CN104331444A - Method and device for protecting database - Google Patents
Method and device for protecting database Download PDFInfo
- Publication number
- CN104331444A CN104331444A CN201410583007.0A CN201410583007A CN104331444A CN 104331444 A CN104331444 A CN 104331444A CN 201410583007 A CN201410583007 A CN 201410583007A CN 104331444 A CN104331444 A CN 104331444A
- Authority
- CN
- China
- Prior art keywords
- database
- data
- server
- caching server
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24552—Database cache management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
Abstract
The invention provides a method and device for protecting a database, which can overcome the weaknesses of the prior art and can prevent the database from being attacked. The method for protecting the database comprises the steps: updating data of a cache server by an application server according to the content of the database in a database server, so that the cache server stores all data of the database; receiving a data request of a terminal by the application server, inquiring the data requested by the terminal from the cache server, and transmitting the data to the terminal.
Description
Technical field
The present invention relates to technical field of the computer network, particularly a kind of method and apparatus of protected data storehouse.
Background technology
WEB application program is a kind of application program can accessed by WEB, and most WEB website all adopts the architecture design of application server+caching server+database server.User accesses the flow process of WEB application program as shown in Figure 1, and Fig. 1 is the schematic diagram of the flow process obtaining database data according to terminal of the prior art.As shown in Figure 1, user uses terminal device such as PC, during the access websites such as smart mobile phone, terminal (being generally browser) first sends request of data (step S1) to application server, application server is according to required parameter query caching server, to judge whether caching server preserves the data (step S2) of user's request, if, then data are taken out from buffer memory (S3) and then send to terminal (step S4), otherwise Query Database server (step S5), then the data (step S6) that database server returns are received, finally these data are sent to terminal (step S7), and these data are sent to caching server (step S8).
Because WEB system is exposed to public network, the flow process shown in Fig. 1 is a kind of simple and effective attack means for hacker provides.Hacker can use attack software to send a large amount of illegal request to application server, as illegal request, its data of asking are not present in database, therefore be not present in caching server yet, like this, according to the flow process of Fig. 1, application server all can Query Database when receiving illegal request at every turn, all like this illegal request have all dropped on database, make database pressure increase, deposit in case in a large amount of illegal request, light then make the pressure of database, load constantly increases, the request response of the normal access websites of user is slack-off, heavy then database blockage is even delayed machine, thus website cannot be used, affect the access of user, produce serious negative effect.
Above attack pattern has walked around caching system, directtissima database.In the prior art, generally protected data storehouse is come by global search technology.Full-text search is a kind of written historical materials search method of being mated with search terms by texts all in file; the relatively more conventional full-text search third party technology of current java is Lucene, Solr etc.; the principle of full-text search be lane database is often used inquiry information extraction to hard disk as index file; then the service provision program developing inquiry uses; the request of user's access program is by direct search index file; and not direct Query Database, serve the effect in protected data storehouse.
Realizing in process of the present invention, inventor finds to adopt global search technology protected data storehouse, has following weak point:
(1) full-text search is a special kind of skill, and the cost of developer's study in early stage and later maintenance is higher.
(2) very large to disk read-write amount when updating file data, shorten hard disk life-span, the increment index major part that updating file uses all is realized by merge algorithm.And this merge algorithm causes disk read-write operation frequently, the renewal of new data, may cause a part not have vicissitudinous index to be rewritten many times at all, frequent updating data, especially time renewal amount is larger, also consume server resource very much, cause the hydraulic performance decline of search.
(3) a large amount of request access, will read index file frequently, and the risk that file handle may be caused to damage reduces the reliability of system.
(4) generally use incremental update when upgrading index, in order to ensure that also can use full dose upgrades with the consistance of database data, the efficiency operating this table when full dose upgrades can reduce.
Summary of the invention
In view of this, the invention provides a kind of method and apparatus of protected data storehouse, above-mentioned all deficiencies of the prior art can be overcome, and can prevent database from being attacked.
For achieving the above object, according to an aspect of the present invention, a kind of method of protected data storehouse is provided.
The method in protected data storehouse of the present invention comprises: application server, according to the data of the content update caching server of the database in database server, makes described caching server preserve all data of described database; The request of data of described application server receiving terminal, then inquires the data of described terminal request from described caching server, then these data is sent to this terminal.
Alternatively, described application server is the server running WEB application program.
Alternatively, described caching server is the caching server in distributed cache system.
Alternatively, application server comprises according to the step of the data of the content update caching server of the database in database server: application server starts timing worker task, by database described in timing worker job enquiry, the database data that current described caching server is not preserved is sent to described caching server.
According to a further aspect in the invention, a kind of device of protected data storehouse is provided.
The device in protected data storehouse of the present invention comprises: buffer update module, for the data of the content update caching server according to the database in database server, makes described caching server preserve all data of described database; These data, for inquiry terminal from described caching server to the data of application server request, are then sent to described terminal by enquiry module.
Alternatively, this device is arranged in the application server running WEB application program.
Alternatively, the database data that current described caching server is not preserved also for starting timing worker task, is sent to described caching server by database described in timing worker job enquiry by described buffer update module.
According to technical scheme of the present invention; application server is according to the data of the content update caching server of the database in database server; caching server is made to preserve all data of database; in this case; even if hacker has walked around the restriction of refer and IP rule, enable request of data arrive application server, this request of data also can only fall caching server; cannot database be directly hit, thus make database obtain protection.
Accompanying drawing explanation
Accompanying drawing is used for understanding the present invention better, does not form inappropriate limitation of the present invention.Wherein:
Fig. 1 is the schematic diagram of the flow process obtaining database data according to terminal of the prior art;
Fig. 2 is the schematic diagram of the method in protected data storehouse according to the embodiment of the present invention;
Fig. 3 is the schematic diagram of the main modular of the device in protected data storehouse according to the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, one exemplary embodiment of the present invention is explained, comprising the various details of the embodiment of the present invention to help understanding, they should be thought it is only exemplary.Therefore, those of ordinary skill in the art will be appreciated that, can make various change and amendment, and can not deviate from scope and spirit of the present invention to the embodiments described herein.Equally, for clarity and conciseness, the description to known function and structure is eliminated in following description.
In embodiments of the present invention; application server is according to the data of the content update caching server of the database in database server; caching server is made to preserve all data of database; in this case; when application server receives the request of data of terminal; directly from caching server, just can obtain the data of terminal request and be supplied to this terminal; avoid the database when terminal sends request accessed, thus can protected data storehouse when there is the request that great amount of terminals sends.Elaborate to the technical scheme of the embodiment of the present invention below in conjunction with Fig. 2, Fig. 2 is the schematic diagram of the method in protected data storehouse according to the embodiment of the present invention.
Step S21: application server starts worker task, Query Database termly.
The database number storehouse that current cache server is not preserved by step S22:worker task is sent to caching server.Worker task regularly performs, and ensures that the data of caching server buffer memory are consistent with the database data in database server.
Step S23: the request of data of application server receiving terminal.
Step S24: application server query caching server.
Step S25: application server receives the data that caching server returns.If application server can not postponed to deposit in server and be inquired data in step s 24 which, then return sky in this step.
Step S26: the data received are sent to terminal by application server.
As can be seen from the flow process of Fig. 2, even if hacker has walked around the restriction of refer and IP rule, enable request of data arrive application server, this request of data also can only fall caching server, cannot directly hit database, thus makes database obtain protection.
Fig. 3 is the schematic diagram of the main modular of the device in protected data storehouse according to the embodiment of the present invention, and this device can be arranged in the application server running WEB application program.As shown in Figure 3, the device 30 in protected data storehouse mainly comprises buffer update module 31 and enquiry module 32.Buffer update module 31, for the data of the content update caching server according to the database in database server, makes caching server preserve all data of database.These data, for the data of inquiry terminal from caching server to application server request, are then sent to terminal by enquiry module 32.Buffer update module 31 also can be used for starting timing worker task, by timing worker job enquiry database, the database data that current cache server is not preserved sent to caching server.
According to the technical scheme of the embodiment of the present invention; application server is according to the data of the content update caching server of the database in database server; caching server is made to preserve all data of database; in this case; even if hacker has walked around the restriction of refer and IP rule, enable request of data arrive application server, this request of data also can only fall caching server; cannot database be directly hit, thus make database obtain protection.The technical scheme of the application embodiment of the present invention does not produce study and maintenance cost, and disk read-write amount summation is database data amount, there is not the problem of frequent reading disk and index file, adopts the mode of incremental update to have higher efficiency.Embodiment of the present invention technical scheme is mainly for aforementioned four kinds of weak points design of the prior art, be intended to overcome this four kinds of weak points simultaneously, in addition due in the present embodiment when the request of data of response terminal main reading cache data, there is higher processing speed, so also contribute to promoting Consumer's Experience.
Below ultimate principle of the present invention is described in conjunction with specific embodiments, but, it is to be noted, for those of ordinary skill in the art, whole or any step or the parts of method and apparatus of the present invention can be understood, can in the network of any calculation element (comprising processor, storage medium etc.) or calculation element, realized with hardware, firmware, software or their combination, this is that those of ordinary skill in the art use their basic programming skill just can realize when having read explanation of the present invention.
Therefore, object of the present invention can also be realized by an operation program or batch processing on any calculation element.Described calculation element can be known fexible unit.Therefore, object of the present invention also can realize only by the program product of providing package containing the program code realizing described method or device.That is, such program product also forms the present invention, and the storage medium storing such program product also forms the present invention.Obviously, described storage medium can be any storage medium developed in any known storage medium or future.
Also it is pointed out that in apparatus and method of the present invention, obviously, each parts or each step can decompose and/or reconfigure.These decompose and/or reconfigure and should be considered as equivalents of the present invention.Further, the step performing above-mentioned series of processes can order naturally following the instructions perform in chronological order, but does not need necessarily to perform according to time sequencing.Some step can walk abreast or perform independently of one another.
Above-mentioned embodiment, does not form limiting the scope of the invention.It is to be understood that depend on designing requirement and other factors, various amendment, combination, sub-portfolio can be there is and substitute in those skilled in the art.Any amendment done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within scope.
Claims (7)
1. the method in protected data storehouse, is characterized in that, comprising:
Application server, according to the data of the content update caching server of the database in database server, makes described caching server preserve all data of described database;
The request of data of described application server receiving terminal, then inquires the data of described terminal request from described caching server, then these data is sent to this terminal.
2. method according to claim 1, is characterized in that, described application server is the server running WEB application program.
3. method according to claim 1, is characterized in that, described caching server is the caching server in distributed cache system.
4. according to the method in any one of claims 1 to 3, it is characterized in that, application server comprises according to the step of the data of the content update caching server of the database in database server: application server starts timing worker task, by database described in timing worker job enquiry, the database data that current described caching server is not preserved is sent to described caching server.
5. the device in protected data storehouse, is characterized in that, comprising:
Buffer update module, for the data of the content update caching server according to the database in database server, makes described caching server preserve all data of described database;
These data, for inquiry terminal from described caching server to the data of application server request, are then sent to described terminal by enquiry module.
6. device according to claim 5, is characterized in that, this device is arranged in the application server running WEB application program.
7. the device according to claim 5 or 6, it is characterized in that, the database data that current described caching server is not preserved also for starting timing worker task, is sent to described caching server by database described in timing worker job enquiry by described buffer update module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410583007.0A CN104331444A (en) | 2014-10-27 | 2014-10-27 | Method and device for protecting database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410583007.0A CN104331444A (en) | 2014-10-27 | 2014-10-27 | Method and device for protecting database |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104331444A true CN104331444A (en) | 2015-02-04 |
Family
ID=52406171
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410583007.0A Pending CN104331444A (en) | 2014-10-27 | 2014-10-27 | Method and device for protecting database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104331444A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106202485A (en) * | 2016-07-18 | 2016-12-07 | 乐视控股(北京)有限公司 | Data manipulation method and system |
CN106209848A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric power communication method and device |
CN106209844A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | The electric power safety means of communication |
CN106210117A (en) * | 2016-08-01 | 2016-12-07 | 浪潮软件股份有限公司 | A kind of high performance service framework realized by high in the clouds caching |
CN106209847A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric data transmission method and device |
CN106790666A (en) * | 2017-01-20 | 2017-05-31 | 泰华智慧产业集团股份有限公司 | Load balancing mesh architecture and its build operation method |
CN107197000A (en) * | 2017-05-04 | 2017-09-22 | 微梦创科网络科技(中国)有限公司 | Static dynamic hybrid cache method, apparatus and system |
CN107833087A (en) * | 2017-10-13 | 2018-03-23 | 中国银行股份有限公司 | The online method for selling and equipment of a kind of killing property of second product |
CN108920621A (en) * | 2018-06-28 | 2018-11-30 | 努比亚技术有限公司 | Data-updating method, mobile terminal and computer readable storage medium |
CN109656959A (en) * | 2018-12-24 | 2019-04-19 | 拉扎斯网络科技(上海)有限公司 | A kind of data query method, apparatus, electronic equipment and storage medium |
CN110636341A (en) * | 2019-10-25 | 2019-12-31 | 四川虹魔方网络科技有限公司 | Large-concurrency supporting multi-level fine-grained caching mechanism launcher interface optimization method |
CN112187950A (en) * | 2020-10-10 | 2021-01-05 | 深圳市智百威科技发展有限公司 | Method for solving slow remote data access |
CN112486956A (en) * | 2020-12-10 | 2021-03-12 | 北京字节跳动网络技术有限公司 | Data access method and device and electronic equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102279880A (en) * | 2011-07-28 | 2011-12-14 | 深圳市五巨科技有限公司 | Method and system for updating cache in real time |
CN102629903A (en) * | 2011-12-21 | 2012-08-08 | 奇智软件(北京)有限公司 | System and method for disaster recovery in internet application |
-
2014
- 2014-10-27 CN CN201410583007.0A patent/CN104331444A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102279880A (en) * | 2011-07-28 | 2011-12-14 | 深圳市五巨科技有限公司 | Method and system for updating cache in real time |
CN102629903A (en) * | 2011-12-21 | 2012-08-08 | 奇智软件(北京)有限公司 | System and method for disaster recovery in internet application |
Non-Patent Citations (1)
Title |
---|
网络: "用缓存服务器负载均衡 提数据库查询效率", 《IT168服务器专区HTTP://SERVER.IT168.COM/A2009/0724/612/000000612135.SHTML》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209848A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric power communication method and device |
CN106209844A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | The electric power safety means of communication |
CN106209847A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric data transmission method and device |
CN106202485A (en) * | 2016-07-18 | 2016-12-07 | 乐视控股(北京)有限公司 | Data manipulation method and system |
CN106210117A (en) * | 2016-08-01 | 2016-12-07 | 浪潮软件股份有限公司 | A kind of high performance service framework realized by high in the clouds caching |
CN106790666A (en) * | 2017-01-20 | 2017-05-31 | 泰华智慧产业集团股份有限公司 | Load balancing mesh architecture and its build operation method |
CN107197000A (en) * | 2017-05-04 | 2017-09-22 | 微梦创科网络科技(中国)有限公司 | Static dynamic hybrid cache method, apparatus and system |
CN107197000B (en) * | 2017-05-04 | 2020-07-31 | 微梦创科网络科技(中国)有限公司 | Static and dynamic hybrid caching method, device and system |
CN107833087A (en) * | 2017-10-13 | 2018-03-23 | 中国银行股份有限公司 | The online method for selling and equipment of a kind of killing property of second product |
CN108920621A (en) * | 2018-06-28 | 2018-11-30 | 努比亚技术有限公司 | Data-updating method, mobile terminal and computer readable storage medium |
CN109656959A (en) * | 2018-12-24 | 2019-04-19 | 拉扎斯网络科技(上海)有限公司 | A kind of data query method, apparatus, electronic equipment and storage medium |
CN110636341A (en) * | 2019-10-25 | 2019-12-31 | 四川虹魔方网络科技有限公司 | Large-concurrency supporting multi-level fine-grained caching mechanism launcher interface optimization method |
CN110636341B (en) * | 2019-10-25 | 2021-11-09 | 四川虹魔方网络科技有限公司 | Large-concurrency supporting multi-level fine-grained caching mechanism launcher interface optimization method |
CN112187950A (en) * | 2020-10-10 | 2021-01-05 | 深圳市智百威科技发展有限公司 | Method for solving slow remote data access |
CN112486956A (en) * | 2020-12-10 | 2021-03-12 | 北京字节跳动网络技术有限公司 | Data access method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104331444A (en) | Method and device for protecting database | |
US8555252B2 (en) | Apparatus and method for loading and updating codes of cluster-based java application system | |
US8984058B2 (en) | Pre-fetching remote resources | |
CN102375882B (en) | Method, device and browser for rapidly accessing webpage | |
EP3399435A1 (en) | Method and device for processing short link, and short link server | |
CN110674432A (en) | Second-level caching method and device and computer readable storage medium | |
CN101930449A (en) | Client computer, acting server and be used to provide the method for cloud storage | |
CN102567339A (en) | Method, device and system for acquiring start page | |
US20130276126A1 (en) | Website scanning device and method | |
US20120310882A1 (en) | Key value data storage | |
CN103428188A (en) | Method and apparatus for file updating, and associated equipment | |
CN103905503A (en) | Data storage method, data scheduling method, device and system | |
CN104424199A (en) | Search method and device | |
CN102195971A (en) | Website access control method | |
JP6330528B2 (en) | Data division control program, data division control method, and data division control device | |
CN103530349A (en) | Method and equipment for cache updating | |
CN109240613A (en) | Data cache method, device, computer equipment and storage medium | |
CN103473326A (en) | Method and device providing searching advices | |
CN105302840A (en) | Cache management method and device | |
CN102647481A (en) | Device and method for accessing preset network address | |
EP2939200A1 (en) | Method and apparatus for secure advertising | |
US10242102B2 (en) | Network crawling prioritization | |
US20130346960A1 (en) | Method and system for updating an application | |
CN102984020B (en) | Cloud-computation-based net surfing monitoring method and monitoring system and monitoring server | |
CN105912641A (en) | Icon update method and apparatus of Native Apps |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150204 |
|
RJ01 | Rejection of invention patent application after publication |