspect, the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the database access method according to the first aspect.
Compared with the prior art, the access rule is obtained from the synchronous log through the synchronous log generated when the client updates the access rule to the database according to the preset service requirement, the access request is verified by using the access rule, and only the access request passing the verification is sent to the database, so that the access request not meeting the access rule can not access the database, and the compliance of service data in the database is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is an exemplary diagram of a prior art database access provided by an embodiment of the present invention.
Fig. 2 is an exemplary diagram of an application scenario of the database access method according to an embodiment of the present invention.
Fig. 3 is a diagram illustrating another application scenario of the database access method according to the embodiment of the present invention.
Fig. 4 is a block diagram of a client according to an embodiment of the present invention.
Fig. 5 is a first flowchart illustrating a database access method according to an embodiment of the present invention.
Fig. 6 is a second flowchart illustrating a database access method according to an embodiment of the present invention.
Fig. 7 is a schematic flowchart of a third method for providing database access according to an embodiment of the present invention.
Fig. 8 is a block diagram of a database access device according to an embodiment of the present invention.
Icon: 10-application end; 20-a database; 30-a client; 31-a processor; 32-a memory; 33-a bus; 100-a database access device; 110-a receiving module; 120-a verification module; 130-a sending module; 140-an interception module; 150-a correction module; 160-update module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
In the description of the present invention, it should be noted that if the terms "upper", "lower", "inside", "outside", etc. indicate an orientation or a positional relationship based on that shown in the drawings or that the product of the present invention is used as it is, this is only for convenience of description and simplification of the description, and it does not indicate or imply that the device or the element referred to must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present invention.
Furthermore, the appearances of the terms "first," "second," and the like, if any, are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
It should be noted that the features of the embodiments of the present invention may be combined with each other without conflict.
In order to ensure the compliance of database service data and prevent a service application or other database terminals from storing data which do not conform to service specifications into a database or reading data in the database with the data which do not conform to the service specifications to destroy the compliance of the service data in the database, one implementation scheme is as follows: and the service application end writes corresponding implementation logic according to the service specification so as to intercept, check or correct the data in the accessed database according to the requirements of the service specification. Referring to fig. 1, fig. 1 is an exemplary diagram of a database access process in the prior art provided by an embodiment of the present invention, in fig. 1, a service application 10 is in communication connection with a database 20, a user issues an access request for accessing the database 20 through the service application 10, the service application 10 is responsible for writing a code according to a service specification to implement data verification, so as to intercept, verify, and correct data, the access request after passing the verification is sent to the database 20, and then the service data returned by the database 20 is returned to the user after being corrected according to the service specification, and a specific flow may be:
s11, the service application end receives the access request of the user for accessing the data in the database.
S12, the service application end checks whether the service data meets the service rule according to the service specification of the hard code of the service application end, if not, the request is intercepted, and if the service specification is met, the access request is sent to the database.
And S13, the service application end sends the access request meeting the service specification to the database.
And S14, the service application end receives the service data returned by the database.
And S15, the service application end performs content shielding or content correction and other operations on the service data returned by the database according to the service specification to obtain corrected data.
And S16, the service application end displays the corrected data to the user.
In this way, the service application developer may intentionally or unintentionally write data that does not meet the service specification into the database or read unmodified service data, and the database client may also directly access the database through the network, thereby avoiding the hard-coded data verification rule in the "service application end", thereby completely avoiding the guarantee of the service application end on the service specification, and destroying the compliance of the service data in the database 20, and generally, this implementation scheme has at least the following disadvantages: (1) The check of the service data is realized by hard coding of the service application end, the service application end needs to realize the logics of data check, data interception, correction and the like according to the service specification besides realizing the self service logic, the adjustment of the service specification is not flexible enough, and the hard coding is needed again when the service specification is adjusted, so that the cost is high; (2) For example, if a plurality of identical or different application terminals access a specific and specific target data, under normal circumstances, the application terminals should use the same rule, but in an actual scene, it cannot be forced to ensure that the knowledge of the teams of the two application terminals is consistent, for example: the application end of the identity recording system comprises a computer end and a mobile end, and a team possibly developing the computer end considers that the gender is only as follows: male/female, but the cell-phone end team believes that gender may be: male/female/fuzzy gender, if the actual business requirement requires that the gender can only be male or female, the incorrect understanding of the mobile phone end to the business leads to the entry of risk data; (3) The database is required to provide data access capability to the outside, authentication information is necessarily required to be provided to the outside, and malicious users can directly realize service data access through a database terminal outside a service application terminal, so that the guarantee of the service application terminal on service specifications is completely avoided.
Besides the above solution, there is another implementation solution: and compiling a corresponding database storage process for each business behavior, and limiting a business application end or other external visitors to access the business data only through the storage process, so as to guarantee the business specification in the storage process, thereby guaranteeing the compliance of the data in the database. This solution has the following drawbacks: (1) The grammar and the capability of the storage process are always strictly bound with the database of a specific type and cannot be generally used among database systems of different types, the databases of different types need to develop the corresponding database storage process, the development cost is high, and the flexibility is poor; (2) The language expressive force of the stored process is limited by the expressive force and the processing capacity of the SQL query language, and the complex business specification can not be efficiently detected and processed.
In view of this, embodiments of the present invention provide a database access method, an apparatus, a client, and a storage medium, which can ensure compliance of data in a database and improve flexibility of accessing the database according to a service specification, and are described in detail below.
Referring to fig. 2, fig. 2 is an exemplary diagram of an application scenario of a database access method provided in an embodiment of the present invention, in fig. 2, an application 10 is communicatively connected to a database 20, for data in the database 20, an application layer is a user or visitor of the database 20, such as an application running business software, a data warehouse layer includes a maintainer database 20 of the data and a component for expanding or enhancing functions of the database, such as a component responsible for storing and maintaining data in the database 20, and business-related users update business rules into the database through the application 10, the business rules may be stored in the database 20 in a form of a rule table and may also be stored in a comment of a field, the database 20 records a database synchronization log when writing the business rules, the database synchronization log records latest update information of the business rules, as a specific implementation manner, the database access method provided in this embodiment may be implemented in a form of a business rule component, the business rule component running by the application 10 can consume a table structure and a change of the data from the database synchronization log, and the database synchronization log records the latest update information of the business rules, as well as a result of the update information of the business rules, the update information is obtained by the application 10, the application 10 sends a request to the application 20, and sends a data access request to the application 20 according to the application 20, and sends a request to the application access rule component that the application receives the data access rule that the data access method performs a request, and returning to the application terminal 10, and then presenting to the user through the application terminal 10, or further processing by other software of the application terminal 10 according to the returned data.
In the application scenario of fig. 2, a user still has a chance to perform malicious and non-compliant access to data in a database by directly accessing the database to bypass a business rule, and to this problem, this embodiment further provides another application scenario, please refer to fig. 3, where fig. 3 is an exemplary diagram of another application scenario of the database access method provided in the embodiment of the present invention, in fig. 3, an application 10 is communicatively connected to a client 30, the client 30 is communicatively connected to a database 20, and an application layer and a data warehouse layer are already described in fig. 2, and are not described again here. As a specific implementation manner, all access operations to the database 20 need to pass through the client 30 running the database access method provided by this embodiment, as for the client 30, a service rule component for implementing the database access method provided by this embodiment is run, the application 10 updates the service rule to the database 20 through the client 30, the service rule may be stored in the database 20 in a table form, or may be stored in a field comment, the database 20 records a database synchronization log when writing the service rule, the database synchronization log records the latest update information of the service rule, the service rule component of the client 30 can obtain the latest update information of the service rule from the database synchronization log, the application 10 or other clients needing to access the database 20 send access requests to the database 20 to the client 30, the service rule component of the client 30 verifies the access requests according to the read service rule, check the access requests that do not pass verification, send the access requests that pass verification to the database 20, and then modify the data returned by the database 20 according to the service rule, and then return to the application 10 or other clients needing to access the database 20.
It should be noted that in the application scenario of fig. 2, the service rule component may run on the application 10, and if an illegal access from a database client is to be avoided, the service component may also run on a separate client 30 or a separate server or on a database server, and the database is configured to receive only the service rule component from a device running the service rule component, at this time, the application 10 and the client 30 are in communication connection.
The application 10 in fig. 2 and 3 may be a physical computer, a virtual machine that implements the same function as the physical computer, a mobile phone, a tablet, a notebook, or the like.
The database in fig. 2 and 3 may be a database server running database software that can generate a database synchronization log and completely record changes in tables and fields in the database synchronization log, the database software including, but not limited to mysql, sqlserver, redis, etc.
Referring to fig. 4, fig. 4 is a block schematic diagram of a client 30 provided in an embodiment of the present invention, where the client 30 includes a processor 31, a memory 32, and a bus 33. The processor 31 and the memory 32 are connected by a bus 33.
The processor 31 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 31. The Processor 31 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
The memory 32 is used for storing programs, such as the database access device 100 in the embodiment of the present invention, each of the database access devices 100 includes at least one software functional module which can be stored in the memory 32 in the form of software or firmware (firmware), and the processor 31 executes the programs after receiving the execution instruction to implement the database access method in the embodiment of the present invention.
The Memory 32 may include a Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory). Alternatively, the memory 32 may be a storage device built in the processor 31, or may be a storage device independent of the processor 31.
The bus 33 may be an ISA bus, a PCI bus, an EISA bus, or the like. Fig. 4 is indicated by only one double-headed arrow, but does not indicate only one bus or one type of bus.
Based on fig. 2 to fig. 4, the present embodiment further provides a database access method applied to the application terminal 10 in fig. 2 or the client terminal 30 in fig. 3, please refer to fig. 5, and fig. 5 is a first schematic flow chart of the database access method provided in the embodiment of the present invention, where the method includes the following steps:
step S100, an access request for accessing the database is received.
In this embodiment, the access request may be sent to the client 30 by the user through the application 10, or may be sent to the client 30 by service application software running on the application 10, where the service application software is software for completing a specific service purpose, and the software implements analysis and management of service data by using capabilities provided by the database, and the access request may be a read request for reading data in the database, or a write request for writing data into the database.
Step S101, the access request is verified according to the access rule of the database, the access rule is obtained from a synchronous log of the database, and the synchronous log is generated when the client updates the access rule to the database according to the preset service requirement.
In this embodiment, the access rule refers to a rule for checking and modifying data in the database according to business requirements, the data checking rule is used to determine whether a specific field value meets a specific business specification, and the data modifying rule is used to modify the value of the specific field so that the value meets the specific business specification. The service specification is a specification that values of a specific database field must satisfy at a service level, and includes but is not limited to: the value of a specific field must be in a limited set, for example, a gender field, a mobile phone number field must have a specific prefix, and in other more complex scenarios, the service specification may further include but is not limited to: the values of some fields must be kept globally unique among a plurality of unassociated or even different kinds of database software, namely, the values of some fields represent globally unique identification IDs, a plurality of database fields must be updated together, specific mathematical relations must be satisfied among the values of a plurality of fields, the values of some fields can be updated only in a specified time period, the values of some fields only have access to a specific database account or in a specific time period, the values of some fields only have access to a specific level of authority, and the like, and the values of some fields must be correspondingly processed according to specified business specifications before being displayed, for example, sensitive contents are filtered, and different filter levels are provided for different visitors.
In this embodiment, the access rule is stored in the database 20, and may be stored in the form of a separate table, or may be stored in the form of a comment of a related field, and updating the access rule in the database 20 may be to store the access rule in the database 20, or may modify the access rule in the database 20, and the access rule may be updated or written by a database administrator or other maintenance personnel directly according to a preset service requirement or a preset service specification, or may be updated or written by software for a special maintenance rule. When the access rule is updated by the database 20, a synchronization log is generated, the synchronization log records a log of changes of the database 20, the changes of the database 20 include, but are not limited to, a log of table meta information and field value changes, and the log can completely reproduce the changes of the table meta information and the field value, wherein the table meta information refers to information related to basic definitions of tables in the database, and includes, but is not limited to, fields, field types, field remarks or field comments and the like.
In this embodiment, the verifying the access request may be determining whether a field that needs to be accessed by the access request meets an access rule, for example, the access rule is a mobile phone number beginning with 139 as a value of a mobile phone field, and if the value of the mobile phone field that needs to be written in the access request begins with 136, the access request does not meet the access rule, and the access request does not pass the verifying.
And step S102, if the access request passes the verification, sending the access request to a database, and responding to the access request according to a return result of the database.
In this embodiment, if the access request is initiated by the user through the client 30, the access request is responded to the user through the client 30 according to the returned result of the database 20, and if the access request is initiated by the service application software run by the client 30, the access request is responded to the client 30 according to the returned result of the database 20.
In this embodiment, if the access request is a read access request for reading data in the database 20, the returned result of the database includes a response that the read is successful and the data that the access request needs to read, or the returned result includes a response that the read is failed, and may further include a reason of the read failure.
In this embodiment, the application 10 sends an access request to the business rule component, after the access request passes the verification of the business rule component, the business rule component sends the access request to the database 20, and if a failure response of the database 20 occurs on the database 20 due to the absence of an operated target object or other reasons, at this time, the business rule component does not apply a business rule check on the failed database response, but directly returns an error to the application 10 as it is; when the database 20 returns a successful response, the business rule component masks or modifies the returned data according to the business rule, or returns a failure response associated with the business rule to the application 10.
According to the method provided by the embodiment, the client 30 updates the access rule to the synchronous log generated when the access rule is updated to the database 20 according to the preset service requirement, the access rule is obtained from the synchronous log, the access request is verified by using the access rule, and only the access request passing the verification is sent to the database 20, so that the access request which does not meet the access rule cannot access the database 20, and the compliance of the database 20 is ensured.
In this embodiment, the client is in communication connection with the application, the access request is sent by the application 10 to the client 30, and if the access request fails to pass the verification, this embodiment further provides a specific processing manner of interception:
and if the access request is not verified, returning a response message of refusing to access the database to the application terminal.
In this embodiment, if the access request is not verified, it means that the access request does not satisfy the access rule, and in order to ensure the compliance of the data in the database 20, the access request is not sent to the database 20, but the client 30 intercepts the access request and directly returns a response message denying access to the database 20 to the application 10.
It should be noted that the application 10 may be an application running business application software, or may be a database client directly accessing the database 20, and in either case, an access request that fails to pass the verification is not sent to the database 20, so that the compliance of the data in the database 20 may be effectively ensured.
In this embodiment, when the access rule changes with a change of an application scenario, in order to update data in the database 20 in time to meet a latest access rule, this embodiment further provides an implementation manner for updating the access rule, please refer to fig. 6, where fig. 6 is a flowchart illustrating a second flowchart of a database access method provided in an embodiment of the present invention, where the method includes the following steps:
in step S110, an update request for updating the access rule is received.
In this embodiment, the update request for updating the access rule may be to write a new access rule, modify an access rule already written, or delete an access rule already written.
Step S111, sending an update request to the database to update the access rule in the database.
In this embodiment, the updating manner is different according to the different storage forms of the access rules in the database 20, and the following two updating manners are provided in this embodiment:
the first updating method comprises the following steps:
and sending the access rule to the rule table according to the table identifier so as to update the access rule to the rule table.
In the first updating mode, the access rules are stored in an independent rule table, the rule table is independent from the data table of the service data in the database, different services can correspond to respective rule tables, in order to distinguish the rule tables of different services, a unique table identifier for characterizing the rule table can be set for the rule table, and the rule table comprises the access rules related to the corresponding services. The access rule and the table identifier included in the update request are respectively the access rule to be updated and the table identifier of the rule table to which the access rule belongs.
And (2) updating mode two:
and sending the access rule and the target field to a database so that the database determines the field matched with the target field, and updating the access rule into the comment of the field matched with the target field.
In the second updating mode, the access rule is stored in the comment of the field related to the access rule, for example, if the access rule is restricted for the mobile phone number, the access rule may be written in the comment of the mobile phone number field. The target field is a field related to the access rule needing to be updated, and when the access rule needs to be updated, the update request includes the access rule needing to be updated and the target field related to the access rule, for example, a data table of the database includes four fields a, B, C, and D, and when the access rule needing to be updated is related to the field C, C is the target field, and the database 20 updates the access rule into the comment of the field C.
In this embodiment, for a specific application scenario, some fields stored in the database are sensitive fields, for example, an identity card number, a mobile phone number, and the like, values of these fields read from the database cannot be directly returned to the application 10 or the user, at this time, desensitization processing needs to be performed on service data returned by the database, for example, service data returned by the database is corrected, and then the corrected data is returned to the application 10 or the user, so this embodiment further provides a processing method for correcting the service data, please refer to fig. 7, where fig. 7 is a flowchart illustrating a third method for providing a database access method according to an embodiment of the present invention, and the method includes the following steps:
and step S120, receiving a return result aiming at the access request sent by the database, wherein the return result comprises the service data required to be read by the access request.
In this embodiment, the service data is data read from the database according to the access request.
And step S121, correcting the service data according to the access rule to obtain corrected data.
In this embodiment, the modifying the service data includes, but is not limited to, displaying a preset field or a part of data in the preset field in the service data with a preset symbol, for example, the service data is 12345678900, and the modified data is 123 × 8900.
And step S122, responding to the access request according to the corrected data.
In this embodiment, a plurality of application terminals 10 may all access the database 20, a plurality of application terminals 10 may access the same database 20, may access the same or different tables, the same or different fields of the database, a plurality of application terminals 10 may access the same table or the same field of the same database according to the same access rule, a plurality of application terminals may also access the same database by using different database accounts, at this time, different database accounts may correspond to different access rules, of course, a plurality of application terminals may also access different databases 20, each application terminal 10 may correspond to an access rule of its own access database 20, the access rule may be stored in an independent rule table, or may be stored in a comment of a related field, the specific storage manner is described above, and is not described here. In this scenario, the client is in communication connection with the multiple application terminals, and each application terminal corresponds to an access rule for accessing the database, and this embodiment further provides an implementation manner for verifying the access request in this scenario, which specifically includes:
first, a target access rule corresponding to a target application terminal is determined from a plurality of access rules.
In this embodiment, as a specific implementation manner, the client 30 may store an access rule corresponding to each application 10, the target application is an application that needs to access the database 20 among the multiple applications, and the client 30 determines a target access rule corresponding to the target application according to the target application.
Secondly, the access request is checked according to the target access rule.
In order to perform the corresponding steps in the above-described embodiments and various possible implementations, an implementation of the database access device 100 is given below. Referring to fig. 8, fig. 8 is a block diagram illustrating a database access apparatus 100 according to an embodiment of the present invention. It should be noted that the basic principle and the resulting technical effect of the database access apparatus 100 provided in this embodiment are the same as those of the foregoing embodiments, and for the sake of brief description, no reference is made to this embodiment.
The database access apparatus 100 includes a receiving module 110, a checking module 120, a sending module 130, an intercepting module 140, a modifying module 150, and an updating module 160.
The receiving module 110 is configured to receive an access request for accessing a database.
Optionally, the receiving module 110 is further configured to receive an update request for updating the access rule.
Optionally, the receiving module 110 is further configured to receive a return result sent by the database for the access request, where the return result includes the service data that needs to be read by the access request.
The verifying module 120 is configured to verify the access request according to an access rule of the database, where the access rule is obtained from a synchronization log of the database, and the synchronization log is generated when the client updates the access rule to the database according to a preset service requirement.
Optionally, the client is in communication connection with multiple application terminals, each application terminal corresponds to an access rule for accessing the database, the access request is sent to the client terminal for a target application terminal in the multiple application terminals, and the verification module 120 is specifically configured to: determining a target access rule corresponding to a target application terminal from a plurality of access rules; and checking the access request according to the target access rule.
The sending module 130 is configured to send the access request to the database if the access request passes the verification, and respond to the access request according to a return result of the database.
Optionally, the interception module 140 is configured to: and if the access request is not verified, returning a response message of refusing to access the database to the application terminal.
Optionally, the modification module 150 is configured to: correcting the service data according to the access rule to obtain corrected data; and responding the access request according to the modified data.
Optionally, the updating module 160 is configured to: and sending an update request to the database to update the access rule in the database.
Optionally, the database includes a rule table for storing the access rule, the update request includes a table identifier of the rule table and the access rule, and the update module 160 is specifically configured to: and sending the access rule to the rule table according to the table identifier so as to update the access rule to the rule table.
Optionally, the database includes fields and comments of the fields, the update request includes an access rule and a target field related to the access rule, and the update module 160 is further configured to: and sending the access rule and the target field to a database so that the database determines the field matched with the target field, and updating the access rule into the comment of the field matched with the target field.
The present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a database access method as described above.
To sum up, the embodiments of the present invention provide a database access method, an apparatus, a client and a storage medium, which are applied to a client, where the client is in communication connection with a server running a database, and the method includes: receiving an access request for accessing a database; verifying the access request according to an access rule of the database, wherein the access rule is acquired from a synchronous log of the database, and the synchronous log is generated when a client updates the access rule to the database according to a preset service requirement; and if the access request passes the verification, sending the access request to the database, and responding to the access request according to a return result of the database. Compared with the prior art, the embodiment of the invention at least has the following effects: (1) The access rule is acquired from the synchronous log through the synchronous log generated when the client updates the access rule to the database according to the preset service requirement, the access request is verified by using the access rule, and only the access request passing the verification is sent to the database, so that the access request not meeting the access rule can not access the database, and the compliance of the database is ensured; (2) All the access to the database is through the client 30, which can avoid the user from illegally accessing the service data in the database by directly using other means such as a database terminal and the like by bypassing the service application due to the disclosure of the authentication information of the database, thereby improving the compliance of the service data in the database; (3) For different types of database systems, the universality of access rule definition and verification by using the access rule can be realized by acquiring the access rule from different logs of corresponding databases; (4) The multiple application terminals can define respective access rules, so that data access behaviors which do not accord with the service specification and are caused by the fact that the multiple service applications do not understand the specific service data in the service specification are effectively avoided; (5) The embodiment of the present invention may update the access rules as needed, which facilitates extending the existing access control capability of the database 20, including, but not limited to, column-level authority control, service data access control according to time periods, and data modification capability (e.g., globally unique ID) across multiple databases.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are also within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A database access method applied to a client communicatively connected to a server running a database, the method comprising:
receiving an access request for accessing the database;
verifying the access request according to an access rule of the database, wherein the access rule is acquired from a synchronous log of the database, and the synchronous log is generated when the client updates the access rule to the database according to a preset service requirement;
and if the access request passes the verification, sending the access request to the database, and responding the access request according to a return result of the database.
2. The database access method of claim 1, wherein the method further comprises:
receiving an update request for updating the access rule;
and sending the updating request to the database so as to update the access rule in the database.
3. The database access method of claim 2, wherein the database includes a rule table for storing the access rules, the update request includes a table identification of the rule table and the access rules, and the step of sending the update request to the database to update the access rules in the database includes:
and sending the access rule to the rule table according to the table identifier so as to update the access rule to the rule table.
4. The method of accessing a database according to claim 2, wherein the database includes a field and a comment for the field, the update request includes the access rule and a target field associated with the access rule, the step of sending the update request to the database to update the access rule in the database includes:
and sending the access rule and the target field to the database so that the database determines the field matched with the target field, and updating the access rule to the comment of the field matched with the target field.
5. The database access method of claim 1, wherein the method further comprises:
receiving a return result which is sent by the database and aims at the access request, wherein the return result comprises business data which needs to be read by the access request;
correcting the service data according to the access rule to obtain corrected data;
and responding the access request according to the corrected data.
6. The database access method of claim 1, wherein the client is communicatively coupled to an application, and the access request is sent to the client by the application, the method further comprising:
and if the access request is not verified, returning a response message of refusing to access the database to the application terminal.
7. The database access method according to claim 1, wherein the client is communicatively connected to a plurality of applications, each of the applications corresponds to an access rule for accessing the database, the access request is sent to the client for a target application among the applications, and the step of verifying the access request according to the access rule of the database includes:
determining a target access rule corresponding to the target application terminal from a plurality of access rules;
and checking the access request according to the target access rule.
8. A database access apparatus for a client communicatively connected to a server running a database, the apparatus comprising:
the receiving module is used for receiving an access request for accessing the database;
the verification module is used for verifying the access request according to an access rule of the database, wherein the access rule is acquired from a synchronous log of the database, and the synchronous log is generated when the client updates the access rule to the database according to a preset service requirement;
and the sending module is used for sending the access request to the database if the access request passes the verification and responding the access request according to a return result of the database.
9. A client, comprising a processor and a memory, the memory being configured to store a program, the processor being configured to implement the database access method of any one of claims 1-7 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out a database access method according to any one of claims 1 to 7.
CN202211162892.6A 2022-09-23 2022-09-23 Database access method, device, client and storage medium Pending CN115455485A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211162892.6A CN115455485A (en) 2022-09-23 2022-09-23 Database access method, device, client and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211162892.6A CN115455485A (en) 2022-09-23 2022-09-23 Database access method, device, client and storage medium

Publications (1)

Publication Number Publication Date
CN115455485A true CN115455485A (en) 2022-12-09

Family

ID=84305956

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211162892.6A Pending CN115455485A (en) 2022-09-23 2022-09-23 Database access method, device, client and storage medium

Country Status (1)

Country Link
CN (1) CN115455485A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117478423A (en) * 2023-11-30 2024-01-30 东方物通科技(北京)有限公司 Data security communication system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117478423A (en) * 2023-11-30 2024-01-30 东方物通科技(北京)有限公司 Data security communication system and method
CN117478423B (en) * 2023-11-30 2024-05-03 东方物通科技(北京)有限公司 Data security communication system and method

Similar Documents

Publication Publication Date Title
CN112840617B (en) Method and computing node for managing blockchain resources, computer readable medium
JP2021518705A (en) Runtime self-modification for blockchain ledger
US10997159B2 (en) Blockchain notification board storing blockchain resources
US11196568B2 (en) Identity protection
US11520773B2 (en) Blockchain notification board storing blockchain resources
US20200050691A1 (en) Database node functional testing
CN110544097A (en) Intelligent contract version control, calling and upgrading method, equipment and storage medium
CN111131221B (en) Interface checking device, method and storage medium
CN111414739B (en) Excel data entry component, entry method and device
EP3812917A1 (en) Data structure reading method and apparatus, data structure updating method and apparatus, and electronic device
WO2021234464A2 (en) Systems and methods for device detection and registration
CN115455485A (en) Database access method, device, client and storage medium
US20200057822A1 (en) Secure url shortening
CN115390939B (en) Service processing method and system
CN111124883A (en) Test case library introduction method, system and equipment based on tree form
CN113949632B (en) Dynamic node configuration method and device for block chain
CN108052842B (en) Signature data storage and verification method and device
CN115567218A (en) Data processing method and device of security certificate based on block chain and server
CN113220762A (en) Method, device, processor and storage medium for realizing general record processing of key service field change in big data application
CN112286881A (en) Document authentication and tracing method and device
CN115242625B (en) Service deployment method, device, computer equipment and readable storage medium
US20170235771A1 (en) Systems and methods for electronic mail communication based data management
US11080372B2 (en) Presenting programs for execution via various presentable media
CN116910821A (en) Data reading and writing method, device, equipment and storage medium
CN117668814A (en) Password failure early warning method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination