CN106209746A - A kind of safety service provides method and server - Google Patents
A kind of safety service provides method and server Download PDFInfo
- Publication number
- CN106209746A CN106209746A CN201510229740.7A CN201510229740A CN106209746A CN 106209746 A CN106209746 A CN 106209746A CN 201510229740 A CN201510229740 A CN 201510229740A CN 106209746 A CN106209746 A CN 106209746A
- Authority
- CN
- China
- Prior art keywords
- call request
- application
- user
- safety service
- sender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
This application provides a kind of safety service and server and method are provided, wherein, basic platform is for after receiving the call request that user applies for any one, call request is verified, and after call request is by checking, call request is transmitted to its application called, and the operation for its application called configures resource, each application is used to receive the call request that basic platform forwards, and according to call request, provide the user the business of security classes, requests verification and the service of resource distribution is provided for all application by basic platform unification, again because each applies in running, it is independently from other application, therefore, so, based on basic platform, numerous application can be built in theory, it is thus possible to improve safety service to provide the extensibility of server.
Description
Technical field
The application relates to electronic information field, and particularly relating to a kind of safety service provides and server.
Background technology
Safety equipment are collected by safe operation center (Security Operate Center, SOC) for one
The system of middle management (including that the running state monitoring concentrated, event acquisition analysis, security strategy issue).
Tradition SOC builds generally as a system, and for tradition SOC, this system is to close
, comprise asset management, security log management, incident management, workflow management, risk management in system
Etc. some modules, by the analysis to security log, produce security incident, then by security incident
Operation, drive the solution of safety problem, to reduce security risk.Visible, traditional SOC is
, wherein there is the coupling of various aspect between each function and call in one complicated system, thus mutually shadow
Ringing and restriction, after its function is accumulated to a certain degree, the complexity of system may surmount system itself
The scope that can bear, thus cause cannot continuing to increase new function.
Visible, there is the problem that Function Extension is limited in traditional SOC.
Summary of the invention
This application provides a kind of safety service and method and server are provided, it is therefore intended that solve traditional
The limited problem of Function Extension that SOC exists.
To achieve these goals, this application provides techniques below scheme:
A kind of safety service provides server, including:
Basic platform and at least one application, each at least one application described is applied and is being run
During, it is independently from other application;
Wherein, described basic platform is used for, and is receiving the call request that user applies for any one
After, described call request is verified, and after described call request is by checking, by described tune
It is transmitted to its application called, and the operation configuration resource of the application called for described call request with request;
Each application at least one application described is used to, and receives the tune that described basic platform forwards
With request, and according to described call request, provide the business of security classes for described user.
Alternatively, described basic platform includes for described call request is carried out checking:
Described basic platform specifically for, verify whether the network parameter of the sender of described call request closes
Method, verifies whether the sender of described call request is validated user and verifies sending out of described call request
Whether the side of sending has the authority calling this application;
Described call request, after in described call request by checking, is transmitted to by described basic platform
Its application called includes:
Described basic platform specifically for, the network parameter the sender of described call request is legal, institute
State the sender that sender is validated user and described call request of call request to have and call this application
Authority in the case of, described call request is transmitted to its application called.
Alternatively, the network parameter of the sender of described call request at least includes with the next item down:
The Internet protocol IP of the sender of described call request, uniform resource position mark URL and HTTP
The parameter of request.
Alternatively, described basic platform is additionally operable to:
In the case of the sender of described call request is validated user, use sending out of described call request
The current access data in the side of sending are replaced its history and are accessed data;
If described sender did not carry out access in preset time range, then delete described sender
History access data, the starting point of described preset time range be described sender access for the last time time
Carve.
Alternatively, the operation configuration resource of the described basic platform application for calling for described call request
Including:
Described basic platform specifically for, start the application that described call request is called bottom communication connect,
Database connection pool and caching connect.
Alternatively, described basic platform is additionally operable to:
Receive described user any one amendment applied is instructed, and according to described amendment instruction, treat
The application of amendment is updated.
Alternatively,
Each application described all includes: the door of this application, the static file of this application, this application
Living document and this application mastery routine;
Described basic platform is additionally operable to: by Rendering, utilizes described static file and described dynamic literary composition
Part, generates door of each application described, and after the call request of described user is by checking, to
Described user shows the door of the application that described call request calls.
Alternatively, also include:
First operation control module, applies in maximum fortune respective, that pre-set for controlling each
Running in the range of row resource regulation, described maximum resource of running at least includes with the next item down: attachable
The quantity of data base, the quantity of the thread that can run, the applications of internal memory that can take and file read-write
Frequency.
Alternatively, also include:
Second operation control module, applies at access right respective, that pre-set for controlling each
Limit accesses file or data, and/or, control each and apply at access right respective, that pre-set
Access cache space in limit.
Alternatively, if running any one application can realize some functions, the most described some functions belong to
Same default field.
Alternatively, described basic platform is additionally operable to:
The list of the function comprised in described application and described application is shown to described user.
Alternatively, described basic platform is additionally operable to:
In the case of described user is login user, show that the use with described user is practised to described user
Used relevant individual character list.
A kind of safety service provides method, including:
Safety service provides server any one application receiving during user applies at least one
Call request after, described call request is verified;
After described call request is by checking, described call request is transmitted to its application called, and
Operation configuration resource for the application that described call request is called;
By running the application that described call request is called, provide the business of security classes for described user.
Alternatively, described safety service provides server described call request is carried out checking to include:
Described safety service provides whether the network parameter of the sender of call request described in server authentication closes
Method, verifies whether the sender of described call request is validated user and verifies sending out of described call request
Whether the side of sending has the authority calling this application;
Described safety service offer server is after described call request is by checking, by described call request
It is transmitted to its application called include:
Network parameter the sender of described call request is legal, the sender of described call request is conjunction
In the case of the sender of method user and described call request has the authority calling this application, described peace
Full-service provides server that described call request is transmitted to its application called.
Alternatively, also include:
Described safety service provide server controls each apply in maximum fortune respective, that pre-set
Running in the range of row resource regulation, described maximum resource of running at least includes with the next item down: attachable
The quantity of data base, the quantity of the thread that can run, the applications of internal memory that can take and file read-write
Frequency.
Alternatively, also include:
Described safety service provide server controls each apply at access right respective, that pre-set
Limit accesses file or data, and/or, control each and apply at access right respective, that pre-set
Access cache space in limit.
Alternatively, also include:
Described safety service provides server to show to described user to comprise in described application and described application
The list of function, and, in the case of described user is login user, show and institute to described user
State the individual character list that the use habit of user is relevant.
Safety service described herein provides server to include basic platform and at least one application, its
In, basic platform is for after receiving the call request that user applies for any one, to described tune
Verify with request, and after described call request is by checking, call request is transmitted to it and adjusts
Application, and the operation for its application called configures resource, and each application is used to receive described
The call request that basic platform forwards, and according to call request, provide the business of security classes for described user,
Visible, during any one application is invoked, basic platform complete call request is tested
Card process and be the process of application configuration resource, therefore, applies for each, only need to pay close attention to safety
Class business itself, and the process of requests verification and resource distribution is all concentrated on basic platform,
It is to say, provided requests verification and the service of resource distribution by basic platform unification for all application,
Again because each applies in running, it is independently from other application, therefore, herein described
Safety service provide server there is the framework that technology separates with business, on the basis of this framework,
Because each other without nested and call in each application running, so, based on basic platform,
Numerous application can be built in theory such that it is able to improving safety service provides the extensibility of server.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to reality
Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below,
Accompanying drawing in description is only some embodiments of the application, for those of ordinary skill in the art,
On the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 a kind of safety service disclosed in the embodiment of the present application provides the structural representation of server;
Basic platform functional realiey in Fig. 2 safety service offer server disclosed in the embodiment of the present application
Flow chart;
The logic knot of the basic platform in Fig. 3 safety service offer server disclosed in the embodiment of the present application
Structure schematic diagram;
Fig. 4 another safety service disclosed in the embodiment of the present application provides the structural representation of server;
The structural representation of the APP in Fig. 5 safety service offer server disclosed in the embodiment of the present application;
Fig. 6 is the schematic diagram of safe operation door disclosed in the embodiment of the present application.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out
Clearly and completely describe, it is clear that described embodiment is only some embodiments of the present application, and
It is not all, of embodiment.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Go out the every other embodiment obtained under creative work premise, broadly fall into the scope of the application protection.
The embodiment of the present application discloses a kind of safety service and provides server, as it is shown in figure 1, include: base
Plinth platform 101 and at least one application 102 (Application, APP).In the present embodiment, with APP-1,
As a example by APP-2 ... APP-N.
Wherein, the function of basic platform 101 is concentrated mainly on provides public function or service into each application,
I.e. basic platform is for after receiving the call request that user applies for any one, to call request
Verify, and after described call request is by checking, described call request is transmitted to it and calls
Application, and the application called for described call request operation configuration resource.
Specifically, basic platform 101 realizes the specific implementation of function above as in figure 2 it is shown, include
Following steps:
S201: receive the call request that user applies for any one;
In the present embodiment, specifically, the logical structure of basic platform can be as shown in Figure 3, it may be assumed that basis
Platform provides Web service ability, and user can be by based on HTML (Hypertext Markup Language) (HyperText
Transfer Protocol, http) call request (Request) access basic platform.Basic platform passes through
URL (Uniform Resource Locator, URL) maps, by call request (Request)
It is given to corresponding class (class) process.Meanwhile, in " Request hook " the inside, can intercept all
Call request, and call request is followed the steps below described processing procedure.
S202: the network parameter of the sender of checking call request is the most legal, if it is, perform S203,
If it is not, then end flow process;
In the present embodiment, network parameter can include the Internet protocol IP of the sender of call request, system
The parameter of one URLs URL and HTTP request is (such as
http://127.0.0.1/test/abc?A=1&b=2, wherein a and b is exactly the parameter of HTTP request) in one
Item or multinomial.Specifically, IP can be verified whether according to the IP white list pre-set and/or blacklist
Legal, can come whether authentication URL request comprises attack according to the parameter of HTTP request, such as, as
Parameter really comprises the character of<script>etc, it is possible to (XSS attack refers to Cross to there is XSS attack
Site Scripting, malicious attacker inserts malice html code, when user browses this in Web page
When Ye, being embedded the html code inside Web can be performed, thus reaches malicious attack user's
Specific purposes).Wherein it is possible to IP white list and/or blacklist, legal URL and parameter are packaged in
In rescue bag, it is arranged in the way of plug-in unit on basic platform, it is possible to according to actual demand, it is carried out
Amendment or renewal, (Cross-site request forgery, across station, request is forged, and is such as to increase CSRF
A kind of malicious exploitation to website.It utilizes trust by the request pretended from trusted user
Website.) attaching filtering plug-in unit prevent CSRF attack etc..
S203: whether the sender of checking call request is validated user, if it is, perform S204, as
The most no, return log-in interface, after user logs in, again perform S203;
Specifically, login user can be defined as validated user, using the user being not logged in as not conforming to
Method user.
S204: whether the sender of checking call request has the authority calling this application, if it is, hold
Row S205, if it does not, remind user without calling authority;
S205: described call request is transmitted to its application called;
S206: start the bottom communication connection of the application that call request is called, database connection pool and delay
Deposit connection.
Wherein, bottom communication connection refers to that (two programs on network pass through one pair to most basic socket
To communication connection realize the exchange of data, this one end connected is referred to as a socket) connect.
In addition to above-mentioned steps, alternatively, in the present embodiment, in S203, if checking call request
Sender whether be validated user, then after S203, basic platform can also carry out following steps:
The access data that the sender of S207: use call request is current replace its history access data;
S208: if described sender did not carry out access in preset time range, then delete described
The history of sender accesses data, and the starting point of described preset time range is that described sender visits for the last time
The moment asked.
Specifically, access data and can include user name and the landing time of sender.It is to say, use
Landing time after family logs in every time, before using current landing time to replace, it is therefore intended that record user
Access situation, if user does not accesses for a long time, then need it again to log in, if at Preset Time model
Again access in enclosing, then can be thus user-friendly in order to avoid logging in.
It is more than the function of basic platform in the present embodiment, it is seen then that in the present embodiment, basic platform can
There is provided the unified service for checking credentials and resource distribution for each APP, and APP only need to pay close attention to business itself and is
Can.
In the present embodiment, each APP102 is used for: receives the call request that basic platform forwards, and depends on
According to described call request, provide the user the business of security classes.Such as, APP can be security breaches fortune
Battalion platform, intrusion detection operation platform etc..
Further, each APP, in running, is independently from other application, say, that every
One APP is individuality independent of each other, does not has coupled relation in logic each other, each APP
Issue reach the standard grade or roll off the production line, do not interfere with other APP, thus form the independence of verticalization one by one
System.Function within APP also can be established one's own system, can be by business characteristic designed, designed.
From the foregoing, it will be seen that the safety service described in the present embodiment provides server, use " flat
Platform+APP " pattern build, with traditional safe operation system (system refers to by interacting,
The organic whole with specific function that complementary some ingredients are combined into) compare, framework
On change with having carried out essence because basic platform assume responsibility for each APP call request checking and money
The public service of source configuration, and each APP independent operating, therefore, based on basic platform, can add
APP quantity theoretically for, there is no the upper limit, therefore, it is possible to be greatly improved safety service
The extensibility of server is provided, and, because each APP is provided service by basic platform, so,
There is the convenience of natural proximities and association, therefore, it is possible to carry between the data that each APP produces
High safety service provides the efficiency of Server development.
The embodiment of the present application another safety service disclosed provides server, compared with above-described embodiment,
Embodiment adds the control module that APP runs, to improve the safety that APP runs.
As shown in Figure 4, the safety service described in the present embodiment provides server to include: basic platform 101,
At least one APP the 102, first operation control module 103 and second operation control module 104.
Wherein, the function of basic platform 101 and APP is same as the previously described embodiments, repeats no more here.
Stress the first operation control module 103 and function of the second operation control module 104 below:
Wherein, the first operation control module 103, be used for controlling each apply respective, pre-set
Maximum operation run in the range of resource regulation, wherein, maximum resource of running at least includes with the next item down:
The quantity of attachable data base, the quantity of the thread that can run, the applications of internal memory that can take and
The frequency of file read-write.Such as, the quantity of the maximum attachable data base of certain APP is 5, then at this
In the running of APP, after the quantity of its data base connected reaches 5, then first run module
The data base's that it can be made to connect by certain mode (such as, forbid this APP reconnect data base)
Quantity is less than 5.
In the present embodiment, maximum resource of running can be preset by user, it is also possible to is run control by first
Molding block is according to the situation sets itself of system.
Second operation control module 104, applies in access respective, that pre-set for controlling each
Authority accesses file or data, and/or, control each and apply in access respective, that pre-set
Access cache space in authority.
It is to say, the second operation control module can limit each APP to significant data, file
Access, it is also possible to limit each APP access to spatial cache, prevent any one APP from illegally getting over
Boundary accesses sensitive data or the file of other APP.These sensitive datas or file, both included leaving number in
According to the data in storehouse or file, also include data in file or file, the data also including in caching or
File.Can realize by the way of black and/or white list sensitive data or file management and control, black and/
Or white list can online updating.
Similarly, access rights can also be preset by user, or is depended on by the first operation control module
Situation sets itself according to system.
In the present embodiment, the first operation control module and the second operation control module are considered as " APP sand
Case ", its object is to build relatively independent running environment to each APP, it is to avoid different APP
Interfering with each other or resource contention on same platform, can either ensure the Effec-tive Function of APP, can protect again
The safe operation of card APP.
It should be noted that in actual applications, the first operation control module and the second operation control module
Demand flexible configuration can be regarded, both can use one, it is also possible to both of which is selected.
The embodiment of the present application another safety service disclosed provides server, on the basis of above-described embodiment
On, in the present embodiment, it is preferred that emphasis is improve the experience of user.
The structure at the safe operation center described in the present embodiment is same as shown in Figure 4, with above-described embodiment not
With, in the present embodiment, if running any one APP can realize some functions, the most described some
Function belongs to same default field.It is to say, in the present embodiment, by function combinations identical for field
Together, an APP is formed.
Compared with piling up in menus at different levels with identity function in traditional SOC, an APP represents a neck
The mode in territory, facilitates user to be quickly found out APP interested, and user can only focus on this APP, thus
Improve efficiency.
In the present embodiment, as it is shown in figure 5, each APP may each comprise: the door of this APP, this
The static file of APP, the living document of this APP and the mastery routine of this APP.Wherein, door is similar to
The homepage of APP or entrance, it is provided that feature navigator and the shortcut menu of critical function, figure, form etc..
Static file mainly includes static page, pattern, picture etc..Template file is used for providing dynamic page energy
Power and dynamic display effect.Mastery routine provides the backstage of the function comprised in APP to realize with interface and realizes.
In above section, only APP door is that user is visible.
In the present embodiment, basic platform is in addition to the function described in above-described embodiment, it is also possible to have exhibition
Show APP and revise the function of APP:
Specifically, basic platform can pass through Rendering, utilizes described static file and described dynamic literary composition
Part, generates the door of each APP.
Further, the function that basic platform it is also possible that have comprises in APP and each APP to
Family centralized displaying, forms safe operation door, and as shown in Figure 6, safe operation door includes each APP,
Each APP includes various functions, and, in the case of user is login user, basic platform is also
The individual character list relevant to the use habit of this user can be shown to login user.Such as, as in Fig. 6
Shown in, individual character list is to act on behalf item, my concern, security bulletin and the quick district etc. of common function.
Wherein, backlog is used for the operation work order merging active user at each APP (operation platform), convenient
Lead directly to each operation platform efficiently and process work order;My concern is used for merging active user in each APP (fortune
Battalion's platform) operation data, including data interested, chart, report, alert;Security bulletin is used
Announce in the hot information of each APP of fusion (operation platform), such as leak, security incident bulletin etc.;Often
It is used for merging the function menu that active user is the most frequently used in each APP (operation platform) by function, it is provided that
Quick passage, supports self-defined (next version).
For a user, the every safety service that collectively constitutes shown in Fig. 6 provides the safety fortune of server
Row door.User can select certain APP in safe operation door, selects (such as clicking on) user
After certain APP, basic platform receives user's call request to this APP, and to this call request
Verifying, if the verification passes, user can enter in the door of this APP, and operates accordingly
(such as selecting a certain function), the operation of the mastery routine response user of APP.Basic platform is this APP
Operation configuration resource..
Basic platform can also receive user and instruct the amendment of any one APP, and according to described amendment
Instruction, is updated application to be modified.That is: basic platform provides each APP online modification self to join
The ability put, and realize the real-time update of configuration.
Safety service described in the present embodiment provides server, it is possible to show to user with field division
APP, further, it is possible to carried out good mutual by safe operation door and user, user-friendly,
Thus improve the experience of user.
Safety service described in above-described embodiment provides server, can be arranged in safe operation in the minds of,
That is: safe operation center includes that safety service provides server and client side, and client carries to safety service
Sending application invocation request for server, to apply for safety service, safety service provides server according to upper
State function, respond call request, to provide safety service to client.
The embodiment of the present application also discloses a kind of safety service and provides method, can apply at above-described embodiment
Described safety service provides in server, comprises the following steps:
A: safety service provides server to answer in any one received during user applies at least one
Call request after, described call request is verified;
B: safety service provides server after described call request is by checking, described call request is turned
Issue its application called, and the operation configuration resource of the application called for described call request;
C: safety service provides the application that server is called by the described call request of operation, for described user
The business of security classes is provided.
Specifically, safety service provides the specific implementation that described call request is verified by server
Can be: verify that the network parameter of the sender of described call request is the most legal that calling described in checking please
Whether the sender asked is validated user and whether the sender verifying described call request has and call this
The authority of application.In the case, safety service provide server described call request by checking after,
The specific implementation that described call request is transmitted to its application called can be: please described calling
The network parameter of the sender asked is legal, the sender of described call request is validated user and described tune
Having with the sender of request in the case of calling this authority applied, described safety service provides server
Described call request is transmitted to its application called.
Alternatively, the present embodiment can also comprise the following steps:
D: safety service provide server controls each apply in maximum operation respective, that pre-set
Running in the range of resource regulation, described maximum resource of running at least includes with the next item down: attachable number
According to the quantity in storehouse, the quantity of thread that can run, the applications of internal memory that can take and file read-write
Frequency.
E: safety service provide server controls each apply in access rights respective, that pre-set
Middle access file or data, and/or, control each and apply in access rights respective, that pre-set
Middle access cache space.
F: safety service provides server to show the merit comprised in described application and described application to described user
The list of energy, and, in the case of described user is login user, show with described to described user
The individual character list that the use habit of user is relevant.
Method described in the present embodiment can improve safety service provides the extensibility of server.
If the function described in the embodiment of the present application method realizes and as solely using the form of SFU software functional unit
When vertical production marketing or use, a calculating device-readable can be stored in and take in storage medium.Based on
Such understanding, part that prior art is contributed by the embodiment of the present application or the portion of this technical scheme
Dividing and can embody with the form of software product, this software product is stored in a storage medium, bag
Include some instructions with so that calculating equipment (can be personal computer, server, mobile computing
Equipment or the network equipment etc.) perform all or part of step of method described in each embodiment of the application.
And aforesaid storage medium includes: USB flash disk, portable hard drive, read only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or light
The various medium that can store program code such as dish.
In this specification, each embodiment uses the mode gone forward one by one to describe, and each embodiment stresses
Being the difference with other embodiments, between each embodiment, same or similar part sees mutually.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses
The application.Multiple amendment to these embodiments will be aobvious and easy for those skilled in the art
See, generic principles defined herein can in the case of without departing from spirit herein or scope,
Realize in other embodiments.Therefore, the application is not intended to be limited to the embodiments shown herein,
And it is to fit to the widest scope consistent with principles disclosed herein and features of novelty.
Claims (15)
1. a safety service provides server, it is characterised in that including:
Basic platform and at least one application, each at least one application described is applied and is being run
During, it is independently from other application;
Wherein, described basic platform is used for, and is receiving the call request that user applies for any one
After, described call request is verified, and after described call request is by checking, by described tune
It is transmitted to its application called, and the operation configuration resource of the application called for described call request with request;
Each application at least one application described is used to, and receives the tune that described basic platform forwards
With request, and according to described call request, provide the business of security classes for described user.
Safety service the most according to claim 1 provides server, it is characterised in that described basis
Platform includes for described call request is carried out checking:
Described basic platform specifically for, verify whether the network parameter of the sender of described call request closes
Method, verifies whether the sender of described call request is validated user and verifies sending out of described call request
Whether the side of sending has the authority calling this application;
Described call request, after in described call request by checking, is transmitted to by described basic platform
Its application called includes:
Described basic platform specifically for, the network parameter the sender of described call request is legal, institute
State the sender that sender is validated user and described call request of call request to have and call this application
Authority in the case of, described call request is transmitted to its application called.
Safety service the most according to claim 2 provides server, it is characterised in that described basis
Platform is additionally operable to:
In the case of the sender of described call request is validated user, use sending out of described call request
The current access data in the side of sending are replaced its history and are accessed data;
If described sender did not carry out access in preset time range, then delete described sender
History access data, the starting point of described preset time range be described sender access for the last time time
Carve.
4. provide server according to the safety service described in any one of claims 1 to 3, it is characterised in that
Described basic platform is additionally operable to:
Receive described user any one amendment applied is instructed, and according to described amendment instruction, treat
The application of amendment is updated.
5. provide server according to the safety service described in any one of claims 1 to 3, it is characterised in that
Each application described all includes: the door of this application, the static file of this application, this application
Living document and this application mastery routine;
Described basic platform is additionally operable to: by Rendering, utilizes described static file and described dynamic literary composition
Part, generates door of each application described, and after the call request of described user is by checking, to
Described user shows the door of the application that described call request calls.
Safety service the most according to claim 1 provides server, it is characterised in that also include:
First operation control module, applies in maximum fortune respective, that pre-set for controlling each
Running in the range of row resource regulation, described maximum resource of running at least includes with the next item down: attachable
The quantity of data base, the quantity of the thread that can run, the applications of internal memory that can take and file read-write
Frequency.
7. provide server according to the safety service described in claim 1 or 6, it is characterised in that also wrap
Include:
Second operation control module, applies at access right respective, that pre-set for controlling each
Limit accesses file or data, and/or, control each and apply at access right respective, that pre-set
Access cache space in limit.
Safety service the most according to claim 1 provides server, it is characterised in that if run
Any one application can realize some functions, and the most described some functions belong to same default field.
9. provide server according to the safety service described in claim 1 or 8, it is characterised in that described
Basic platform is additionally operable to:
The list of the function comprised in described application and described application is shown to described user.
Safety service the most according to claim 9 provides server, it is characterised in that described base
Plinth platform is additionally operable to:
In the case of described user is login user, show that the use with described user is practised to described user
Used relevant individual character list.
11. 1 kinds of safety services provide method, it is characterised in that including:
Safety service provides server any one application receiving during user applies at least one
Call request after, described call request is verified;
Safety service provides server after described call request is by checking, described call request is forwarded
The application called to it, and the operation configuration resource of the application called for described call request;
Safety service provides server by running the application that described call request is called, and carries for described user
Business for security classes.
12. methods according to claim 11, it is characterised in that described safety service provides service
Device carries out checking to described call request and includes:
Described safety service provides whether the network parameter of the sender of call request described in server authentication closes
Method, verifies whether the sender of described call request is validated user and verifies sending out of described call request
Whether the side of sending has the authority calling this application;
Described safety service offer server is after described call request is by checking, by described call request
It is transmitted to its application called include:
Network parameter the sender of described call request is legal, the sender of described call request is conjunction
In the case of the sender of method user and described call request has the authority calling this application, described peace
Full-service provides server that described call request is transmitted to its application called.
13. methods according to claim 11, it is characterised in that also include:
Described safety service provide server controls each apply in maximum fortune respective, that pre-set
Running in the range of row resource regulation, described maximum resource of running at least includes with the next item down: attachable
The quantity of data base, the quantity of the thread that can run, the applications of internal memory that can take and file read-write
Frequency.
14. according to the method described in claim 11 or 13, it is characterised in that also include:
Described safety service provide server controls each apply at access right respective, that pre-set
Limit accesses file or data, and/or, control each and apply at access right respective, that pre-set
Access cache space in limit.
15. methods according to claim 11, it is characterised in that also include:
Described safety service provides server to show to described user to comprise in described application and described application
The list of function, and, in the case of described user is login user, show and institute to described user
State the individual character list that the use habit of user is relevant.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510229740.7A CN106209746B (en) | 2015-05-07 | 2015-05-07 | Security service providing method and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510229740.7A CN106209746B (en) | 2015-05-07 | 2015-05-07 | Security service providing method and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106209746A true CN106209746A (en) | 2016-12-07 |
CN106209746B CN106209746B (en) | 2019-12-27 |
Family
ID=57459912
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510229740.7A Active CN106209746B (en) | 2015-05-07 | 2015-05-07 | Security service providing method and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209746B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107204982A (en) * | 2017-06-13 | 2017-09-26 | 成都四方伟业软件股份有限公司 | Interactive data system universal safety guard system |
CN108259429A (en) * | 2016-12-29 | 2018-07-06 | 航天信息股份有限公司 | A kind of method and system controlled for software distribution |
CN108833565A (en) * | 2018-06-26 | 2018-11-16 | 浙江齐聚科技有限公司 | A kind of method, apparatus of monitoring server, server and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
CN102819596A (en) * | 2012-08-13 | 2012-12-12 | 福建邮科通信技术有限公司 | Location comprehensive service platform system |
CN102958166A (en) * | 2011-08-29 | 2013-03-06 | 华为技术有限公司 | Resource allocation method and resource management platform |
CN103973642A (en) * | 2013-01-30 | 2014-08-06 | 中国电信股份有限公司 | Method and device for realizing JS API security access control |
CN104519008A (en) * | 2013-09-26 | 2015-04-15 | 北大方正集团有限公司 | Cross-site scripting attack defense method and device and application server |
-
2015
- 2015-05-07 CN CN201510229740.7A patent/CN106209746B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
CN102958166A (en) * | 2011-08-29 | 2013-03-06 | 华为技术有限公司 | Resource allocation method and resource management platform |
CN102819596A (en) * | 2012-08-13 | 2012-12-12 | 福建邮科通信技术有限公司 | Location comprehensive service platform system |
CN103973642A (en) * | 2013-01-30 | 2014-08-06 | 中国电信股份有限公司 | Method and device for realizing JS API security access control |
CN104519008A (en) * | 2013-09-26 | 2015-04-15 | 北大方正集团有限公司 | Cross-site scripting attack defense method and device and application server |
Non-Patent Citations (1)
Title |
---|
赖睿: "运营商IP网安全管理平台SOC的设计与工程实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108259429A (en) * | 2016-12-29 | 2018-07-06 | 航天信息股份有限公司 | A kind of method and system controlled for software distribution |
CN108259429B (en) * | 2016-12-29 | 2021-01-29 | 航天信息股份有限公司 | Method and system for controlling software distribution |
CN107204982A (en) * | 2017-06-13 | 2017-09-26 | 成都四方伟业软件股份有限公司 | Interactive data system universal safety guard system |
CN107204982B (en) * | 2017-06-13 | 2019-02-05 | 成都四方伟业软件股份有限公司 | Interactive data system universal safety guard system |
CN108833565A (en) * | 2018-06-26 | 2018-11-16 | 浙江齐聚科技有限公司 | A kind of method, apparatus of monitoring server, server and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106209746B (en) | 2019-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Imgraben et al. | Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users | |
CN103607385B (en) | Method and apparatus for security detection based on browser | |
CN104247329B (en) | The safety of the device of cloud service is asked to be remedied | |
CN105512559B (en) | It is a kind of for providing the method and apparatus of accession page | |
CN103916244B (en) | Verification method and device | |
CN110463161A (en) | For accessing the password state machine of locked resource | |
CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
CN109309666A (en) | Interface security control method and terminal device in a kind of network security | |
CN107624238A (en) | To the safe access control of the application based on cloud | |
CN102368257A (en) | Cross-site scripts prevention in dynamic contents | |
US20170085567A1 (en) | System and method for processing task resources | |
CN106341234A (en) | Authorization method and device | |
CN103745160B (en) | Supervisor password management method and device on intelligent mobile terminal | |
CN104506487A (en) | Credible execution method for privacy policy in cloud environment | |
CN106453266A (en) | Abnormal networking request detection method and apparatus | |
US20150067772A1 (en) | Apparatus, method and computer-readable storage medium for providing notification of login from new device | |
CN104639521A (en) | Application safety verification method and system, application server and application client | |
CN105354482A (en) | Single sign-on method and device | |
Young et al. | BadVoice: Soundless voice-control replay attack on modern smartphones | |
CN106209918A (en) | The method of a kind of internet security management and terminal | |
CN106209746A (en) | A kind of safety service provides method and server | |
US10826901B2 (en) | Systems and method for cross-channel device binding | |
CN106302519A (en) | The method of a kind of internet security management and terminal | |
Wedman et al. | An analytical study of web application session management mechanisms and HTTP session hijacking attacks | |
Rathinavel et al. | Security concerns and countermeasures in IoT-integrated smart buildings |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |