CN104680045A - Computer user login system and method - Google Patents
Computer user login system and method Download PDFInfo
- Publication number
- CN104680045A CN104680045A CN201310628419.7A CN201310628419A CN104680045A CN 104680045 A CN104680045 A CN 104680045A CN 201310628419 A CN201310628419 A CN 201310628419A CN 104680045 A CN104680045 A CN 104680045A
- Authority
- CN
- China
- Prior art keywords
- file system
- user
- password
- pseudo file
- pseudo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Disclosed is a computer user login system. The computer user login system comprises a receiving module and an executing module, wherein the receiving module is used for prompting a user to input a user name and a password and receiving the user name and the password input by the user; the executing module is used for, when the user is determined to be an illegal user according to the received user name and the received password as well as when the user name exists in one preset pseudo file system of a computer and the password is correct, converts the illegal user to the pseudo file system, loads the pseudo file system as a root directory, and calls a Shell program for executing the pseudo file system to receive and execute instructions of the illegal user under the pseudo file system through the Shell program of the pseudo file system. The invention also provides a computer user login method. The computer user login system and method can effectively prevent illegal users for intruding the computer.
Description
Technical field
The present invention, about information security field, particularly relates to a kind of computer user accessing system and method.
Background technology
Internet also exists a large amount of Linux server systems, and for people provide various service, be faced with again the attack from a lot of people all over the world, the security how improving system is the very important problem that managerial personnel face simultaneously.
Summary of the invention
In view of above content, be necessary to provide a kind of computer user accessing system and method, can effectively prevent disabled user from invading computing machine.
Described computer user logins and comprises: receiver module, inputs username and password and receive the username and password that user inputs for pointing out user; And execution module, judge that described user is as disabled user for working as according to received username and password, and there is this user name in described computing machine default pseudo file system, and password correct time, under described disabled user is switched to this pseudo file system, and be root directory by this pseudo file system carry, and call the Shell program performing this pseudo file system, to utilize the Shell process accepts of this pseudo file system and to perform the order of this disabled user under this pseudo file system.
Described computer user accessing method comprises: receiving step, and prompting user inputs username and password and receives the username and password that user inputs; And first performs step, when judging that according to received username and password described user is as disabled user, and there is this user name in described computing machine default pseudo file system, and password correct time, under described disabled user is switched to this pseudo file system, and be root directory by this pseudo file system carry, and call the Shell program performing this pseudo file system, to utilize the Shell process accepts of this pseudo file system and to perform the order of this disabled user under this pseudo file system.
Compared to prior art, computer user provided by the invention accessing system and method, when checking show that user is disabled user, under disabled user being switched to the pseudo file system of described computing machine, and call the Shell program of this pseudo file system, to accept and to perform the order of user under this pseudo file system, allow disabled user take for and successfully invaded this computing machine.Data file under the real file system of this computing machine can not be had influence on because disabled user operates this computing machine under this pseudo file system, described computing machine therefore can be avoided to suffer the destruction of disabled user.
Accompanying drawing explanation
The applied environment figure of Tu1Shi computer user of the present invention accessing system preferred embodiment.
The functional block diagram of Tu2Shi computer user of the present invention accessing system preferred embodiment.
The process flow diagram of Tu3Shi computer user of the present invention accessing method preferred embodiment.
Main element symbol description
Computing machine | 1 |
Accessing system | 10 |
Real file system | 11 |
Pseudo file system | 12 |
One Shell program | 111 |
2nd Shell program | 121 |
Receiver module | 101 |
Judge module | 102 |
Execution module | 103 |
Memory module | 104 |
Following embodiment will further illustrate the present invention in conjunction with above-mentioned accompanying drawing.
Embodiment
Consulting shown in Fig. 1, is the applied environment figure of computer user of the present invention accessing system (hereinafter referred to as accessing system 10) preferred embodiment.In the present embodiment, the operating system that this computing machine 1 is installed is (SuSE) Linux OS, the file system of real file system 11 for creating when installing this (SuSE) Linux OS.It should be noted that, be real file system 11 be here to distinguish with pseudo file system 12 below by this file system name.
Described pseudo file system 12 utilizes BusyBox instrument to adopt static compilation, do not rely on other library file any, integrated commonly used command, and remove fdisk, the system management facility orders such as mount, su, sudo, the small-sized Linux file system constructed.
In the present embodiment, the Shell program 111 included by described real file system 11 and the 2nd Shell program 121 included by pseudo file system 12 are all order program interpreter, for receiving and performing the order of user.
Described accessing system 10 is for verifying whether the user for logining described computing machine 1 is validated user, when checking is derived as validated user, call the Shell program 111 performed in real file system 11, to accept and to perform the order of user under real file system 11.And when checking is derived as disabled user, described accessing system 10 uses chroot function disabled user to be switched to pseudo file system 12 times, with tmpfs file system format this pseudo file system 12 carry for root directory, and call the 2nd Shell program 121 of pseudo file system 12, to accept and to perform the order of user under pseudo file system 12, allow disabled user take for and successfully invaded this computing machine 1.To operate the data file under the real file system 11 that this computing machine 1 can not have influence on this computing machine 1 due to disabled user at this pseudo file system for 12 times, therefore can avoid the destruction of described computing machine 1 round disabled user.
In the present embodiment, described accessing system 10 comprises receiver module 101, judge module 102, execution module 103 and memory module 104(and consults shown in Fig. 2).Described module 101 ~ 104 is performed by the processor (not shown) of described computing machine 1, to provide function of the present invention, introduces below detail.
As shown in Figure 3, be the process flow diagram of computer user of the present invention accessing method preferred embodiment.
Step S1, receiver module 101 is pointed out user to input username and password and is received the username and password that user inputs.
Step S2, according to received username and password, judge module 102 judges that user is as validated user or disabled user.
In the present embodiment, described real file system 11 prestores user name and the password of all validated users, when received user name exists in real file system 11, and the password received and the code matches corresponding with received user name stored in real file system 11, then judge that this user is as validated user, now perform step S3, otherwise, if the user name received does not exist in real file system 11, or the user name received exists in real file system 11, but when the password received does not mate with the password corresponding with received user name stored in real file system 11, judge that user is as disabled user, now perform step S4.Step S3, execution module 103 calls the Shell program 111 performing real file system 11, receives and perform the order of validated user under real file system 11 to utilize a Shell program 111.
Step S4, described judge module 102 judges whether there is received user name in pseudo file system 12, and the password received and the code matches corresponding with received user name stored in pseudo file system 12.If there is the user name received in pseudo file system 12, and the password received and the code matches corresponding with received user name stored in pseudo file system 12, then perform step S5, otherwise perform step S6.
Step S5, execution module 103 uses chroot function disabled user to be switched to pseudo file system 12 times, simultaneously pseudo file system 12 with tmpfs file system format carry for root directory, and call the 2nd Shell program 121 performing pseudo file system 12, to utilize the 2nd Shell program 121 to receive and perform the order of this disabled user under pseudo file system 12, disabled user is thought and has normally logined described computing machine 1.
It should be noted that, here, described execution module 103 by pseudo file system 12 with tmpfs file system format carry for root directory, because tmpfs file system is a kind of file system based on internal memory, RAM(Random-Access Memory can be used) and exchange partition, in the present invention as the file system format of pseudo file system 12, be characterised in that the amendment made for 12 times at this pseudo file system can not have influence on real file system 11, computing machine 1 is restarted rear revised content and can be disappeared, the size of shared internal memory during pseudo file system 12 carry can be limited simultaneously, avoid using too much internal memory.
Step S6, described judge module 102 judges whether there is received user name in pseudo file system 12.If there is not received user name in pseudo file system 12, now perform step S7, if there is the user name received in pseudo file system 12, then get back to step S1, prompting inputs username and password again.
Step S7, received username and password is stored in pseudo file system 12 by memory module 104.In other embodiments, received username and password also can be stored in real file system 11 simultaneously and (namely respectively store portion in pseudo file system 12 and real file system 11) by described memory module 104, but concrete memory location can not be identical with the position storing the username and password of validated user in this real file system 11, in order to avoid when disabled user inputs this username and password again, be judged as validated user at described step S2.
Step S5 is got back to after execution of step S7.After execution of step S7, described username and password is stored in pseudo file system 12 by memory module 104, so when this disabled user is again for logining described computing machine 1, as long as input identical described username and password namely can enter into pseudo file system and use described computing machine 1 for 12 times, enhance the fascination of pseudo file system 12.
As can be seen from process step of the present invention, accessing system 10 of the present invention checking draw be disabled user time, disabled user is cut into pseudo file system 12 times use computing machines 1, disabled user is thought by mistake and has successfully invaded this computing machine 1.Data file in real file system 11 can't be had influence on because disabled user operates this computing machine 1 for 12 times at pseudo file system, therefore, effectively prevent disabled user to the destruction of computing machine 1.On the other hand, owing to have recorded the username and password information that disabled user inputted in pseudo file system 12, identical user is inputted and encrypted message can enter into pseudo file system 12 when again logging in, enhance the fascination of pseudo file system 12, also can detect whether described computing machine 1 has been subjected to attack simultaneously.
Finally it should be noted that, above embodiment is only in order to illustrate technical scheme of the present invention and unrestricted, although with reference to preferred embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that, can modify to technical scheme of the present invention or equivalent replacement, and not depart from the spirit and scope of technical solution of the present invention.
Claims (10)
1. computer user's accessing system, is characterized in that, this system comprises:
Receiver module, inputs username and password for pointing out user and receives the username and password that user inputs; And
Execution module, judge that described user is as disabled user for working as according to received username and password, and there is this user name in described computing machine default pseudo file system, and password correct time, under described disabled user is switched to this pseudo file system, and be root directory by this pseudo file system carry, and call the Shell program performing this pseudo file system, to utilize the Shell process accepts of this pseudo file system and to perform the order of this disabled user under this pseudo file system.
2. computer user as claimed in claim 1 accessing system, is characterized in that, described execution module by described pseudo file system with tmpfs file system format carry for root directory.
3. computer user as claimed in claim 1 accessing system, it is characterized in that, described execution module is also in time judging described user as validated user according to received username and password, call the Shell program of the real file system performing described computing machine, to utilize the Shell process accepts of this real file system and to perform the order of described validated user under this real file system.
4. computer user as claimed in claim 1 accessing system, it is characterized in that, described pseudo file system utilizes BusyBox instrument to adopt static compilation, do not rely on other library file any, integrated commonly used command, and remove the order of fdisk, mount, su, sudo system management facility, the small-sized Linux file system constructed.
5. computer user as claimed in claim 1 accessing system, it is characterized in that, this system also comprises memory module, for when there is not described user name in described pseudo file system, is stored in described pseudo file system by described username and password.
6. computer user's accessing method, is characterized in that, the method comprises:
Receiving step, prompting user inputs username and password and receives the username and password that user inputs; And
First performs step, when judging that according to received username and password described user is as disabled user, and there is this user name in described computing machine default pseudo file system, and password correct time, under described disabled user is switched to this pseudo file system, and be root directory by this pseudo file system carry, and call the Shell program performing this pseudo file system, to utilize the Shell process accepts of this pseudo file system and to perform the order of this disabled user under this pseudo file system.
7. computer user as claimed in claim 6 accessing method, is characterized in that, described first perform step by described pseudo file system with tmpfs file system format carry for root directory.
8. computer user as claimed in claim 6 accessing method, it is characterized in that, the method also comprises:
Second performs step, in time judging described user as validated user according to received username and password, call the Shell program of the real file system performing described computing machine, to utilize the Shell process accepts of this real file system and to perform the order of described validated user under this real file system.
9. computer user as claimed in claim 6 accessing method, it is characterized in that, described pseudo file system utilizes BusyBox instrument to adopt static compilation, do not rely on other library file any, integrated commonly used command, and remove the order of fdisk, mount, su, sudo system management facility, the small-sized Linux file system constructed.
10. computer user as claimed in claim 6 accessing method, it is characterized in that, the method also comprises:
Storing step, when there is not described user name in described pseudo file system, is stored into described username and password in described pseudo file system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310628419.7A CN104680045A (en) | 2013-11-29 | 2013-11-29 | Computer user login system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310628419.7A CN104680045A (en) | 2013-11-29 | 2013-11-29 | Computer user login system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104680045A true CN104680045A (en) | 2015-06-03 |
Family
ID=53315077
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310628419.7A Pending CN104680045A (en) | 2013-11-29 | 2013-11-29 | Computer user login system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104680045A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105718171A (en) * | 2016-01-14 | 2016-06-29 | 广州杰赛科技股份有限公司 | Data processing method and terminal |
-
2013
- 2013-11-29 CN CN201310628419.7A patent/CN104680045A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105718171A (en) * | 2016-01-14 | 2016-06-29 | 广州杰赛科技股份有限公司 | Data processing method and terminal |
CN105718171B (en) * | 2016-01-14 | 2018-08-28 | 广州杰赛科技股份有限公司 | A kind of data processing method and terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11762979B2 (en) | Management of login information affected by a data breach | |
JP6227772B2 (en) | Method and apparatus for protecting a dynamic library | |
CN111695156A (en) | Service platform access method, device, equipment and storage medium | |
US9977897B2 (en) | System and method for detecting stack pivot programming exploit | |
CN110445769B (en) | Access method and device of business system | |
US10389710B2 (en) | Method and system for extracting characteristic information | |
EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
CN108960830A (en) | Dispositions method, device, equipment and the storage medium of intelligent contract | |
US10176317B2 (en) | Method and apparatus for managing super user password on smart mobile terminal | |
CN109995523B (en) | Activation code management method and device and activation code generation method and device | |
US11652818B2 (en) | Method and apparatus for accessing service system | |
US9223974B2 (en) | Anti-viral compiler | |
CN105825131A (en) | Computer security startup protection method on basis of UEFI (Unified Extensible Firmware Interface) | |
US12069166B2 (en) | Quorum-based authorization | |
CN106507300A (en) | A kind of method for giving loss terminal for change, device and terminal | |
US10719456B2 (en) | Method and apparatus for accessing private data in physical memory of electronic device | |
CN114205156A (en) | Message detection method and device for tangent plane technology, electronic equipment and medium | |
WO2020233044A1 (en) | Plug-in verification method and device, and server and computer-readable storage medium | |
CN104680045A (en) | Computer user login system and method | |
US11863561B2 (en) | Edge attestation for authorization of a computing node in a cloud infrastructure system | |
US11671422B1 (en) | Systems and methods for securing authentication procedures | |
CN105468964A (en) | Computer system and computer system operating method | |
CN113434217A (en) | Vulnerability scanning method and device, computer equipment and medium | |
JP2010237744A (en) | Information processing device, operation history acquisition method, and computer program | |
KR102700503B1 (en) | Method of providing remote security service and server performing the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150603 |