JP3803002B2 - Data maintenance method and apparatus by data update monitoring, and storage medium storing data maintenance program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
  The present invention relates to a data maintenance method by data update monitoring for maintaining data on a mass storage device or the like.,And a storage medium storing a data integrity program.
[0002]
[Prior art]
Usually, a program consists of an execution part and a definition data part. In order to protect this definition data from unauthorized tampering, it is common to add data protection processing to the execution part. However, since this may be broken, the entire program including the definition data part must be backed up in advance. In the case of data recovery by manual recovery.
[0003]
Conventionally, as such a data maintenance technique, for example, there is one disclosed in Japanese Patent Laid-Open No. 10-171694, “Backup Method”. In this system, an administrator identifies all data necessary for system operation and business that are distributed over all systems, determines a backup schedule, and periodically performs differential backup. The backup program having the differential backup function checks whether or not the backup target file has been changed at the time of backup processing, and backs up only the file including the changed data to the backup device. When recovering data due to a disk failure, improper data alteration, or accidental data loss, the storage medium on which the data is backed up is inserted into the backup device, and the corresponding data is restored manually.
[0004]
On the other hand, in recent years, there are service providers that provide various types of information in a large-scale Internet environment. In such a service provider, data is regularly backed up in advance and manually restored when necessary to take measures against improper alteration of data or accidental data loss.
[0005]
[Problems to be solved by the invention]
In the above-mentioned data maintenance by regular backup, if the system administrator changes the data once to illegal information by the unauthorized user during the regular backup schedule and then restores it again, the system administrator It is hard to notice the unauthorized change of. In addition, since the contents of data that have been properly updated by the system administrator are not backed up until the next regular backup process, if the data is destroyed before the next backup or if there is a data change by an unauthorized user, the administrator The updated data content will be lost completely. In such a case, the system administrator had to recover the latest backup data for the time being and manually return the updated contents thereafter. In particular, in the case of a normal file other than a database, it is difficult to reproduce the updated contents, such as relying on the memory of the system administrator, because the difference data is not acquired by a journal. This is especially true for definition files that store program operating parameters.
[0006]
In addition, in a large-scale system, the work of selecting and registering data that must be backed up becomes enormous. Further, when the number of files to be backed up increases, the backup data itself is updated by the update data check process, and the entire backup time becomes longer, and the backup device itself is occupied, which places a load on the entire system.
[0007]
Furthermore, when data is falsified or deleted by an unauthorized user, the system administrator first considers the recovery of the data, so that the identification work of the unauthorized user is postponed. In this case, it is often the case that the time has elapsed since the time when the data was updated or lost, and the system operation log files are updated, and unauthorized users have time to erase evidence of unauthorized use. Identification is difficult. In addition, when the system administrator recovers the backup data, this is done manually, so there is a risk of recovering another data or recovering the data to the wrong place, which is complicated and error prone.
[0008]
  An object of the present invention is to solve the above-mentioned problems in data maintenance and to perform data maintenance by data update monitoring so that appropriate data maintenance can be performed without complicated manual work.,And a storage medium storing a data security program. Another object of the present invention is to monitor the alteration and deletion of illegal data and to save the data when there is a possibility that the illegal data is altered or deleted.
[0009]
[Means for Solving the Problems]
  In order to solve the above object, the present invention provides:A data maintenance method for protecting data on a storage device, registering information for specifying data to be saved and restored, and registering information for specifying a program that refers to data to be saved and restored. , Monitoring and detecting the update of the registered save and recovery target data, detecting the execution state of the program that refers to the registered save and recovery target data, and detecting the registered save and recovery target When the update of data is detected, if the execution state of the program that references the data to be saved and restored is stopped, the update contents are saved, and if the execution state is in operation The saved data is recovered.
[0012]
The data to be saved and restored is, for example, an HTML document provided by a predetermined server program or an operation definition file of the server program. Update detection is performed by, for example, comparing the update time information of the data to be monitored for update stored in advance with the update time information of the operating system, or the operating system detecting and reporting the update of the data. To do.
[0013]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings. First, as a first embodiment, an example will be described in which the data update monitoring method according to the present invention is applied to perform data update monitoring of an operation definition file of a business system.
[0014]
FIG. 1 shows an outline of the system configuration of a business system according to the first embodiment. The business system 10 includes a business program 11 that operates the business system 10, an operation definition file 12 that stores parameter information related to the operation of the business program 11, and data management that performs update monitoring and backup of the operation definition file 12. A program 14, an information management database 13 for registering information used by the data management program 14 and specifying the operation definition file 12, and a save area 15 for saving backed up data and the like are provided. Each of these units operates on the operating system 16. Reference numeral 135 denotes various operating system information used by the operating system 16. Among these components, the most important components are a data management program 14 and an information management database 13.
[0015]
Usually, when a business is performed in the business system 10, the operation definition file 12 is a file in which operation parameter information necessary for the business program 11 to operate is written, and is indispensable for the business system operation. . If the operation definition file 12 is altered or deleted by an unauthorized person, it affects the operation of the business program 11 and further affects the operation of the business system 10. Therefore, information management is always performed as a data integrity target file. It must be registered in the database 13.
[0016]
In the present embodiment, the information management database 13 and the data management program 14 are registered as components of the business system 10 in order to manage the integrity of the operation definition file 12 that greatly affects the operation of the business program 11.
[0017]
FIG. 2 shows the components of the data management program 14. The data management program 14 includes a data registration unit 141 for registering information for specifying the action definition file 12 in the information management database 13 and an update of the action definition file 12 specified by the information registered in the information management database 13. A data update monitoring unit 142 for monitoring presence / absence, a data saving unit 143 for backing up the data of the operation definition file 12 whose update has been confirmed by the data update monitoring unit 142 to the saving area 15, and data update monitoring The data recovery unit 144 that recovers the data of the operation definition file 12 that has been confirmed to be updated or lost by the unit 142 from the save area 15 and the data update monitoring unit 142 that the update or loss of the data of the operation definition file 12 has been confirmed. Triggered system operation history information such as access log files A data update notifying unit 145 for identifying the changer and notifying the system administrator, and a program for registering information for identifying the business program 11 which is a program for referring to the data of the action definition file 12 in the information management database 13 An information registration unit 146 and a program status monitoring unit 147 that monitors the operation status of the business program 11 based on information for identifying a program registered in the information management database 13 are provided.
[0018]
FIG. 3 shows components of the information management database 13 used by the data management program 14. In the information management database 13, file management information 130 is prepared for each file monitored by the data management program 14. The file management information 130 includes a file information area 131 for storing information for specifying the action definition file 12 including data to be saved and restored, and an action definition file specified by the information stored in the file information area 131 Information for specifying the business program 11 that is a program that refers to the operation definition file 12 specified by the update time information area 134 for storing the 12 update time information and the information stored in the file information area 131. A program information area 133 for storing and an updater information area 132 for storing information for specifying an updater who has updated the operation definition file 12 specified by the information stored in the file information area 131 Is done.
[0019]
FIG. 4 shows components of operating system information 135 on which the data management program 14 operates. The operating system information 135 includes, for each file existing on the operating system, file information 1351 as information for managing the file and program information 1350 as information for specifying the program operating on the operating system. Prepared. Further, the file information 1351 includes a file name 13511 as information for specifying the file, owner information 13512 as information for specifying the owner of the file, and an update time for the file. Information includes update time information 13513, and a component of the program information 1350 is a process name 13501 for specifying an operating program.
[0020]
FIG. 5 shows a processing flow (operation of the data management program 14) of data backup and recovery procedures in the operation of the business system 10 of this embodiment, and the contents thereof will be described below.
[0021]
First, the data registration process 51 is performed. In the data registration processing 51, when the business program 11 is installed, the data registration unit 141 of the data management program 14 uses the file name of the operation definition file 12 that is information for specifying the operation definition file 12 as the operating system information 135. In the file information area 131 in the information management database 13. Similarly, the data registration unit 141 obtains the creation time information and owner information of the operation definition file 12 from the update time information 13513 and owner information 13512, and stores them in the update time information 132 and the updater information area 134. Remember each one. Program information specifying a business program that refers to the action definition file 12 is stored in the program information area 133. In addition, based on the file name registered in the file information area 131, the contents of the action definition file 12 of the business program 11 are specified, and the contents of the action definition file 12 are backed up by the data saving unit 143. .
[0022]
Next, a data update monitoring process 52 is performed. In the data update monitoring process 52, the data update monitoring unit 142 checks whether or not the operation definition file 12 has been updated based on the information in the file information area 131 of the information management database 13 for the operation definition file 12. In this checking method by the data monitoring unit 142, the update time information 134 of the information management database 13 and the update time information 13513 of the operating system information 135 are compared, and if there is a difference, it is determined that the data has been updated. This data update monitoring process 52 is repeated (steps 52 and 53), and when a data update is detected, the process proceeds to the next data saving process 54.
[0023]
Here, the data update monitoring process 52 will be described in more detail with reference to FIG. FIG. 6 is a diagram for explaining a data update monitoring processing method by the data update monitoring unit 142 in the present embodiment. In the information management database 13, several operation definition files (A.CONF, B.CONF, C.CONF,...) Are registered. The data update monitoring unit 142 compares the update time information of the information management database 13 and the operating system information 135 with respect to the file management information 130 in the information management database 13 from the top record, and the update time information is different. Is detected. In the example of FIG. 6, it is detected that the update time information 134 is different in the first record (A.CONF record). Here, the data update monitoring unit 142 acquires the file name of the operation definition file 12 from the file information area 131 of the information management database 13 and identifies the operation definition file 12 in which the operation parameters of the business program 11 are updated.
[0024]
Returning to FIG. 5 again, the processing after the data update is detected will be described. In the data saving process 54, only when the data update monitoring unit 142 detects an update of the data of the operation definition file 12 in the data update monitoring process 52, the data saving unit 143 that is a component of the data management program 14 uses the file information. The updated action definition file 12 is specified based on the information in the area 131, and the action definition file 12 is backed up to the save area 15. Further, in response to the backup of the action definition file 12 by the data saving unit 143, the data update notification unit 145 reads the update time information from the update time information 13513 of the operating system information 135, and stores the update time information in the information management database 13. The update information is stored in the update time information area 134, and the updater information is read from the owner information 13512 and stored in the updater information area 132.
[0025]
Next, in the data update notification process 55, when the action definition file 12 is updated and backed up, the data update notification unit 145 receives the file information area 131, the updater information area 132, and the update from the information management database 13. The contents of the time information area 134 are read out and displayed on the terminal screen.
[0026]
Thereafter, by repeating these procedures, every time the operation definition file 12 is updated, the contents of the operation definition file 12 are surely backed up in the save area 15 by the data saving unit 13 and displayed on the terminal screen. By checking the displayed update time information area 134 and updater information area 132, the updater can be specified. Since the operation definition file is automatically registered as a backup target when a business program is installed, the system administrator does not have to perform a complicated task of registering the backup target. Since the operation definition file is backed up almost immediately when it is updated, it is improved that the data updated before the next backup processing is not protected in the conventional periodic backup.
[0027]
In the above embodiment, the data update monitoring process 52 in FIG. 5 compares the update time information to detect the presence / absence of data update. However, the operating system detects the presence / absence of data update in the file, and the operating system A method may be employed in which the data monitoring unit 142 reports the data. Further, as a check method, instead of comparing update times, a method of comparing file sizes may be adopted.
[0028]
Next, as a second embodiment of the present invention, an example in which the present invention is applied to service provider information provision in a large-scale Internet environment will be described.
[0029]
FIG. 7 shows a service provider operating system in a large-scale Internet environment to which the present invention is applied. The system includes a service provider 40 that provides information, an administrator terminal 46 that is used by an operation administrator who monitors the operation of the service provider 40, and a service user who acquires information transmitted from the service provider 40. And a user terminal 47 to be used. The service provider 40 has a server program httpd41 for providing information on the operating system 16, an HTML document 42 describing information provided to the service user by the server program httpd41, and root directory information of the HTML document 42. Including the operation definition file 12, the information management database 13 for registering the list information of the HTML document 42, the data management program 14 for managing service operation, and the save area for saving and restoring the HTML document 42 15 and an access log file 48 for the server program httpd41 to output the operation status of the program.
[0030]
In particular, the server program httpd 41 and the HTML document 42 are important components and must be protected for information provision requests from the user terminal 47. Normally, in the system operation mode of the service provider 40, the server program 41 receives an information provision request for the HTML document 42 from the user terminal 47, determines the corresponding document of the HTML document 42 to be provided, and provides it to the user terminal 47. ing. Further, at the same time that the server program httpd 41 provides the HTML information 42, information indicating which HTML document 42 was provided to which user terminal 47 is stored in the access log file 48.
[0031]
In this embodiment, in order to manage the operation status of the server program httpd 41 and the integrity of the HTML document 42 provided to the user terminal 47, the components of the information management database 13 and the data management program 14 are registered in the service provider 40. ing.
[0032]
The configurations of the data management program 14, the information management database 13, and the operating system information 135 are the same as those described with reference to FIGS. 2 to 4 in the first embodiment.
[0033]
FIG. 8 shows a processing flow (operation of the data management program 14) of a procedure for backing up or recovering the HTML document 42 based on the operation status of the server program 41 in the service provider 40. Explain the contents.
[0034]
First, in the data registration processing 61, the data registration unit 141 in the data management program 14 reads the file name 13511 and the update time information 13513 of the operating system information 135 for the HTML document 42, and the file information area of the information management database 13. 131 and the update time information area 134. Here, in the registration process of the HTML document 42 to be monitored by the data registration unit 141, the root directory information in which the HTML document 42 is placed is read from the operation definition file 12 of the httpd 41, and the HTML document 42 below this directory is specified. Therefore, the file name 13511 of the operating system information 135 is stored in the file information area 131 of the information management database 13, and the update time information 13513 is read and stored in the update time information area 134 of the information management database 13. At the same time, based on the file name registered in the file information area 131, the HTML document 42 with the file name is backed up in advance in the save area 15. Similarly, the action definition file 12 is also registered as a monitoring target.
[0035]
Next, in the program information registration processing 62, the program information registration unit 146 uses the program name httpd, which is information for identifying the server program httpd41, as a program (monitoring target program) that refers to the HTML document 42 and the action definition file 12. The program is stored in the program information area 133 in the information management database 13.
[0036]
Next, in the data update monitoring process 63, the data update monitoring unit 142 sets each HTML document 42 itself as a monitoring target on the basis of the file name information registered in the file information area 131. Monitor for data updates and loss. Similarly, the presence / absence of data update and the disappearance are monitored for the operation definition file 12. Here, as a method for detecting the update of the data, the update time information 13513 of the operating system information 135 is compared with the update time information stored in the update time information area 132 in the information management database 13, and the difference is detected. What is necessary is to use a method of detecting an update file as an update file. As a method for detecting data loss, the existence of the monitoring target file itself may be confirmed by checking the existence of the file information 1351 of the operating system information 135. In the data update monitoring process 63, when monitoring the presence / absence and disappearance (specifically, creation, modification, or deletion) of the data of the monitoring target file as described above, Whether the deletion is an instruction from the administrator terminal 46 or an instruction from the user terminal 47 is determined based on the contents of the access log file 48.
[0037]
This data update monitoring process 63 is repeatedly performed (steps 63 and 631), and when a data update is detected, the process proceeds to the program state monitoring process 64.
[0038]
Next, in the program status monitoring process 64, the execution status of the server program httpd 41 is monitored by the program status monitoring unit 147 in accordance with the data monitoring by the data update monitoring unit 142. As an execution state monitoring method of the server program httpd41, the program name stored in the program information area 133 in the information management database 13 is compared with the operation process name 13501 of the operating system information 135. The monitored program is activated, and if not matched, the monitored program is stopped.
[0039]
Next, in the monitoring result combination determination processing 65, the update occurrence result of the HTML document 42 or the action definition file 12 by the data update monitoring unit 142 in the data update monitoring processing 63 and the program status monitoring unit 147 in the program status monitoring processing 64. The combination with the monitoring result of the activation state of the server program httpd41 is determined. As a result of the combination determination, in the case of the combination (1), the data saving process 672 is performed, and in the case of the combination (2), the process proceeds to the data update notification process 68 without doing anything, and in the case of the combination (3), the data recovery is performed. Processing 671 is performed (step 68). The data saving process 672, the data recovery process 671, and the data update notification process 68 will be described later.
[0040]
FIG. 9 shows a list of branch conditions based on the combination determination result. In the case of (1), when a change in the action definition file is detected by an instruction from the administrator terminal 46, and the server program httpd41 that is the monitoring target program is stopped at that time, the instruction from the administrator terminal 46 When the creation of a new HTML document is detected, the server program httpd41, which is the monitoring target program, is operating or stopped, or a change in the HTML document according to an instruction from the administrator terminal 46 is detected. This is a case where the server program httpd41 that is the monitoring target program is stopped. In the case of {circle around (1)}, it is considered that the data update is valid from the administrator terminal 46, and the data saving process 672 is performed.
[0041]
In the case of {circle around (2)}, a new creation of an HTML document according to an instruction from the user terminal 47 is detected, and the server program httpd41, which is a monitoring target program, is operating or stopped at that time, or the administrator terminal 46 This is a case where the deletion of the HTML document by the instruction from is detected, and the server program httpd41 as the monitoring target program is stopped at that time. In the case of (2), it is ignored and the process proceeds to the data update notification process 68.
[0042]
The case of (3) is a case other than (1) and (2). In this case, the process proceeds to the data recovery processing 671 as an unauthorized alteration.
[0043]
FIG. 10 shows a condition combination determination method by the data update monitoring unit 142 and the program state monitoring unit 147 in the application embodiment of the present invention. Several HTML documents (index.html, open.html, close.html,...) Are registered in the information management database 13. The data update monitoring unit 142 compares the update time information of the information management database 13 and the operating system information 135 from the top record with respect to the file management information 130 in the information management database 13, and detects that the update time information is different. To do. In the example of FIG. 10, it is detected that the update time information 134 is different in the first record. Here, the data update monitoring unit 142 acquires the file name of the HTML document from the file information area of the information management database 13 and identifies the HTML document 42 whose data has been updated. Further, the program status monitoring unit 147 specifies a server program httpd 41 that refers to the HTML document 42 from the program information area 133 related to the HTML document 42 specified by the data update monitoring unit 142. Based on the specified program information area 133, it is compared with the program information 1350 in the operating system information 135, and if it matches the httpd server 41, it is detected as operating.
[0044]
Referring back to FIG. 8 again, in the data saving process 672, the data update monitoring unit 142 backs up the updated HTML document 42 file or the action definition file 12 determined to have been updated to the saving area 15 by the data saving unit 143. . At this time, immediately after the data saving unit 143 backs up the changed file in the saving area 15, the data saving unit 143 reads the update time information from the update time information 13513 in the operating system information 135, and stores the update time information in the information management database 13. The update information is stored in the update time information area 132, and the updater information is also read from the owner information 13512 and stored in the updater information area 134.
[0045]
On the other hand, in the data recovery processing 671, the data recovery unit 144 in the data management program 14 uses the contents backed up in the save area 15 of the HTML document 42 file or the action definition file 12 that has changed or disappeared. Recover.
[0046]
Next, in the data update notification processing 68, the access log file 48 of the server program httpd41 is read, and the file information area 131, the updater information 132, and the update time information 134 in the file management information 130 are read from the information management database 13. The contents are read, and the terminal that updated or lost the file and the updater information are displayed and output on the administrator terminal 46.
[0047]
With the above procedure, the service provider 40 can automatically back up the HTML document 42 and the action definition file 12 before the service operation is started (the server program httpd 41 is stopped), and also after the system operation starts. An automatic backup can be performed for the creation of an HTML file from a user terminal. In addition, after the system operation is started, recovery processing can be automatically performed for an unauthorized alteration or disappearance of the HTML document 42 or the action definition file 12. Furthermore, the system administrator can immediately monitor the HTML document 42 and the action definition file 12 at the administrator terminal 46 for alteration and disappearance, and the HTML document 42 and the action definition file 12 of the entire service provider 40 can be monitored. Data integrity becomes possible.
[0048]
In the second embodiment described above, a data management program is prepared, and the data registration unit registers indispensable data in advance as a backup target. Therefore, the administrator can determine all files necessary for the program. The required work time can be shortened, and leakage of essential backup data can be eliminated. In addition, because only specific files are backed up when data is updated, and only the target data is recovered when unauthorized data is tampered with or accidentally lost, it eliminates the time required for regular backup operation scheduling studies, etc. At the same time, it is freed from long-term occupancy of backup areas such as backup devices and long-term resident backup processes, facilitating system operation and maintenance work.
[0049]
According to the first and second embodiments, when the business program is installed, the operation definition file is registered as an evacuation target. Therefore, the system administrator does not perform a complicated task of registering the maintenance target file. You can do it. Since the action definition file is saved as soon as it is updated, the updated contents before the next periodic backup that could not be protected by the regular backup are also protected. Furthermore, since the contents saved at the time of data update are recovered when tampering or deletion of data considered to be illegal is detected, the system administrator can perform data maintenance without complicated work. Accordingly, it is possible to eliminate work time for scheduling examination of periodic backup operation, and it is freed from long-term occupancy of a backup area such as a backup device and long-term resident backup process, thereby facilitating system operation and maintenance work.
[0050]
【The invention's effect】
As described above, according to the present invention, it is possible to reduce the burden of monitoring related to unauthorized data falsification and deletion performed by the system administrator and the work related to data saving / recovery.
[Brief description of the drawings]
FIG. 1 is a diagram showing an operation mode of a general business system operation method that is a basic embodiment of the present invention.
FIG. 2 is a diagram showing details of a data management program.
FIG. 3 is a diagram showing details of an information management database.
FIG. 4 is a diagram showing details of operating system information.
FIG. 5 is a diagram showing a processing flow of a backup procedure in a business system.
FIG. 6 is a diagram showing details of a data monitoring method in a business system.
FIG. 7 is a diagram showing an operation method of an Internet service provider in a distributed system environment according to a second embodiment of the present invention.
FIG. 8 is a diagram showing a processing flow of backup and recovery procedures in a service provider.
FIG. 9 is a diagram showing a list of processes based on a monitoring result combination determination result;
FIG. 10 is a diagram showing details of a data monitoring method in a service provider.
[Explanation of symbols]
10. Business system
11 ... Business program
12 ... Action definition file
13. Information management database
14 ... Data management program
15 ... evacuation area
131 ... File information area
132: Update time information area
133 ... Program information area
134: Updater information area
135: Operating system information
1350 ... Program information
1351 ... File information
13501 ... Process name
13511 ... File name
13512 ... Owner information
13513 ... Update time information
141 ... Data registration part
142: Data update monitoring unit
143 ... Data saving unit
144: Data recovery unit
145 ... Data update notification section
146 ... Program information registration section
147 ... Program status monitoring unit
40 ... Service Provider
41 ... Server program httpd
42 ... HTML document
46 ... Administrator terminal
47. User terminal
48 ... Access log file
51. Data registration process
52 ... Data update monitoring processing
53 ... Data update determination processing
54 ... Data save processing
55 ... Data update notification processing
61 ... Data registration process
62 ... Program information registration processing
63: Data update monitoring process
64 ... Program information monitoring processing
65 ... Monitoring result combination determination processing
66. Combination determination result processing
671 ... Data recovery processing
672 ... Data saving processing
68 ... Data update notification processing

Claims (6)

A data security method for protecting data on a storage device,
A step of registering information for identifying data to be saved and restored;
Registering information identifying a program that references data to be saved and recovered;
Monitoring and detecting the update of the registered evacuation and recovery target data; and
Detecting an execution state of a program that references the registered save and recovery target data;
When update of the registered save and recovery target data is detected, if the execution state of the program that references the save and recovery target data is stopped, the update contents are saved and the execution state A data maintenance method by data update monitoring, comprising: a step of recovering the saved data when the is operating. The data maintenance method according to claim 1 ,
The data maintenance method by data update monitoring, wherein the data to be saved and restored is an HTML document provided by a predetermined server program or an operation definition file of the server program. In the data security method according to claim 1 or 2 ,
The detection of the update is performed by comparing the update time information of the data to be monitored for update stored in advance with the update time information of the operating system, or the operating system detects and reports the update of the data. A data maintenance method based on data update monitoring, characterized by being performed. A computer-readable recording medium that records a data integrity program for securing data on a storage device,
  On the computer,
  A function for registering information for identifying data to be saved and restored;
  A function for registering information for identifying a program that references data to be saved and restored;
  A function of monitoring and detecting the update of the registered save and recovery target data;
  A function of detecting an execution state of a program that refers to the registered save and recovery target data;
  When update of the registered save and recovery target data is detected, if the execution state of the program that references the save and recovery target data is stopped, the update contents are saved and the execution state Function to recover the saved data when
  The computer-readable recording medium which recorded the data maintenance program for implement | achieving. A data maintenance method for maintaining an operation definition file in a system in which a server program that operates based on operation definition information of an operation definition file responds to an HTML file in response to a request from a user terminal,
  Registering information for identifying the action definition file, which is data to be saved and restored;
  Registering information for identifying a server program referring to the operation definition file;
  Monitoring and detecting a change or deletion of the action definition file;
  Detecting an execution state of a server program referring to the operation definition file;
  When a change in the action definition file is detected,
(1) When the execution state of the server program that refers to the operation definition file is in operation and the change of the operation definition file is based on an instruction from the administrator terminal or the user terminal, the saved data is Use to recover the action definition file,
(2) When the execution state of the server program that refers to the operation definition file is stopped and the change of the operation definition file is based on an instruction from the administrator terminal, the data of the operation definition file is saved,
(3) When the execution state of the server program that refers to the operation definition file is stopped and the change of the operation definition file is based on an instruction from the user terminal, the operation is performed using the saved data. Recovering the definition file;
  When deletion of the action definition file is detected, recovering the action definition file using the saved data;
  A data maintenance method by data update monitoring characterized by comprising: A data security method for maintaining an HTML file in a system in which a server program responds to an HTML file in response to a request from a user terminal,
  Registering information for specifying the HTML file which is the data to be saved and restored;
  Registering information identifying a server program referring to the HTML file;
  Monitoring and detecting creation, modification, or deletion of the HTML file;
  Detecting an execution state of a server program referring to the HTML file;
  When creation of the HTML file is detected,
(1-1) When the creation of the HTML file is based on an instruction from the administrator terminal, the data of the HTML file is saved,
(1-2) When the creation of the HTML file is based on an instruction from the user terminal, ignoring the instruction to create the HTML file;
  When a change in the HTML file is detected,
(2-1) When the execution state of the server program that refers to the HTML file is in operation, the HTML file is recovered using the saved data,
(2-2) When the execution state of the server program referring to the HTML file is stopped and the change of the HTML file is based on an instruction from the administrator terminal, the data of the HTML file is saved,
(2-3) When the execution state of the server program that refers to the HTML file is stopped and the change of the HTML file is based on an instruction from the user terminal, the HTML file is saved using the saved data. Step to recover,
  When deletion of the HTML file is detected,
(3-1) When the execution state of the server program that refers to the HTML file is in operation, the HTML file is recovered using the saved data,
(3-2) When the execution state of the server program that refers to the HTML file is stopped and the deletion of the HTML file is based on an instruction from the administrator terminal, the instruction to delete the HTML file is ignored,
(3-3) When the execution state of the server program that refers to the HTML file is stopped and the deletion of the HTML file is based on an instruction from the user terminal, the HTML file is stored using the saved data. Step to recover and
  A data maintenance method by data update monitoring characterized by comprising:

Images