CN103595716A

CN103595716A - Data requesting method and storage server

Info

Publication number: CN103595716A
Application number: CN201310557314.7A
Authority: CN
Inventors: 王耕; 罗先强
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2013-11-08
Filing date: 2013-11-08
Publication date: 2014-02-19

Abstract

The embodiment of the invention discloses a data requesting method and a storage server. The method includes the following steps that when an access request sent by a client is received, client information carried by the access request is obtained, and the client information comprises type identification of the client and requested data information; according to the type identification, a preset view display rule is used for screening and processing the data information; processing results after the data information is screened and processed are sent to the client. The safety of the data information stored in the storage server can be guaranteed, and intellectualization of the storage server is improved.

Description

A kind of data request method and storage server

Technical field

The present invention relates to communication technical field, relate in particular to a kind of data request method and storage server.

Background technology

Along with the continuous exploitation of the communication technology and perfect, it is information-based that people's life is tending towards gradually, computer and network has become indispensable important component part in people's life, data information memory that people can preserve needs is conventionally in the hard disk of computer, such as photo, article etc.Because the storage of data message has certain space requirement for computer hardware, if the data message of storage is too much, need the hard disk that configuration storage space is larger.

Along with the development of technology, the mode of storage is also tending towards variation, and user can, by data information memory to storage server, carry out unified management by storage server to data message.Adopt the mode of storage server, reduced the requirement to computer hardware, and the data message that user can be stored is shared, for example: the data message that user can access other users in area covered by agreement by possessing the protocol client of authority, but because all data in the data message of user's storage possess observability for other protocol clients, once there is hacker, the situation of the illegal invasions such as virus, easily cause data to reveal, the safety issues such as loss of data, affected user's experience, and then reduced the intelligent of storage server.

Summary of the invention

The embodiment of the present invention provides a kind of data request method and storage server, can guarantee the fail safe of the data message stored in storage server, improves the intelligent of storage server.

In order to solve the problems of the technologies described above, first aspect present invention provides a kind of data request method, can comprise:

When receiving the access request of client transmission, obtain the entrained client-side information of described access request, described client-side information comprises the type identification of described client and the data message of asking;

According to described type identification, adopt default view demonstration rule to carry out Screening Treatment to described data message;

Result after Screening Treatment is sent to described client.

Based on first aspect, in the feasible execution mode of the first of first aspect, described before receiving the access request of client transmission, also comprise:

Obtain and preserve the default view that data message is configured and show rule.

Based on first aspect, in the feasible execution mode of the second of first aspect, described default view shows that rule is specially:

Data in described data message allow the client-access by described type identification identified; Or,

The data that belong to invisible attribute in described data message do not allow the client-access being identified by described type identification, and the data that belong to visual attribute in described data message allow the client-access by described type identification identified; Or,

The data that belong to preset kind in described data message do not allow the client-access being identified by described type identification, and other data in described data message except the data of described preset kind allow the client-access by described type identification identified; Or,

The data that belong to default owner in described data message do not allow the client-access being identified by described type identification, and other data that belong in described data message except described default owner's data allow the client-access by described type identification identified.

The feasible execution mode of the second based on first aspect, in the third feasible execution mode of first aspect, described according to described type identification, adopt default view demonstration rule to carry out Screening Treatment to described data message, comprising:

To in the data of the client-access that does not allow in described data message to be identified by described type identification and described data message, allow to be carried out separating treatment by the data of the client-access that described type identification identified.

The feasible execution mode of the second based on first aspect, in the 4th kind of feasible execution mode of first aspect, is describedly sent to described client by the result after Screening Treatment, comprising:

In described data message, exist while allowing by the data of the client-access that described type identification identified, will in described data message, allow to be sent to described client by the data of the client-access that described type identification identified;

In described data message, do not exist while allowing by the data of the client-access that described type identification identified, to described client, send the information of denied access.

Based on first aspect, in the 5th kind of feasible execution mode of first aspect, described obtain the entrained client-side information of described access request after, and described according to described type identification, the default view of employing also comprises before showing that rule is carried out Screening Treatment to described data message:

Judge whether to exist default view to show rule;

If so, carry out according to described type identification, adopt default view demonstration rule to carry out Screening Treatment to described data message;

If not, described data message is sent to described client.

The 4th kind of feasible execution mode of the execution mode that the execution mode that the first based on first aspect or first aspect is feasible or the second of first aspect are feasible or the third feasible execution mode of first aspect or first aspect or the 5th kind of feasible execution mode of first aspect, in the 6th kind of feasible execution mode of first aspect, described type identification comprises user ID (User Identification, UID), group sign (Group Identification, GID), network interconnection agreement (Internet Protocol, IP) address, IP network section, at least one sign in group of networks and domain name.

Second aspect present invention provides a kind of storage server, can comprise:

Acquisition of information module, for when receiving the access request of client transmission, obtains the entrained client-side information of described access request, and described client-side information comprises the type identification of described client and the data message of asking;

Screening module, for according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

Result sending module, for being sent to described client by the result after Screening Treatment.

Based on second aspect, in the feasible execution mode of the first of second aspect, also comprise:

Rule is preserved module, for obtaining and preserve the default view that data message is configured, shows rule.

Based on second aspect, in the feasible execution mode of the second of second aspect, described default view shows that rule is specially:

The feasible execution mode of the second based on second aspect, in the third feasible execution mode of second aspect, described screening module is specifically for allowing to be carried out separating treatment by the data of the client-access that described type identification identified in the data of the client-access that does not allow in described data message to be identified by described type identification and described data message.

The feasible execution mode of the second based on second aspect, in the 4th kind of feasible execution mode of second aspect, described result sending module specifically for:

Based on second aspect, in the 5th kind of feasible execution mode of second aspect, also comprise:

Judge module, exists default view to show rule for judging whether;

Notification module, for when described judge module judgement exists default view demonstration rule, notifies described screening module to carry out according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

Information sending module, for when described judge module judgement does not exist default view to show rule, is sent to described client by described data message.

The 4th kind of feasible execution mode of the execution mode that the execution mode that the first based on second aspect or second aspect is feasible or the second of second aspect are feasible or the third feasible execution mode of second aspect or second aspect or the 5th kind of feasible execution mode of second aspect, in the 6th kind of feasible execution mode of second aspect, described type identification comprises at least one sign in UID, GID, IP address, IP network section, group of networks and domain name.

Above-mentioned known, according to the type identification of client, can adopt default view to show that the data message that rule is asked client carries out Screening Treatment, and the result after Screening Treatment is sent to described client.By Screening Treatment, can realize the view that data message that different type identifications asks shows different, avoided hacker or poisoning intrusion to possess after the client of authority, the all data messages of other users within the scope of can access protocal, guaranteed the fail safe of the data message stored in storage server, promote user's experience, and then improved the intelligent of storage server.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is the schematic flow sheet of a kind of data request method of providing of the embodiment of the present invention;

Fig. 2 is the schematic flow sheet of the another kind of data request method that provides of the embodiment of the present invention;

Fig. 3 is the schematic flow sheet of another data request method of providing of the embodiment of the present invention;

Fig. 4 is the mutual schematic diagram of a kind of data request method of providing of the embodiment of the present invention;

Fig. 5 is the structural representation of a kind of storage server of providing of the embodiment of the present invention;

Fig. 6 is the structural representation of the another kind of storage server that provides of the embodiment of the present invention;

The structural representation of a kind of storage server based on computer system that Fig. 7 provides for the embodiment of the present invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.

In embodiments of the present invention, when storage server receives the access request of client transmission, described storage server obtains the client-side information carrying in described access request, described client-side information comprises the type identification of described client and the data message of asking, described storage server can be according to described type identification, adopt default view demonstration rule to carry out Screening Treatment to described data message, and the result after Screening Treatment is sent to described client.

Client involved in the present invention can comprise: computer, panel computer, smart mobile phone, notebook computer, palmtop PC and mobile internet device (MID), the terminal equipments such as PAD, described storage server can be for for storing the server apparatus of user's data message, be preferably NFS (Network File System, NFS) agreement storage server, user can be uploaded to described storage server by the data message of needs storage by described client, also can upload the data message at described storage server by other users of described client-access, such as: the data message that in the data message that in same local area network (LAN), other client is uploaded or same gateway, other client is uploaded etc.

Wherein, described data message is specifically as follows catalogue, file etc., in described data message, can comprise file indicated in subdirectory associated in catalogue and this catalogue and the data such as subfile in file, described user ID can comprise at least one sign in UID, GID, IP address, IP network section, group of networks and domain name.

Below in conjunction with accompanying drawing 1-accompanying drawing 4, the data request method that the embodiment of the present invention is provided describes in detail.

Refer to Fig. 1, for the embodiment of the present invention provides a kind of schematic flow sheet of data request method.As shown in Figure 1, the described method of the embodiment of the present invention can comprise the following steps S101-step S103.

S101, when receiving the access request of client transmission, obtains the entrained client-side information of described access request, and described client-side information comprises the type identification of described client and the data message of asking;

Concrete, when storage server receives the access request of client transmission, in described access request, carrying client-side information, described storage server obtains described client-side information.

Wherein, described client-side information can comprise the type identification of described client and the data message of asking, can also comprise protocol command word, described protocol command word is preferably NFS protocol command word, described protocol command word is for stating the operation of described client to described data message, such as: read data information, search data message, create data message, rename data message etc.

S102, according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

Concrete, described storage server, according to the type identification of described client, can adopt default view demonstration rule to carry out Screening Treatment to described data message.

It should be noted that, described default view shows that the default view for the data message of storing in described storage server that rule can arrange in advance for the keeper of described storage server shows rule; The default view that also can arrange described data message for owner's (uploading the user of described data message) of described data message shows rule.Described default view shows that rule is specifically as follows:

In embodiments of the present invention, in the type identification of described client, can comprise at least one sign in UID, GID, IP address, IP network section, group of networks and domain name, but described default view shows rule, can only for the some or a plurality of signs in described type identification, carry out view and show rule configuration.For example:

(1) the default view of the client that is specific UID for type identification shows that rule can be:

Data in described data message allow the client-access by specific UID identified; Or,

The data that belong to invisible attribute in described data message do not allow the client-access being identified by described specific UID, and the data that belong to visual attribute in described data message allow the client-access by described specific UID identified; Or,

The data that belong to preset kind in described data message do not allow the client-access being identified by described specific UID, and other data in described data message except the data of described preset kind allow the client-access by described specific UID identified; Or,

The data that belong to default owner in described data message do not allow the client-access being identified by described specific UID, and other data that belong in described data message except described default owner's data allow the client-access by described specific UID identified.

(2) the default view of the client that is specific GID for type identification shows that rule can be:

Data in described data message allow the client-access by specific GID identified; Or,

The data that belong to invisible attribute in described data message do not allow the client-access being identified by described specific GID, and the data that belong to visual attribute in described data message allow the client-access by described specific GID identified; Or,

The data that belong to preset kind in described data message do not allow the client-access being identified by described specific GID, and other data in described data message except the data of described preset kind allow the client-access by described specific GID identified; Or,

The data that belong to default owner in described data message do not allow the client-access being identified by described specific GID, and other data that belong in described data message except described default owner's data allow the client-access by described specific GID identified.

(3) the default view that is the client of specific IP, specific IP network section or particular network group for type identification shows that rule can be:

Data in described data message allow the client-access being identified by specific IP, specific IP network section or particular network group; Or,

The data that belong to invisible attribute in described data message do not allow the client-access being identified by described specific IP, specific IP network section or particular network group, and the data that belong to visual attribute in described data message allow the client-access being identified by described specific IP, specific IP network section or particular network group; Or,

The data that belong to preset kind in described data message do not allow the client-access being identified by described specific IP, specific IP network section or particular network group, and other data in described data message except the data of described preset kind allow the client-access being identified by described specific IP, specific IP network section or particular network group; Or,

The data that belong to default owner in described data message do not allow the client-access being identified by described specific IP, specific IP network section or particular network group, and other data that belong in described data message except described default owner's data allow the client-access being identified by described specific IP, specific IP network section or particular network group.

(4) the default view of the client that is certain domain name for type identification shows that rule can be:

Data in described data message allow the client-access by certain domain name identified; Or,

The data that belong to invisible attribute in described data message do not allow the client-access being identified by described certain domain name, and the data that belong to visual attribute in described data message allow the client-access by described certain domain name identified; Or,

The data that belong to preset kind in described data message do not allow the client-access being identified by described certain domain name, and other data in described data message except the data of described preset kind allow the client-access by described certain domain name identified; Or,

The data that belong to default owner in described data message do not allow the client-access being identified by described certain domain name, and other data that belong in described data message except described default owner's data allow the client-access by described certain domain name identified.

For above-mentioned (1)-(4) for example, described default view shows that rule possesses inheritance, if described data message is catalogue, and exist the first default view to show that rule is for all subdirectories in this catalogue, exist the second default view to show that rule is for the indicated file of all subdirectories, described storage server can adopt the first default view demonstration rule to launch to show to described catalogue, adopt again the second default view to show that all subdirectories that rule shows previous expansion launch again, obtain indicated file, adopt this kind of mode, can make storage server automatically the data in data message be carried out to multilayer screening, promoted the treatment effeciency of storage server to described data message.

It should be noted that, if described default view shows rule, for a plurality of signs in described type identification, carry out view and show rule configuration, optionally, described storage server can be according to the configuration sequence of each sign in described a plurality of signs, described data message is carried out to Screening Treatment, for example: configured in the ban the default view demonstration rule for the client of specific UID, when having configured again default view for the client of specific GID and having shown rule, described storage server is according to the order of " GID after first UID ", respectively the data in described data message are carried out to Screening Treatment, described storage server also can be adjusted the configuration sequence of each sign in a plurality of signs by the owner of described data message, the order of adjusting according to this user, described data message is carried out to Screening Treatment, for example: when configured while showing rule for the client of specific UID with for the default view of the client of specific GID simultaneously, if the order that the owner of described data message adjusts is the order of " UID after first GID ", described storage server carries out Screening Treatment according to this order to the data in described data message.

Further, described storage server adopts default view to show that rule carries out Screening Treatment to described data message and be specifically as follows: described storage server will permission be carried out separating treatment by the data of the client-access that described type identification identified in the data of the client-access that does not allow in described data message to be identified by described type identification and described data message.By separating treatment, can carry out insulation blocking to the data of the client-access that does not allow in described data message to be identified by described type identification, guarantee the fail safe of the data message stored in storage server.

S103, is sent to described client by the result after Screening Treatment;

Concrete, in described data message, exist while allowing by the data of the client-access that described type identification identified, described storage server will allow to be sent to described client by the data of the client-access that described type identification identified in described data message; In described data message, do not exist while allowing by the data of the client-access that described type identification identified, described storage server sends the information of denied access to described client.

Preferably, in described data message, exist while allowing by the data of the client-access that described type identification identified, described storage server is packaged into back message using by described data message, and back message using is sent to described client, to respond the access request of described client, and user cannot be seen in described data message and be existed and allow by the data of the client-access that described type identification identified by described client;

And in described data message, do not exist while allowing by the data of the client-access that described type identification identified, described storage server is packaged into back message using by the information of described denied access, and back message using is sent to described client, to respond the access request of described client, wherein, the information of described denied access can be for pointing out the information of described client insufficient permission.

In embodiments of the present invention, according to the type identification of client, can adopt default view to show that the data message that rule is asked client carries out Screening Treatment, and the result after Screening Treatment is sent to described client.By Screening Treatment, can realize the view that data message that different type identifications asks shows different, avoided hacker or poisoning intrusion to possess after the client of authority, the all data messages of other users within the scope of can access protocal, guaranteed the fail safe of the data message stored in storage server, promote user's experience, and then improved the intelligent of storage server.

Refer to Fig. 2, for the embodiment of the present invention provides the schematic flow sheet of another kind of data request method.As shown in Figure 2, the described method of the embodiment of the present invention can comprise the following steps S201-step S204.

S201, obtains and preserves the default view that data message is configured and show rule;

Concrete, described default view shows that the view for the data message of storing in described storage server that rule can arrange in advance for the keeper of storage server shows rule; The view that also can arrange described data message for owner's (uploading the user of described data message) of described data message shows rule.Described default view shows that rule is specifically as follows:

Described storage server obtains and preserves the default view that described data message is configured and shows rule.

S202, when receiving the access request of client transmission, obtains the entrained client-side information of described access request, and described client-side information comprises the type identification of described client and the data message of asking;

S203, according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

Concrete, described storage server, according to the type identification of described client, can adopt the default view demonstration rule of preserving in step S201 to carry out Screening Treatment to described data message.

S204, is sent to described client by the result after Screening Treatment;

In embodiments of the present invention, according to the type identification of client, can adopt default view to show that the data message that rule is asked client carries out Screening Treatment, and the result after Screening Treatment is sent to described client.By Screening Treatment, can realize the view that data message that different type identifications asks shows different, avoided hacker or poisoning intrusion to possess after the client of authority, the all data messages of other users within the scope of can access protocal, guaranteed the fail safe of the data message stored in storage server, and by adopting extendible view to show regular collocation form, for isolating each client, the view of data message is shown, can be so that storage server be more flexible and changeable to the processing of access request, met more application scenarios, promoted user's experience, and then improved the intelligent of storage server.

Refer to Fig. 3, for the embodiment of the present invention provides the schematic flow sheet of another kind of data request method.As shown in Figure 3, the described method of the embodiment of the present invention is as optional embodiment, and described method can comprise the following steps S301-step S305.

S301, when receiving the access request of client transmission, obtains the entrained client-side information of described access request, and described client-side information comprises the type identification of described client and the data message of asking;

S302, judges whether to exist default view to show rule;

Concrete, described storage server judges whether to exist for the type identification of described client and the default view of described data message and shows rule, if described storage server judgement exists described default view to show rule, perform step S303: according to described type identification, adopt default view demonstration rule to carry out Screening Treatment to described data message; If described storage server judgement does not exist described default view to show rule, perform step S305.

It should be noted that, for some not too important data messages, the keeper of user or storage server can not preset view to these data messages and show regular setting;

And for the data message of outbalance, the keeper of user or storage server can preset view to these data messages and show regular setting, described default view shows that rule is specifically as follows:

S303, according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

Concrete, if the judgement of described storage server exists described default view to show rule, described storage server, according to the type identification of described client, can adopt configured default view demonstration rule to carry out Screening Treatment to described data message.

S304, is sent to described client by the result after Screening Treatment;

S305, is sent to described client by described data message;

Concrete, if described storage server judgement does not exist described default view to show rule, described storage server is directly sent to described client by described data message, preferably, described storage server is packaged into back message using by described data message, and back message using is sent to described client, to respond the access request of described client.

In embodiments of the present invention, according to the type identification of client, can adopt default view to show that the data message that rule is asked client carries out Screening Treatment, and the result after Screening Treatment is sent to described client.By Screening Treatment, can realize the view that data message that different type identifications asks shows different, avoided hacker or poisoning intrusion to possess after the client of authority, the all data messages of other users within the scope of can access protocal, guaranteed the fail safe of the data message stored in storage server, and by adopting extendible view to show regular collocation form, for isolating each client, the view of data message is shown, can be so that storage server be more flexible and changeable to the processing of access request, met more application scenarios, and in storage server, do not store while presetting view demonstration rule, storage server can directly be sent to client by asked data message, improved the treatment effeciency of storage server to request of data, promoted user's experience, and then improved the intelligent of storage server.

Refer to Fig. 4, for the embodiment of the present invention provides a kind of mutual schematic diagram of data request method.As shown in Figure 4, the embodiment of the present invention said method comprising the steps of S401-S404.

S401, client sends access request to storage server, and described access request is carried client-side information, and described client-side information comprises the type identification of described client and the data message of asking;

Concrete, when the operations such as user need to read the data message in storage server, searches, establishment, rename, user can send access request to storage server by client.

S402, when described storage server receives the access request of client transmission, described storage server obtains the entrained client-side information of described access request;

S403, described storage server, according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

S404, described storage server is sent to described client by the result after Screening Treatment;

Below in conjunction with accompanying drawing 5 and accompanying drawing 6, the storage server that the embodiment of the present invention is provided describes in detail.It should be noted that, storage server shown in accompanying drawing 5 and accompanying drawing 6, for carrying out Fig. 1 of the present invention-method embodiment illustrated in fig. 4, for convenience of explanation, only show the part relevant to the embodiment of the present invention, concrete ins and outs do not disclose, and please refer to the embodiment shown in Fig. 1-Fig. 4 of the present invention.

Refer to Fig. 5, for the embodiment of the present invention provides a kind of structural representation of storage server.As shown in Figure 5, the described storage server 1 of the embodiment of the present invention can comprise: acquisition of information module 11, screening module 12 and result sending module 13.

Acquisition of information module 11, for when receiving the access request of client transmission, obtains the entrained client-side information of described access request, and described client-side information comprises the type identification of described client and the data message of asking;

In specific implementation, when described storage server 1 receives the access request of client transmission, in described access request, carry client-side information, described acquisition of information module 11 is obtained described client-side information.

Screening module 12, for according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

In specific implementation, described screening module 12, according to the type identification of described client, can adopt default view demonstration rule to carry out Screening Treatment to described data message.

It should be noted that, described default view shows that the default view for the data message of storing in described storage server 1 that rule can arrange in advance for the keeper of described storage server 1 shows rule; The default view that also can arrange described data message for owner's (uploading the user of described data message) of described data message shows rule.Described default view shows that rule is specifically as follows:

For above-mentioned (1)-(4) for example, described default view shows that rule possesses inheritance, if described data message is catalogue, and exist the first default view to show that rule is for all subdirectories in this catalogue, exist the second default view to show that rule is for the indicated file of all subdirectories, described storage server 1 can adopt the first default view demonstration rule to launch to show to described catalogue, adopt again the second default view to show that all subdirectories that rule shows previous expansion launch again, obtain indicated file, adopt this kind of mode, can make storage server 1 automatically the data in data message be carried out to multilayer screening, promoted the treatment effeciency of 1 pair of described data message of storage server.

It should be noted that, if described default view shows rule, for a plurality of signs in described type identification, carry out view and show rule configuration, optionally, described screening module 12 can be according to the configuration sequence of each sign in described a plurality of signs, described data message is carried out to Screening Treatment, for example: configured in the ban the default view demonstration rule for the client of specific UID, when having configured again default view for the client of specific GID and having shown rule, described screening module 12 is according to the order of " GID after first UID ", respectively the data in described data message are carried out to Screening Treatment, described screening module 12 also can be adjusted the configuration sequence of each sign in a plurality of signs by the owner of described data message, the order of adjusting according to this user, described data message is carried out to Screening Treatment, for example: when configured while showing rule for the client of specific UID with for the default view of the client of specific GID simultaneously, if the order that the owner of described data message adjusts is the order of " UID after first GID ", described screening module 12 is carried out Screening Treatment according to this order to the data in described data message.

Further, described screening module 12 adopts default view to show that rule carries out Screening Treatment to described data message and be specifically as follows: described screening module 12 will permission be carried out separating treatment by the data of the client-access that described type identification identified in the data of the client-access that does not allow in described data message to be identified by described type identification and described data message.By separating treatment, can carry out insulation blocking to the data of the client-access that does not allow in described data message to be identified by described type identification, guarantee the fail safe of the data message of storage in storage server 1.

Result sending module 13, for being sent to described client by the result after Screening Treatment;

In specific implementation, in described data message, exist while allowing by the data of the client-access that described type identification identified, described result sending module 13 will allow to be sent to described client by the data of the client-access that described type identification identified in described data message; In described data message, do not exist while allowing by the data of the client-access that described type identification identified, described result sending module 13 sends the information of denied access to described client.

Preferably, in described data message, exist while allowing by the data of the client-access that described type identification identified, described result sending module 13 is packaged into back message using by described data message, and back message using is sent to described client, to respond the access request of described client, and user cannot be seen in described data message and be existed and allow by the data of the client-access that described type identification identified by described client;

And in described data message, do not exist while allowing by the data of the client-access that described type identification identified, described result sending module 13 is packaged into back message using by the information of described denied access, and back message using is sent to described client, to respond the access request of described client, wherein, the information of described denied access can be for pointing out the information of described client insufficient permission.

Refer to Fig. 6, for the embodiment of the present invention provides the structural representation of another kind of storage server.As shown in Figure 6, the described storage server 1 of the embodiment of the present invention can comprise: acquisition of information module 11, screening module 12 and result sending module 13, Rule are preserved module 14, optionally, can also comprise: judge module 15, notification module 16 and information sending module 17.

Rule is preserved module 14, for obtaining and preserve the view that data message is configured, shows rule;

In specific implementation, described default view shows that the view for the data message of storing in described storage server 1 that rule can arrange in advance for the keeper of storage server shows rule; The view that also can arrange described data message for owner's (uploading the user of described data message) of described data message shows rule.Certainly, for some not too important data messages, the keeper of user or storage server 1 can not preset view to these data messages and show regular setting;

And for the data message of outbalance, the keeper of user or storage server 1 can preset view to these data messages and show regular setting, described default view shows that rule is specifically as follows:

Described Rule is preserved module 14 and is obtained and preserve the default view demonstration rule that described data message is configured.

Judge module 15, exists default view to show rule for judging whether;

In specific implementation, described judge module 15 judges whether to exist for the type identification of described client and the default view of described data message and shows rule, if described judge module 15 judgements exist described default view to show rule, notify described notification module 16 to carry out corresponding steps; If described judge module 15 judgements do not exist described default view to show rule, notify described information sending module 17 to carry out corresponding steps.

Notification module 16, for when described judge module judgement exists default view demonstration rule, notifies described screening module to carry out according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message;

In specific implementation, when described judge module 15 judgements exist default view demonstration rule, described notification module 16 notifies described screening module 12 to carry out according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message.

In specific implementation, if described judge module 15 judgements exist described default view to show rule, it is the notice that described screening module 12 receives described notification module 16, described screening module 12, according to the type identification of described client, can adopt configured default view demonstration rule to carry out Screening Treatment to described data message.

For above-mentioned (1)-(4) for example, described default view shows that rule possesses inheritance, if described data message is catalogue, and exist the first default view to show that rule is for all subdirectories in this catalogue, exist the second default view to show that rule is for the indicated file of all subdirectories, described storage server can adopt the first default view demonstration rule to launch to show to described catalogue, adopt again the second default view to show that all subdirectories that rule shows previous expansion launch again, obtain indicated file, adopt this kind of mode, can make storage server 1 automatically the data in data message be carried out to multilayer screening, promoted the treatment effeciency of 1 pair of described data message of storage server.

Result sending module 13, for being sent to described client by the result after Screening Treatment.

Information sending module 17, for when described judge module judgement does not exist default view to show rule, is sent to described client by described data message;

In specific implementation, when described judge module 15 judgements do not exist default view to show rule, described information sending module 17 is directly sent to described client by described data message, preferably, described information sending module 17 is packaged into back message using by described data message, and back message using is sent to described client, to respond the access request of described client.

Storage server in the embodiment of the present invention can be realized based on computer system, and the method shown in Fig. 1-Fig. 3 all can realize in the storage server based on computer system.Fig. 7 shows the embodiment of the storage server based on computer system.Storage server 400 in the present embodiment can comprise: processor 401, memory 402 and input-output apparatus 403.

Memory 402 is for program code stored.Processor 401 is for the program code of execute store 402 storages.In the embodiment of the present invention, memory 402 stores the first program code, processor 401 is for carrying out this first program code, comprise and carry out following operation: when receiving the access request of client transmission, obtain the entrained client-side information of described access request, described client-side information comprises the type identification of described client and the data message of asking; According to described type identification, adopt default view demonstration rule to carry out Screening Treatment to described data message; Result after Screening Treatment is sent to described client.

Input-output apparatus 403 can be two equipment independently, for example: physical button and display screen, or touch-screen and display screen etc.; Described input-output apparatus 403 can also be an equipment, for example: with display screen of touch function etc.Storage server 400 receives by input-output apparatus 403 access request (as shown in embodiment of the method Fig. 1-Fig. 3) that client sends.Wherein, the described access request that processor receives input-output apparatus 403 according to the program code in memory 402 is processed.

In a kind of feasible execution mode of the embodiment of the present invention, described processor 401, before receiving the access request of client transmission, is also carried out following steps:

In the feasible execution mode of the another kind of the embodiment of the present invention, described default view shows that rule is specially:

In another feasible execution mode of the embodiment of the present invention, described processor 401 is being carried out according to described type identification, adopts default view to show when rule is carried out Screening Treatment to described data message, specifically carries out following steps:

In another feasible execution mode of the embodiment of the present invention, described processor 401, when execution is sent to described client by the result after Screening Treatment, is specifically carried out following steps:

In another feasible execution mode of the embodiment of the present invention, described processor 401 is after the entrained client-side information of described access request is obtained in execution, and carrying out according to described type identification, the default view of employing is also carried out following steps before showing that rule is carried out Screening Treatment to described data message:

Judge whether to exist default view to show rule;

If not, described data message is sent to described client.

In another feasible execution mode of the embodiment of the present invention, described type identification comprises at least one sign in user ID UID, group sign GID, network interconnection protocol IP address, IP network section, group of networks and domain name.

It should be noted that, processor 401 can be central processing unit (central processing unit, CPU), application-specific integrated circuit (ASIC) (application-specific integrated circuit, ASIC) etc.Wherein, the storage server in the present embodiment 400 can comprise bus 404.Processor 401, memory 402 and input can connect and communicate by letter by bus 404 between output equipment 403.Wherein, memory 402 can comprise: random access memory (random access memory, RAM), and read-only memory (read-only memory, ROM), disks etc. have the entity of memory function.Described default release information in the embodiment of the present invention can be buffered in RAM.

Visible, in embodiments of the present invention, according to the type identification of client, can adopt default view to show that the data message that rule is asked client carries out Screening Treatment, and the result after Screening Treatment is sent to described client.By Screening Treatment, can realize the view that data message that different type identifications asks shows different, avoided hacker or poisoning intrusion to possess after the client of authority, the all data messages of other users within the scope of can access protocal, guaranteed the fail safe of the data message stored in storage server, and by adopting extendible view to show regular collocation form, for isolating each client, the view of data message is shown, can be so that storage server be more flexible and changeable to the processing of access request, met more application scenarios, and in storage server, do not store while presetting view demonstration rule, storage server can directly be sent to client by asked data message, improved the treatment effeciency of storage server to request of data, promoted user's experience, and then improved the intelligent of storage server.

Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize with hardware, or firmware realization, or their compound mode realizes.When using software to realize, one or more instructions or the code that above-mentioned functions can be stored in computer-readable medium or on computer-readable medium transmit.Computer-readable medium comprises computer-readable storage medium and communication media, and wherein communication media comprises any medium of being convenient to transmit from a place to another place computer program.Storage medium can be any usable medium that computer can access.As example but be not limited to: computer-readable medium can comprise RAM, ROM or other optical disc storage, magnetic disk storage medium or other magnetic storage apparatus or can be used in carry or store the expectation with instruction or data structure form program code and can be by any other medium of computer access.In addition.Any connection can be suitable become computer-readable medium.For example, if software be use coaxial cable, optical fiber cable, twisted-pair feeder, Digital Subscriber Line or the wireless technology such as infrared ray, radio and microwave from website, server or the transmission of other remote source, so coaxial cable, optical fiber cable, twisted-pair feeder, Digital Subscriber Line or the wireless technology such as infrared ray, wireless and microwave be included under in the photographic fixing of medium.As used in the present invention, dish (Disk) and dish (disc) comprise compression laser disc, laser dish, laser disc, digital universal laser disc, floppy disk and Blu-ray Disc, the copy data of the common magnetic of its mid-game, and dish carrys out the copy data of optics with laser.Within combination above also should be included in the protection range of computer-readable medium.

Above disclosed is only preferred embodiment of the present invention, certainly can not limit with this interest field of the present invention, and the equivalent variations of therefore doing according to the claims in the present invention, still belongs to the scope that the present invention is contained.

Claims

1. a data request method, is characterized in that, comprising:

Result after Screening Treatment is sent to described client.

2. method according to claim 1, is characterized in that, described before receiving the access request of client transmission, also comprises:

3. method according to claim 1, is characterized in that, described default view shows that rule is specially:

4. method according to claim 3, is characterized in that, described according to described type identification, adopts default view demonstration rule to carry out Screening Treatment to described data message, comprising:

5. method according to claim 3, is characterized in that, described result after Screening Treatment is sent to described client, comprising:

6. method according to claim 1, it is characterized in that, described obtain the entrained client-side information of described access request after, and described according to described type identification, the default view of employing also comprises before showing that rule is carried out Screening Treatment to described data message:

Judge whether to exist default view to show rule;

If not, described data message is sent to described client.

7. according to the method described in claim 1-6 any one, it is characterized in that, described type identification comprises at least one sign in user ID UID, group sign GID, network interconnection protocol IP address, IP network section, group of networks and domain name.

8. a storage server, is characterized in that, comprising:

9. storage server according to claim 8, is characterized in that, also comprises:

Rule is preserved module, for obtaining and preserve the view that data message is configured, shows rule.

10. storage server according to claim 8, is characterized in that, described default view shows that rule is specially:

11. storage servers according to claim 10, it is characterized in that, described screening module is specifically for allowing to be carried out separating treatment by the data of the client-access that described type identification identified in the data of the client-access that does not allow in described data message to be identified by described type identification and described data message.

12. storage servers according to claim 10, is characterized in that, described result sending module specifically for:

13. storage servers according to claim 8, is characterized in that, also comprise:

Judge module, exists default view to show rule for judging whether;

Storage server described in 14. according to Claim 8-13 any one, is characterized in that, described type identification comprises at least one sign in UID, GID, IP address, IP network section, group of networks and domain name.