CN105635046A - Database command line filtering and audit blocking method and device - Google Patents
Database command line filtering and audit blocking method and device Download PDFInfo
- Publication number
- CN105635046A CN105635046A CN201410588938.XA CN201410588938A CN105635046A CN 105635046 A CN105635046 A CN 105635046A CN 201410588938 A CN201410588938 A CN 201410588938A CN 105635046 A CN105635046 A CN 105635046A
- Authority
- CN
- China
- Prior art keywords
- sql statement
- module
- packet
- key message
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The present invention provides a database command line filtering and audit blocking method and device. The method and device comprise: an audit engine is configured to send database operation events to a special structured query language (SQL) statement parse module; the SQL statement operation of the database events is subjected to real-time capture, identification and classification; the key information data packet of the SQL statement is sent to a detection module; the detection module is configured to compare the key information data packet of the SQL statement pre-defined blocking strategy in an audit strategy generation module; illegal key information and legal key information in the key information data packet of the SQL statement are detected; the illegal key information is sent to the data packet modification module for modification, and the legal key information is sent to a forwarding module for forwarding; and the illegal key information is modified to legal key information and then is sent to the data packet forwarding module for forwarding. The database command line filtering and audit blocking method and device are able to ensure the blocking of a special SQL statement and cannot disconnect the whole link.
Description
Technical field
The present invention relates to data base's firewall services of field of information security technology, particularly relate to a kind of database command row and filter, block auditing method and device.
Background technology
Existing boundary defence safety product and solution all adopt Passive Defence technology, cannot fundamentally solving the encountered security threat of each organising data database data and risk, the database security equipment solving database data safety need special fundamentally solves problem of data safety. Thus this kind of database security initiative type safeguard technology of data base's fire wall arises at the historic moment, and this system deployment is between application server and data base, and user must flow through this system and data base could be conducted interviews or manage. The initiative type safeguard technology that data base's fire wall adopts can actively monitor in real time, identification, alarm, stop walk around the external data of enterprise network boundary protection attack, come from the data theft of high authority user of inside, destruction, damage etc., technological layer from database SQL statement Precise control, a kind of active safety defensive measure is provided, and, in conjunction with the safe access control rule independent of data base, user is helped to tackle from inside and outside data security threat.
For the technology from database SQL statement Precise control in data base's fire wall, mainly comprise precisely resolving and alarm after contact or blocking processing of SQL statement. (publication number is patent: CN103778185A) " a kind of SQL statement analytic method for database audit system and system " provides and audited according to information crucial in SQL statement, but do not comprise resource account in session, client host, the important informations such as database name, and could not block for illegal operation. Additionally, in more existing database audit methods, dangerous SQL statement has been blocked, but close session, other the legal SQL statement causing user also cannot perform, therefore, needing now one badly can block illegal operation, can not interrupt again the database audit method of session link.
Summary of the invention
In order to solve the problems referred to above, the present invention proposes a kind of database command row and filters, blocks auditing method and device, it is possible to ensure the blocking-up for specific SQL SQL statement, without disconnecting whole link.
In order to achieve the above object, the present invention proposes a kind of database command row and filters, blocks auditing method, and the method includes:
The database manipulation event of Database Events is sent into special SQL SQL statement parsing module by auditing engine.
The SQL statement of Database Events is operated and carries out captured in real time, identification, classification by SQL statement parsing module; And the key message packet of SQL statement is sent to detection module.
Detection module by the key message packet of SQL statement compared with blocking strategy predefined in audit strategy generation module; Detect the illegal key message in the key message packet of SQL statement and legal key message.
The transmission of illegal key message is modified by detection module to packet modified module, and the transmission of legal key message is forwarded to packet forwarding module.
Packet modified module sends after illegal key message is revised as legal key message to packet forwarding module and forwards.
Preferably, illegal key message is modified and is referred to by packet modified module: packet modified module is according to the original position of SQL statement in the packet of previous protocol solution new record, one or more fields of amendment SQL statement, the packet that structure makes new advances.
Preferably, SQL statement parsing module the SQL statement of described Database Events is operated carry out captured in real time, identification, classification are to realize by the High-level content of database access carries out fine-grained control of authority and filtering.
Preferably, the key message packet of SQL statement includes following information: the table name in SQL statement field, target column name, condition row name, condition train value, Instance Name.
Preferably, blocking strategy refers to: audit strategy generation module according to user use scene information the field of described SQL statement is comprised client-side program name, data base, table, order, target column name, condition row name, condition train value definition rule set.
The present invention also proposes a kind of database command row and filters, blocks audit device, and this device includes: auditing engine, SQL SQL statement parsing module, detection module, audit strategy generation module, packet modified module, packet forwarding module.
Auditing engine, for sending the database manipulation event of Database Events into special described SQL statement parsing module.
SQL statement parsing module, carries out captured in real time, identification, classification for the SQL statement of Database Events is operated; And the key message packet of SQL statement is sent to detection module.
Detection module, is used for the key message packet of SQL statement compared with blocking strategy; Detect the illegal key message in the key message packet of SQL statement and legal key message; It is additionally operable to send to packet modified module illegal key message, and legal key message is sent to packet forwarding module.
Audit strategy generation module, is used for predefining blocking strategy.
Packet modified module, for sending to packet forwarding module after illegal key message is revised as legal key message.
Packet forwarding module is for forwarding legal key message.
Preferably, illegal key message is modified and is referred to by packet modified module: packet modified module is the original position of SQL statement according to the packet of previous protocol solution new record, one or more fields of amendment SQL statement, the packet that structure makes new advances.
Preferably, SQL statement parsing module the SQL statement of Database Events is operated carry out captured in real time, identification, classification are to realize by the High-level content of database access carries out fine-grained control of authority and filtering.
Preferably, the key message packet of SQL statement includes following information: the table name in SQL statement field, target column name, condition row name, condition train value, Instance Name.
Preferably, blocking strategy refers to: audit strategy generation module according to user use scene information the field of described SQL statement is comprised client-side program name, data base, table, order, target column name, condition row name, condition train value definition rule set.
Compared with prior art, the present invention includes: the database manipulation event of Database Events is sent into special SQL statement parsing module by auditing engine; The SQL statement operation of Database Events is carried out captured in real time, identification, classification; And the key message packet of SQL statement is sent to detection module; Detection module by the key message packet of described SQL statement compared with blocking strategy predefined in audit strategy generation module; Detect the illegal key message in the key message packet of SQL statement and legal key message; The transmission of illegal key message is modified by detection module to packet modified module, and the transmission of described legal key message is forwarded to packet forwarding module; Illegal key message is sent to described packet forwarding module and forwards after being revised as legal key message. The present invention is analyzed by HTTP protocol, legal SQL operation is allowed to pass through according to predefined forbidding with admission policy, block illegal violation operation, form the peripheral rings of defense of data base, realize the active prevention of SQL risky operation, real-time auditing, ensure the blocking-up for specific SQL statement, without disconnecting whole link.
Accompanying drawing explanation
Below the accompanying drawing in the embodiment of the present invention being illustrated, the accompanying drawing in embodiment is for a further understanding of the present invention, is used for explaining the present invention, is not intended that limiting the scope of the invention together with description.
Fig. 1 is that tradition illegal operation blocks scheme;
Fig. 2 is that the present invention filters based on the database command row revised with packet spoof, block function realizes principle;
Fig. 3 is that the present invention filters, blocks the structured flowchart of audit device based on the database command row revised with packet spoof;
Fig. 4 is that the present invention filters, blocks the deployment topologies figure of audit device based on the database command row revised with packet spoof.
Detailed description of the invention
For the ease of the understanding of those skilled in the art, below in conjunction with accompanying drawing, the invention will be further described, can not be used for limiting the scope of the invention.
The present invention proposes a kind of database command row and filters, blocks auditing method, as in figure 2 it is shown, the method comprises the following steps:
Step S101, the database manipulation event of Database Events is sent into special SQL SQL statement parsing module by auditing engine.
This module comprises morphology resolver and grammar parser, and other key message resolves, such as database name, user rs host name, resource account, response time length etc. Lexical analyzer is mainly made up of a series of regular expressions with instruction, and these instructions determine the corresponding actions after matching regular expressions. For improving resolution speed, this module all of regular expression can be translated into the internal form of definitiveness finite automaton and based on context free grammar finds out in SQL statement relation between each field in syntax analyzer, thus the table name analyzed in SQL statement, target column name, condition row name, condition train value, every key message such as Instance Name.
Step S102, the SQL statement of described Database Events is operated and carries out captured in real time, identification, classification by SQL statement parsing module; And the key message packet of SQL statement is sent to detection module.
Preferably, SQL statement parsing module the SQL statement of Database Events is operated carry out captured in real time, identification, classification are to realize by the High-level content of database access carries out fine-grained control of authority and filtering.
Traditional fire wall is arranged between network layer, and for strengthening accessing the software and hardware protective measure controlled, but Internet can only be controlled by traditional fire wall, it is impossible to the High-level content of database access is carried out fine-grained control and filtration. Data base's fine granularity auditing system is arranged between the application and the database, for strengthening the software and hardware protective measure of Access and control strategy of database.
The present invention be directed to a kind of database security initiative type safeguard technology of relevant database protection demand; one of its Core Feature is fine granularity control of authority; namely include selecting Select, input Insert, upgrading Update, deleting Delete according to SQL action type; object owner, and carry out control of authority based on table, view object, row.
Risk management and control model just can be passed through based on above SQL statement parsing module and fine granularity mechanism of authorization control based, actively monitor database activity, prevent undelegated database access, SQL injection, authority or role's upgrading and the unauthorized access etc. to sensitive data.
Preferably, the key message packet of SQL statement includes following information: the table name in described SQL statement field, target column name, condition row name, condition train value, Instance Name.
Step S103, detection module by the key message packet of described SQL statement compared with blocking strategy predefined in audit strategy generation module; Detect the illegal key message in the key message packet of SQL statement and legal key message;
Preferably, blocking strategy refers to: audit strategy generation module according to user use scene information the field of described SQL statement is comprised client-side program name, data base, table, order, target column name, condition row name, condition train value definition rule set.
The scheme that the illegal operation commonly used on market blocks is by sending the closedown link of the form of reset RST. RST is one of 6 marks in transmission control protocol TCP stem, represents and resets connection, reset connection. When sending the closedown connection of RST bag, it is not necessary to wait the bag of relief area all to send out, the bag directly just abandoning buffer area sends RST bag. And after receiving terminal receives RST bag, also need not send confirmation ACK bag confirms, as shown in Figure 1.
Although the method can block illegal operation by the form of closedown link, but therefore link is also interrupted, if a validated user is because maloperation causes that link disconnects, other legal operations cannot be further continued for, therefore can not set up rule set according to the application scenarios that user is actual flexibly, be truly realized the speciality according to order and block. We match with user-defined blocking strategy according to the key message of SQL statement parser generation by auditing system, related command is blocked by the form with packet spoof that is modified, but whole session is not interrupted, after can also continue to perform other order.
Step S104, the transmission of illegal key message is modified by detection module to packet modified module, and the transmission of legal key message is forwarded to packet forwarding module;
Preferably, illegal key message is modified and is referred to by packet modified module: packet modified module is the original position of SQL statement according to the packet of previous protocol solution new record, one or more fields of amendment SQL statement, the packet that structure makes new advances.
Data in his-and-hers watches " Person " are not allowed to delete in user configured strategy, SQL statement in one tcp data bag can enter packet modified module for " DELETEFROMPersonWHERELastName='Wilson' ", in the data packet re-constructed, SQL statement will for " ELETEFROMPersonWHERELastName='Wilson' ", and other fields in packet are constant.
So after amendment, be equivalent to user and all can become ELETE operation for all deletion DELETE operation in " Person " tables of data. And so the SQL statement of form can cannot be identified by database server, therefore cannot be performed, reach the purpose blocked. Legal operation is then directly forwarded by module, is unaffected.
Step S105, packet modified module sends after illegal key message is revised as legal key message to packet forwarding module and forwards.
One specific embodiment of the inventive method is as described below:
Step S201, builds the audit device of serial as shown in Figure 4 in a network.
Step S202, database client accesses database server and passes through serial device.
Step S203, sets up Event Policies.
Step S204, claims for the newly-built rule set name of specific data base, such as inscriptions on bones or tortoise shells oracle database agreement.
Step S205, increase by a rule for rule set Oracle, rule configuration can carry out at " add Oracle rule " interface, wherein can according to parameter configuration blocking strategy such as client-side program name, database name, table name, command types, if configuration order is DELETE.
Step S206, increases response mode, selects order to block.
Step S207, a newly-built Event Policies, select rule set and the response mode just now set up.
Step S208, distributing policy.
Step S209, by client executing respective statement, such as " DELETEFROMPersonWHERELastName='Wilson' ", this statement will appear from syntax error and can not perform, this sql statement order blocks and realizes, and other types such as SELECT, INSERT, UPDATE statement will normally perform.
The present invention also proposes a kind of database command row and filters, blocks audit device 01, as it is shown on figure 3, described device includes: auditing engine 02, SQL SQL statement parsing module 03, detection module 04, audit strategy generation module 05, packet modified module 06, packet forwarding module 07;
Auditing engine 02, for sending the database manipulation event of Database Events into special described SQL statement parsing module 03;
SQL statement parsing module 03, carries out captured in real time, identification, classification for the SQL statement of Database Events is operated; And the key message packet of SQL statement is sent to described detection module 04;
Preferably, SQL statement parsing module 03 SQL statement of Database Events is operated carry out captured in real time, identification, classification are to realize by the High-level content of database access carries out fine-grained control of authority and filtering.
Preferably, the key message packet of SQL statement includes following information: the table name in SQL statement field, target column name, condition row name, condition train value, Instance Name.
Detection module 04, is used for the key message packet of SQL statement compared with blocking strategy; Detect the illegal key message in the key message packet of SQL statement and legal key message; It is additionally operable to send to packet modified module 06 illegal key message, and legal key message is sent to packet forwarding module 07;
Preferably, this blocking strategy refers to: audit strategy generation module 05 according to user use scene information the field of SQL statement is comprised client-side program name, data base, table, order, target column name, condition row name, condition train value definition rule set.
Audit strategy generation module 05, is used for predefining this blocking strategy.
Packet modified module 06, for sending to packet forwarding module 07 after illegal key message is revised as legal key message;
Preferably, illegal key message is modified and is referred to by packet modified module: packet modified module is according to the original position of SQL statement in the packet of previous protocol solution new record, one or more fields of amendment SQL statement, the packet that structure makes new advances.
Packet forwarding module 07, for forwarding legal key message.
Methods and apparatus of the present invention is suitable for the data base of current popular and reinforces and protection very much, analyzed by HTTP protocol, legal SQL operation is allowed to pass through according to predefined forbidding with admission policy, block illegal violation operation, form the peripheral rings of defense of data base, it is achieved the active prevention of SQL risky operation, real-time auditing. Ensure the blocking-up for specific SQL statement, without disconnecting whole link.
It should be noted that; embodiment described above is for only for ease of those skilled in the art and understands; it is not limited to protection scope of the present invention; under the premise without departing from the inventive concept of the present invention, those skilled in the art to the made any apparent replacement and improvement etc. of the present invention all within protection scope of the present invention.
Claims (10)
1. a database command row filters, blocks auditing method, it is characterised in that described method includes:
The database manipulation event of Database Events is sent into special SQL SQL statement parsing module by auditing engine;
The SQL statement of described Database Events is operated and carries out captured in real time, identification, classification by described SQL statement parsing module; And the key message packet of described SQL statement is sent to detection module;
Described detection module by the key message packet of described SQL statement compared with blocking strategy predefined in audit strategy generation module; Detect the illegal key message in the key message packet of described SQL statement and legal key message;
The transmission of described illegal key message is modified by described detection module to packet modified module, and the transmission of described legal key message is forwarded to packet forwarding module;
Described packet modified module sends extremely described packet forwarding module and forwards after described illegal key message is revised as described legal key message.
2. the method for claim 1, it is characterized in that, described illegal key message is modified and is referred to by described packet modified module: described packet modified module is the original position of SQL statement according to the packet of previous protocol solution new record, revise one or more fields of described SQL statement, the packet that structure makes new advances.
3. the method for claim 1, it is characterized in that, described SQL statement parsing module the SQL statement of described Database Events is operated carry out captured in real time, identification, classification are to realize by the High-level content of database access carries out fine-grained control of authority and filtering.
4. the method for claim 1, it is characterised in that the key message packet of described SQL statement includes following information: the table name in described SQL statement field, target column name, condition row name, condition train value, Instance Name.
5. the method for claim 1, it is characterized in that, described blocking strategy refers to: described audit strategy generation module according to user use scene information the field of described SQL statement is comprised client-side program name, data base, table, order, target column name, condition row name, condition train value definition rule set.
6. a database command row filters, blocks audit device, it is characterized in that, described device includes: auditing engine, SQL SQL statement parsing module, detection module, audit strategy generation module, packet modified module, packet forwarding module;
Described auditing engine, for sending the database manipulation event of Database Events into special described SQL statement parsing module;
Described SQL statement parsing module, carries out captured in real time, identification, classification for the SQL statement of described Database Events is operated; And the key message packet of described SQL statement is sent to described detection module;
Described detection module, is used for the key message packet of described SQL statement compared with blocking strategy; Detect the illegal key message in the key message packet of described SQL statement and legal key message; It is additionally operable to send to described packet modified module described illegal key message, and described legal key message is sent to described packet forwarding module;
Described audit strategy generation module, is used for predefining described blocking strategy;
Described packet modified module, for sending to described packet forwarding module after described illegal key message is revised as described legal key message;
Described packet forwarding module is for forwarding described legal key message.
7. device as claimed in claim 1, it is characterized in that, described illegal key message is modified and is referred to by described packet modified module: described packet modified module is the original position of SQL statement according to the packet of previous protocol solution new record, revise one or more fields of described SQL statement, the packet that structure makes new advances.
8. device as claimed in claim 1, it is characterized in that, described SQL statement parsing module the SQL statement of described Database Events is operated carry out captured in real time, identification, classification are to realize by the High-level content of database access carries out fine-grained control of authority and filtering.
9. device as claimed in claim 1, it is characterised in that the key message packet of described SQL statement includes following information: the table name in described SQL statement field, target column name, condition row name, condition train value, Instance Name.
10. device as claimed in claim 1, it is characterized in that, described blocking strategy refers to: described audit strategy generation module according to user use scene information the field of described SQL statement is comprised client-side program name, data base, table, order, target column name, condition row name, condition train value definition rule set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410588938.XA CN105635046B (en) | 2014-10-28 | 2014-10-28 | A kind of filtering of database command row blocks auditing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410588938.XA CN105635046B (en) | 2014-10-28 | 2014-10-28 | A kind of filtering of database command row blocks auditing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105635046A true CN105635046A (en) | 2016-06-01 |
| CN105635046B CN105635046B (en) | 2019-05-17 |
Family
ID=56049552
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410588938.XA Active CN105635046B (en) | 2014-10-28 | 2014-10-28 | A kind of filtering of database command row blocks auditing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105635046B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107491538A (en) * | 2017-08-23 | 2017-12-19 | 成都安恒信息技术有限公司 | A kind of storing process order of DB2 database and parameter value extracting method |
| CN107797916A (en) * | 2016-11-14 | 2018-03-13 | 平安科技(深圳)有限公司 | DDL sentences checking method and device |
| CN107861969A (en) * | 2017-09-14 | 2018-03-30 | 平安普惠企业管理有限公司 | Sentence amending method, scanning platform and computer-readable recording medium |
| CN109063013A (en) * | 2018-07-11 | 2018-12-21 | 北京安数云信息技术有限公司 | A kind of behavior database operation blocking-up method and device |
| CN109408499A (en) * | 2018-10-22 | 2019-03-01 | 福建星瑞格软件有限公司 | A kind of auditing method and system of matching database access user |
| CN109800240A (en) * | 2018-12-13 | 2019-05-24 | 平安科技(深圳)有限公司 | SQL statement classifying method, device, computer equipment and storage medium |
| CN110865926A (en) * | 2019-11-20 | 2020-03-06 | 珠海格力电器股份有限公司 | Database system and control method thereof |
| CN111177112A (en) * | 2019-12-06 | 2020-05-19 | 陕西上讯信息技术有限公司 | Database blocking method and device based on operation and maintenance management system and electronic equipment |
| CN113158226A (en) * | 2021-03-05 | 2021-07-23 | 北京中安星云软件技术有限公司 | Method and system for realizing postGreSQL database audit based on SSL connection |
| CN115879162A (en) * | 2023-02-27 | 2023-03-31 | 北京景安云信科技有限公司 | Illegal operation alarm blocking system for database monitoring |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1352428A (en) * | 2001-11-29 | 2002-06-05 | 上海复旦光华信息科技股份有限公司 | Bypass access control system based on SQL statement |
| US20140006342A1 (en) * | 2012-06-27 | 2014-01-02 | Thomas Love | Systems for the integrated design, operation and modification of databases and associated web applications |
| CN103761233A (en) * | 2013-10-18 | 2014-04-30 | 北京奇虎科技有限公司 | Method, device and system for processing database operation request |
| CN103778185A (en) * | 2013-12-27 | 2014-05-07 | 北京天融信软件有限公司 | SQL statement parsing method and system used for database auditing system |
| US20140230070A1 (en) * | 2013-02-14 | 2014-08-14 | Microsoft Corporation | Auditing of sql queries using select triggers |
| CN104008349A (en) * | 2014-04-28 | 2014-08-27 | 国家电网公司 | Database security access control method and system |
-
2014
- 2014-10-28 CN CN201410588938.XA patent/CN105635046B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1352428A (en) * | 2001-11-29 | 2002-06-05 | 上海复旦光华信息科技股份有限公司 | Bypass access control system based on SQL statement |
| US20140006342A1 (en) * | 2012-06-27 | 2014-01-02 | Thomas Love | Systems for the integrated design, operation and modification of databases and associated web applications |
| US20140230070A1 (en) * | 2013-02-14 | 2014-08-14 | Microsoft Corporation | Auditing of sql queries using select triggers |
| CN103761233A (en) * | 2013-10-18 | 2014-04-30 | 北京奇虎科技有限公司 | Method, device and system for processing database operation request |
| CN103778185A (en) * | 2013-12-27 | 2014-05-07 | 北京天融信软件有限公司 | SQL statement parsing method and system used for database auditing system |
| CN104008349A (en) * | 2014-04-28 | 2014-08-27 | 国家电网公司 | Database security access control method and system |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107797916B (en) * | 2016-11-14 | 2020-04-28 | 平安科技(深圳)有限公司 | DDL statement auditing method and device |
| CN107797916A (en) * | 2016-11-14 | 2018-03-13 | 平安科技(深圳)有限公司 | DDL sentences checking method and device |
| CN107491538A (en) * | 2017-08-23 | 2017-12-19 | 成都安恒信息技术有限公司 | A kind of storing process order of DB2 database and parameter value extracting method |
| CN107861969A (en) * | 2017-09-14 | 2018-03-30 | 平安普惠企业管理有限公司 | Sentence amending method, scanning platform and computer-readable recording medium |
| CN107861969B (en) * | 2017-09-14 | 2020-10-02 | 平安普惠企业管理有限公司 | Statement modification method, scanning platform and computer-readable storage medium |
| CN109063013A (en) * | 2018-07-11 | 2018-12-21 | 北京安数云信息技术有限公司 | A kind of behavior database operation blocking-up method and device |
| CN109408499A (en) * | 2018-10-22 | 2019-03-01 | 福建星瑞格软件有限公司 | A kind of auditing method and system of matching database access user |
| CN109408499B (en) * | 2018-10-22 | 2022-10-11 | 福建星瑞格软件有限公司 | Auditing method and system for matching database access users |
| CN109800240A (en) * | 2018-12-13 | 2019-05-24 | 平安科技(深圳)有限公司 | SQL statement classifying method, device, computer equipment and storage medium |
| CN109800240B (en) * | 2018-12-13 | 2024-03-22 | 平安科技(深圳)有限公司 | SQL sentence classifying method, device, computer equipment and storage medium |
| CN110865926A (en) * | 2019-11-20 | 2020-03-06 | 珠海格力电器股份有限公司 | Database system and control method thereof |
| CN111177112A (en) * | 2019-12-06 | 2020-05-19 | 陕西上讯信息技术有限公司 | Database blocking method and device based on operation and maintenance management system and electronic equipment |
| CN113158226A (en) * | 2021-03-05 | 2021-07-23 | 北京中安星云软件技术有限公司 | Method and system for realizing postGreSQL database audit based on SSL connection |
| CN115879162A (en) * | 2023-02-27 | 2023-03-31 | 北京景安云信科技有限公司 | Illegal operation alarm blocking system for database monitoring |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105635046B (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105635046A (en) | Database command line filtering and audit blocking method and device | |
| CN107454109B (en) | Network privacy stealing behavior detection method based on HTTP traffic analysis | |
| CN104063473B (en) | A kind of database audit monitoring system and its method | |
| CN112291232B (en) | Safety capability and safety service chain management platform based on tenants | |
| CN104166812A (en) | Database safety access control method based on independent authorization | |
| CN104809405B (en) | The leakage-preventing method of structural data assets based on classification | |
| EP2951955B1 (en) | Method and system for protecting web applications against web attacks | |
| US11436358B2 (en) | Data based web application firewall | |
| CN104394122B (en) | A kind of HTTP business fire walls based on Adaptive proxy mechanism | |
| CN112187792A (en) | Network information safety protection system based on internet | |
| CN103795735B (en) | Safety means, server and server info safety implementation method | |
| CN110443048A (en) | Data center looks into number system | |
| CN109462599B (en) | Honeypot management system | |
| US8683220B2 (en) | System and method for securing database activity | |
| CN107566363A (en) | A kind of SQL injection attack guarding method based on machine learning | |
| CN104954384B (en) | A kind of url mimicry methods of protection Web applications safety | |
| CN105704120B (en) | A method of the secure access network based on self study form | |
| CN114003943B (en) | Safe double-control management platform for computer room trusteeship management | |
| US20190245880A1 (en) | Exception remediation logic rolling platform | |
| CN109787964B (en) | Process behavior tracing device and method | |
| US11265340B2 (en) | Exception remediation acceptable use logic platform | |
| US11303678B2 (en) | Determination and autocorrection of modified security policies | |
| CN105260378A (en) | Database audit method and device | |
| CN105893376A (en) | Database access supervision method | |
| CN104821949A (en) | Signature-based SQL tamper-proof protection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |