CN106850751A - Data uploading method and device - Google Patents
Data uploading method and device Download PDFInfo
- Publication number
- CN106850751A CN106850751A CN201611219424.2A CN201611219424A CN106850751A CN 106850751 A CN106850751 A CN 106850751A CN 201611219424 A CN201611219424 A CN 201611219424A CN 106850751 A CN106850751 A CN 106850751A
- Authority
- CN
- China
- Prior art keywords
- cookies
- length
- domain name
- file destination
- complete
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Abstract
The present invention provides a kind of data uploading method and device, belongs to field of computer technology.The method includes:Any domain name under for any browser, is locally obtaining the corresponding Cookies of any domain name;It is determined that the corresponding Cookies length of the Cookies for getting;According to Cookies length, the corresponding complete Cookies of any domain name is obtained;Complete Cookies is uploaded onto the server with file destination.The present invention by locally obtaining the corresponding Cookies of any domain name, it is determined that the corresponding Cookies length of the Cookies for getting.According to Cookies length, the corresponding complete Cookies of any domain name is obtained.File destination is filtered, complete Cookies is uploaded onto the server with file destination.Due to that can cause data upload imperfect because Cookies is long so as to avoid according to the corresponding complete Cookies of any domain name in the Cookies for locally getting, is obtained.Subsequent server can carry out subscriber authentication according to the complete Cookies for uploading, so as to be unlikely to cause authentication failed because Cookies is not complete or Cookies loses completely.
Description
Technical field
The present invention relates to field of computer technology, more particularly, to a kind of data uploading method and device.
Background technology
When Cookies is that user browses web sites, the text text being placed in subscriber computer hard disk or internal memory by Web server
Part, it can record the information such as user name, password, browsed webpage and the residence time of user.When user logs in again
During the website, the relevant information of user is learnt in website by reading the Cookies files in computer, it is possible to make corresponding
Action, for example, the page show welcome sign, or allow user without be input into username and password just directly log in etc..
Because Cookies carries user property, so that on to Web server during transmitting file (such as video or audio file), can be simultaneously
Cookies is carried to allow Web server to verify user identity.Based on the above, existing data uploading method master
If by domain name corresponding Cookies, the Cookies that will be got under direct access browser and files passe to service
Device.
Realize it is of the invention during, find prior art at least there is problems with:Due in the case where browser is obtained
During the corresponding Cookies of domain name, Cookies physical lengths may exceed the maximum Cookies length that browser be allowed, from
And can force to weed out the Cookies contents for exceeding when Cookies is long so that Cookies uncomplete contents in upload procedure
Or Cookies loses completely, and then it is imperfect to cause data to upload.
The content of the invention
The present invention provide it is a kind of overcome above mentioned problem or the data uploading method that solves the above problems at least in part and
Device.
According to an aspect of the present invention, there is provided a kind of data uploading method, the method includes:
Any domain name under for any browser, is locally obtaining the corresponding Cookies of any domain name;
It is determined that the corresponding Cookies length of the Cookies for getting;
According to Cookies length, the corresponding complete Cookies of any domain name is obtained;
Complete Cookies is uploaded onto the server with file destination.
According to another aspect of the present invention, there is provided a kind of data uploading device, the device includes:
First acquisition module, for any domain name under for any browser, locally obtaining, any domain name is corresponding
Cookies;
Determining module, for the corresponding Cookies length of Cookies for determining to get;
Second acquisition module, for according to Cookies length, obtaining the corresponding complete Cookies of any domain name;
Uploading module, for complete Cookies to be uploaded onto the server with file destination.
The beneficial effect brought of technical scheme that the application is proposed is:
By locally obtaining the corresponding Cookies of any domain name, it is determined that the corresponding Cookies of the Cookies for getting
Length.According to Cookies length, the corresponding complete Cookies of any domain name is obtained.By on complete Cookies and file destination
Reach server.Due to can according in the Cookies for locally getting, obtaining the corresponding complete Cookies of any domain name so that
Avoid causes data upload imperfect because Cookies is long.Subsequent server can be used according to the complete Cookies for uploading
Family authentication, so as to be unlikely to cause authentication failed because Cookies is not complete or Cookies loses completely.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of data uploading method of the embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of data uploading method of the embodiment of the present invention;
Fig. 3 is a kind of structural representation of data uploading device of the embodiment of the present invention.
Specific embodiment
With reference to the accompanying drawings and examples, specific embodiment of the invention is described in further detail.Hereinafter implement
Example is not limited to the scope of the present invention for illustrating the present invention.
When data are uploaded to server, in order to verify user identity, generally can be by Cookies together with file destination
Send to server.Wherein, file destination can be video file or audio file, and the present embodiment and subsequent embodiment be not to mesh
The type for marking file makees specific restriction.Existing data uploading method is mainly corresponding by domain name under direct access browser
Cookies, the Cookies that will be got directly uploads onto the server with file.
Because when data are uploaded, the physical length of Cookies may exceed the maximum Cookies that browser is allowed
Length, so as to when local Cookies is obtained, force to weed out the Cookies contents for exceeding, causes what is got
Cookies uncomplete contents are lost completely.Correspondingly, the Cookies contents for being uploaded in follow-up upload procedure be likely to it is incomplete or
Lose completely, it is imperfect so as to cause data to upload.
For the problems of the prior art, a kind of data uploading method is the embodiment of the invention provides.Referring to Fig. 1, this reality
The method flow for applying example offer includes:101st, for any browser under any domain name, locally obtaining any domain name correspondence
Cookies;102nd, the corresponding Cookies length of Cookies for getting is determined;103rd, according to Cookies length, obtain and appoint
The corresponding complete Cookies of one domain name;104th, complete Cookies and file destination are uploaded onto the server.
It should be noted that due to a certain domain name one Cookies of correspondence being typically under a certain browser, and this implementation
Example and subsequent embodiment are also that a Cookies is uploaded, so that the present embodiment and subsequent embodiment are mainly for one kind
A Cookies for domain name under browser, illustrates to its upload procedure.In actual implementation process, under any browser
Any domain name can be uploaded come to data using the method in the present embodiment and subsequent embodiment.
Wherein, the browser type that the present embodiment and subsequent embodiment are related to can be Google's browser, IE browser, fire
In fox browser or Opera browsers any one etc., the present embodiment and subsequent embodiment are not especially limited to this.Separately
Outward, domain name can be domain name of domain name, the domain name of music site or shopping website of video website etc., the present embodiment and follow-up reality
Apply example and also do not make specific restriction to domain name type.
Method provided in an embodiment of the present invention, by locally obtaining the corresponding Cookies of any domain name, it is determined that getting
The corresponding Cookies length of Cookies.According to Cookies length, the corresponding complete Cookies of any domain name is obtained.Will be complete
Whole Cookies uploads onto the server with file destination.Due to any domain name can be obtained according in the Cookies for locally getting
Corresponding complete Cookies, causes data upload imperfect so as to avoid because Cookies is long.Subsequent server can basis
The complete Cookies for uploading carries out subscriber authentication, and so as to be unlikely to because of Cookies, complete or Cookies does not lose completely
And cause authentication failed.
As a kind of alternative embodiment, it is determined that the corresponding Cookies length of the Cookies for getting, including:
It is determined that in the Cookies for getting predetermined symbol quantity;
Quantity according to predetermined symbol determines corresponding Cookies length.
Used as a kind of alternative embodiment, the quantity according to predetermined symbol determines corresponding Cookies length, including:
Resulting numerical value after adding 1 by the quantity of predetermined symbol, it is long as the corresponding Cookies of the Cookies for getting
Degree.
As a kind of alternative embodiment, according to Cookies length, the corresponding complete Cookies of any domain name, bag are obtained
Include:
For any domain name, the maximum Cookies length that any browser is allowed is obtained;
Maximum Cookies length and Cookies length are compared;
According to comparative result, the corresponding complete Cookies of any domain name is obtained.
As a kind of alternative embodiment, according to comparative result, the corresponding complete Cookies of any domain name is obtained, including:
When Cookies length and maximum Cookies equal lengths, to any domain of the corresponding server request of any domain name
The corresponding complete Cookies of name;
When Cookies length and maximum Cookies length are unequal, the Cookies that will be got is used as any domain name
Corresponding complete Cookies.
As a kind of alternative embodiment, before complete Cookies and file destination are uploaded onto the server, also include:
File destination is filtered.
As a kind of alternative embodiment, file destination is filtered, including:
Whether detection file destination is default file type;
When file destination is not default file type, stop uploading file destination.
As a kind of alternative embodiment, file destination is filtered, including:
Detect whether the size of file destination is more than predetermined threshold value;
When the size of file destination is more than predetermined threshold value, stop uploading file destination.
As a kind of alternative embodiment, complete Cookies is uploaded onto the server with file destination, including:
According to file destination, the coding of preset format is generated;
According to the type of any browser, coding and complete Cookies are uploaded onto the server.
Above-mentioned all optional technical schemes, can form alternative embodiment of the invention, herein no longer using any combination
Repeat one by one.
Based on the content in above-mentioned Fig. 1 correspondence embodiments, a kind of data uploading method is the embodiment of the invention provides.Referring to
Fig. 2, the method includes:201st, for any browser under any domain name, locally obtaining, any domain name is corresponding
Cookies;202nd, the corresponding Cookies length of Cookies for getting is determined;203rd, according to Cookies length, obtain any
The corresponding complete Cookies of domain name;204th, file destination is filtered;205th, complete Cookies and file destination are uploaded
To server.
Wherein, 201, for any browser under any domain name, locally obtaining the corresponding Cookies of any domain name.
For convenience of description, the present embodiment was uploaded by taking any one domain name under any kind browser as an example to data
Journey is illustrated.The present embodiment not to making specific restriction in the mode for locally obtaining the corresponding Cookies of any domain name, including but
It is not limited to:By calling preset interface, the corresponding Cookies of any domain name is locally being obtained.
Wherein, preset interface can be html interfaces, and the present embodiment is not especially limited to this.Specifically, the present embodiment
Corresponding Flash program can obtain the Cookies of domain name under browser by calling html interfaces.The process refer to as
Lower code (1):
ExternalInterface.call(function(){return window.document.cookie});
In above-mentioned code (1), Window refers to browser window, and Document is browser window document.
Cookies is typically stored in browser window document.
Wherein, 202 the corresponding Cookies length of Cookies for getting, is determined.
Cookies is typically the text being made up of character string one by one, so that Cookies has corresponding Cookies
The character string number included in length, i.e. Cookies.The present embodiment corresponding Cookies of Cookies that pair determination does not get
The mode of length makees specific restriction, including but not limited to:It is determined that in the Cookies for getting predetermined symbol quantity;According to pre-
If the quantity of symbol determines corresponding Cookies length.
Wherein, predetermined symbol can be not especially limited with branch, the present embodiment to this.Wall scroll character string in Cookies
Split by predetermined symbol, so as to being traveled through to Cookies, it may be determined that the number of predetermined symbol in Cookies, can with
Ground connection knows the bar number of character string in Cookies such that it is able to determine Cookies length.
The present embodiment does not make specific restriction to determining the mode of corresponding Cookies length according to the quantity of predetermined symbol,
Including but not limited to:Resulting numerical value after adding 1 by the quantity of predetermined symbol, it is corresponding as the Cookies for getting
Cookies length.
For example, so that predetermined symbol is as branch as an example.Because the last item character string is followed by no branch in Cookies
, so as to Jia 1 on the basis of branch quantity, it is long that resulting numerical value is the corresponding Cookies of the Cookies for getting
Degree.
Wherein, 203, according to Cookies length, the corresponding complete Cookies of any domain name is obtained.
From the content in Fig. 1 correspondence embodiments, because when data are uploaded, the physical length of Cookies may
More than the maximum Cookies length that browser is allowed, so as to when local Cookies is obtained, force to weed out to exceed
Cookies contents, cause the Cookies uncomplete contents for getting or lose completely.Therefore, this step is primarily to avoid
Such case occurs, to obtain complete Cookies.
The present embodiment is not to according to Cookies length, the mode for obtaining the corresponding complete Cookies of any domain name is made specifically
Limit, including but not limited to:For any domain name, the maximum Cookies length that any browser is allowed is obtained;By maximum
Cookies length is compared with Cookies length;According to comparative result, the corresponding complete Cookies of any domain name is obtained.
By the maximum Cookies length that the browser of each type is allowed all is different, so as in above-mentioned mistake
The information of acquisition browser, i.e., the maximum Cookies length that browser mark and the type browser are allowed are needed in journey.
For example, the IE7 and IE8 of Microsoft increase cookie is limited to each domain name 50.Each domain name of Firefox cookie is limited
Length processed is that 50, Opera each domain name cookie limited lengths are 30.
Wherein, during the information of specific acquisition browser, following code (2) is referred to:
ExternalInterface.call
("function BrowserAgent(){return navigator.userAgent;}")
After the maximum Cookies length that browser is allowed is got, can be by maximum Cookies length and Cookies
Length is compared.According to comparative result, the corresponding complete Cookies of any domain name is obtained.The present embodiment is not to according to comparing
As a result, the mode for obtaining the corresponding complete Cookies of any domain name makees specific restriction, including but not limited to:When Cookies length
During with maximum Cookies equal lengths, to the corresponding complete Cookies of any domain name any domain name of corresponding server request;
When Cookies length and maximum Cookies length are unequal, the Cookies that will be got is corresponding complete as any domain name
Whole Cookies.
In local preservation Cookies data, when Cookies length is long more than the maximum Cookies that browser is allowed
When spending, the part that meeting automatic rejection exceeds, and the maximum Cookies length allowed according to browser, locally preserving
Cookies data.Based on the above, can learn that the Cookies data lengths that ought locally preserve are allowed equal to browser
Maximum Cookies length when, illustrating the Cookies data of local preservation, to be likely to be rejecting institute behind part left
Cookies data, i.e., be incomplete in the Cookies data for locally getting.When the local Cookies data lengths for preserving
During the maximum Cookies length allowed less than browser, the Cookies data for illustrating local preservation be certainly it is complete,
It is also complete i.e. in the Cookies data for locally getting.
Based on described above, for any browser under any domain name, when Cookies length is long with maximum Cookies
When spending equal, due to there is a possibility that Cookies data and incomplete, and the Cookies that the domain name corresponding server is preserved
Data are complete, so that can be to the corresponding complete Cookies of the domain name corresponding server request domain name.Work as Cookies
When length is unequal with maximum Cookies length, then the Cookies that will directly can be got is corresponding complete as the domain name
Cookies.Because follow-up needs upload onto the server complete Cookies with file destination, for the ease of subsequently uploading, can be
Complete Cookies is assigned to variable newCookies in internal memory, the present embodiment is not especially limited to this.
The above-mentioned process for being compared maximum Cookies length and Cookies length, refers to following code (3):
Lose=n==n1true:false
Lose is to represent whether browser loses Cookie, and n is Cookie bar numbers, and n1 is allowed by the type browser
Cookie maximum bar numbers.
Cookies is uploaded with file destination because the present embodiment is mainly, and file destination exists for rubbish text
The possibility of part, so as to can filter to prevent to upload garbage files to file destination.Subsequent step is mainly to filtering rubbish
The process of rubbish file is illustrated.
Wherein, 204, file destination is filtered.
On the mode filtered to file destination, the present embodiment is not especially limited to this, including but not limited to such as
Lower two ways.
First way:Whether detection file destination is default file type;When file destination is not default file type
When, stop uploading file destination.
Because when file destination is uploaded, the type of generally upper transmitting file is specified, such that it is able to pass through to judge target
Whether file is default file type determines whether file destination is garbage files.Wherein, default file type can be
.png or .mp4 files etc., the present embodiment is not especially limited to this.
During specific implementation, can first initialization files system, monitoring file is chosen event, that is, detects that user's selection target is literary
The operation of part, the process refers to following code (4):
File=new FileReference ();
file.addEventListener(Event.SELECT,onFileSelect);
When file system selection event is triggered, file type character string can be obtained by flie.type and be assigned to become
Amount fileType.After file type character string is obtained, file type character string can be matched with default file type, from
And determining whether file destination is default file type, the process refers to following code (5):
TypeOk=fileType.index (" .x ")>1True:false
In above-mentioned code (5), TypeOk represents whether file type is legal, and fileType is file type character string, x
Represent default file type.
When TypeOk is illegal, i.e., when file destination is not default file type, can stop uploading file destination.Herein
Afterwards, user can be also pointed out to select correct file type, the present embodiment is not especially limited to this.
The second way:Detect whether the size of file destination is more than predetermined threshold value;When the size of file destination is more than pre-
If during threshold value, stopping uploading file destination.
Due to upload file destination when, file too conference blocking server, thus upper transmitting file eight-legged essay part size lead to
It is fixed to refer to.Therefore, it can the size according to file destination to determine whether file destination is garbage files.Wherein, preset
Threshold value can be configured according to the actual requirements, and the present embodiment is not especially limited to this.
During specific implementation, following code (6) is referred to:
SizeeOk=flie.size>xTrue:false;
In above-mentioned code (6), sizeeOk represents whether file size is legal, and flie.size is file size.X is represented
System sets file maximum number of byte, i.e. predetermined threshold value.If sizeeOk is illegal, i.e., the size of file destination is more than default
Threshold value, can stop uploading file destination.After this, can also point out the upper transmitting file of user excessive, the present embodiment is not made to have to this
Body is limited.
It should be noted that the mode that above two is filtered to file destination, may be selected wherein in actually implementing
Any one mode is filtered to file destination, file destination can also be filtered simultaneously by two ways, this reality
Example is applied to be not especially limited this.In addition, when being filtered to file destination using two ways simultaneously, which specifically first carries out
The mode of kind, the present embodiment is not especially limited to this.Specifically, file type of the first way to file destination can be first carried out
Filtered, then performed the second way and the size of file destination is filtered.Or, the execution second way can be first carried out
Size to file destination is filtered, then first way is filtered to the file type of file destination.
File is filtered by above-mentioned first way, some illegal type files can be rejected and uploaded, save clothes
Business device bandwidth.For example, server only receives picture upload, when the destination file format for uploading is video format, this can be blocked
The upload of video file.Massive band width can be taken because video file is uploaded, so as to server band can be saved by this way
It is wide.
File is filtered by the above-mentioned second way, larger file can be filtered out such that it is able to save clothes
The memory space of business device.In addition it is possible to avoid malicious user attack server.For example, server only receives the text in 10M
Part, when the file destination size for uploading is more than 10M, can block the upload of file destination.Due to uploading the file meeting more than 10M
A large amount of memory spaces of server are taken, so as to the memory space of server can be saved by this way.In addition it is possible to keep away
Exempt from malicious user by uploading the file attack server of large volume.
Wherein, 205, complete Cookies and file destination are uploaded onto the server.
It is not safe enough due to directly uploading file destination, so that file destination can be converted into coding, encoded by uploading
To realize the upload of file destination.Correspondingly, the present embodiment is not to complete Cookies and file destination uploaded onto the server
Mode makees specific restriction, including but not limited to:According to file destination, the coding of preset format is generated;According to any browser
Type, coding and complete Cookies are uploaded onto the server.
Wherein, the coding of preset format can be encoded for Base64, and the present embodiment does not make specific restriction to coded format.It is logical
Cross and file destination is converted into Base64 codings, it is possible to increase security when data are uploaded.
The process that file destination is converted to Base64 codings is referred into following code (7):
ByteArray=file.data;
FileString=Base64.encodeByteArray (data);
In above-mentioned code (7), the Base64 coded strings being after changing stored in variable FileString.
After the coding that file destination is converted into preset format, coding and complete Cookies can be uploaded onto the server.
When being uploaded to data, http agreements or Socket agreements etc. can be used, the present embodiment is not especially limited to this.
Further, since some type of browser are in upper transmitting file, such as red fox browser, the Flash of some versions
Player can systematically lose the Cookies in header file, so as to before file destination is uploaded, in addition it is also necessary to detect browser
Whether be the type browser.
For convenience of description, it is http agreements with host-host protocol, it is clear as red fox with the browser type that can lose Cookies
Look at as a example by device, before data are uploaded, can first detect whether current browser is red fox browser, specific detection process is referred to
Following code (8):
IsFix=BrowserInfo.index (" Firefox ")>1True:false;
In above-mentioned code (8), isFix indicates whether it is red fox browser, and BrowserInfo is in above-mentioned steps 203
The browser information for getting, i.e. browser are identified.The browser got by checking identifies whether to be " Firefox ", from
And can determine that whether the browser is red fox browser.
When isFix is false, represent that the browser is not red fox browser.By new URLRequestHeader
(" cookie ", newCookies) sets http request header, URLRequestHeader is assigned to
request.requestHeaders.Wherein, newCookies is the complete Cookies got in above-mentioned steps 203.
When isFix is true, represent that the browser is red fox browser.By by the attribute of URLVariables attributes
Value is set to newCookies, can allow in http upload requests and carry newCookies, is fire so as to avoid browser type
During fox browser, the Cookies in header file is lost.The process refers to following code (9):
URLVariables.cookie=newCookie;
By said process, can be in the case where no matter browser type be red fox browser, can be in http request
It is middle to force injection Cookies, i.e., complete Cookies is packed.Can be avoided in some situations by forcing injection Cookies
Under, Cookies loses causes the server cannot to verify.
After being packed to complete Cookies, file destination correspondence can be packed with URLVariables.fileData
Base64 coding.Finally, urlloader.load (req) can be started, so as to complete Cookies be uploaded to file destination
Server.
Method provided in an embodiment of the present invention, by locally obtaining the corresponding Cookies of any domain name, it is determined that getting
The corresponding Cookies length of Cookies.According to Cookies length, the corresponding complete Cookies of any domain name is obtained.To mesh
Mark file is filtered, and complete Cookies is uploaded onto the server with file destination.Due to can be according to locally getting
Cookies, obtains the corresponding complete Cookies of any domain name, causes data cannot to upload completely because Cookies is long so as to avoid
It is whole.Subsequent server can carry out subscriber authentication according to the complete Cookies for uploading, so as to be unlikely to because Cookies is not complete
Or Cookies loses and causes authentication failed completely.
In addition, being filtered to file destination by sampling two kinds of different modes, some illegal types can be rejected
Files passe, saves server bandwidth.In addition, additionally it is possible to filter out larger file, it is to avoid malicious user attacks service
Device such that it is able to save the memory space of server.
The browser type of Cookies may be lost finally, for those, by forcing injection in http request
Cookies, can avoid Cookies from losing and cause the server cannot to carry out subscriber authentication.
A kind of data uploading device is the embodiment of the invention provides, the device is used to perform above-mentioned Fig. 1 or Fig. 2 correspondence implementations
The data uploading method that example is provided.Referring to Fig. 3, the device includes:
First acquisition module 301, for any domain name under for any browser, is locally obtaining any domain name correspondence
Cookies;
Determining module 302, for the corresponding Cookies length of Cookies for determining to get;
Second acquisition module 303, for according to Cookies length, obtaining the corresponding complete Cookies of any domain name;
Uploading module 304, for complete Cookies to be uploaded onto the server with file destination.
As a kind of alternative embodiment, determining module 302, including:
First determining unit, the quantity of predetermined symbol in the Cookies got for determination;
Second determining unit, for determining corresponding Cookies length according to the quantity of predetermined symbol.
As a kind of alternative embodiment, the second determining unit, for adding 1 by the quantity of predetermined symbol after resulting number
Value, as the corresponding Cookies length of the Cookies for getting.
As a kind of alternative embodiment, the second acquisition module 303, including:
First acquisition unit, for for any domain name, obtaining the maximum Cookies length that any browser is allowed;
Comparing unit, for maximum Cookies length and Cookies length to be compared;
Second acquisition unit, for according to comparative result, obtaining the corresponding complete Cookies of any domain name.
As a kind of alternative embodiment, second acquisition unit, for when Cookies length and maximum Cookies length phases
Deng when, to the corresponding complete Cookies of any domain name any domain name of corresponding server request;When Cookies length and maximum
When Cookies length is unequal, the Cookies that will be got is used as the corresponding complete Cookies of any domain name.
Used as a kind of alternative embodiment, the device also includes:
Filtering module, for being filtered to file destination.
As a kind of alternative embodiment, filtering module, for detecting whether file destination is default file type;Work as target
When file is not default file type, stop uploading file destination.
As a kind of alternative embodiment, filtering module, for detecting the size of file destination whether more than predetermined threshold value;When
When the size of file destination is more than predetermined threshold value, stop uploading file destination.
As a kind of alternative embodiment, uploading module 304, for according to file destination, generating the coding of preset format;Root
According to the type of any browser, coding and complete Cookies are uploaded onto the server.
Device provided in an embodiment of the present invention, by locally obtaining the corresponding Cookies of any domain name, it is determined that getting
The corresponding Cookies length of Cookies.According to Cookies length, the corresponding complete Cookies of any domain name is obtained.To mesh
Mark file is filtered, and complete Cookies is uploaded onto the server with file destination.Due to can be according to locally getting
Cookies, obtains the corresponding complete Cookies of any domain name, causes data cannot to upload completely because Cookies is long so as to avoid
It is whole.Subsequent server can carry out subscriber authentication according to the complete Cookies for uploading, so as to be unlikely to because Cookies is not complete
Or Cookies loses and causes authentication failed completely.
In addition, being filtered to file destination by sampling two kinds of different modes, some illegal types can be rejected
Files passe, saves server bandwidth.In addition, additionally it is possible to filter out larger file, it is to avoid malicious user attacks service
Device such that it is able to save the memory space of server.
The browser type of Cookies may be lost finally, for those, by forcing injection in http request
Cookies, can avoid Cookies from losing and cause the server cannot to carry out subscriber authentication.
Finally, the present processes are only preferably embodiment, are not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvements made etc. should be included in protection of the invention
Within the scope of.
Claims (10)
1. a kind of data uploading method, it is characterised in that methods described includes:
Any domain name under for any browser, is locally obtaining the corresponding Cookies of any domain name;
It is determined that the corresponding Cookies length of the Cookies for getting;
According to the Cookies length, the corresponding complete Cookies of any domain name is obtained;
The complete Cookies is uploaded onto the server with file destination.
2. method according to claim 1, it is characterised in that the corresponding Cookies of Cookies that the determination gets
Length, including:
It is determined that in the Cookies for getting predetermined symbol quantity;
Quantity according to predetermined symbol determines corresponding Cookies length.
3. method according to claim 2, it is characterised in that the quantity according to predetermined symbol determines corresponding
Cookies length, including:
Resulting numerical value after adding 1 by the quantity of predetermined symbol, as the corresponding Cookies length of the Cookies for getting.
4. method according to claim 1, it is characterised in that described according to the Cookies length, obtains described any
The corresponding complete Cookies of domain name, including:
For any domain name, the maximum Cookies length that any browser is allowed is obtained;
The maximum Cookies length and the Cookies length are compared;
According to comparative result, the corresponding complete Cookies of any domain name is obtained.
5. method according to claim 4, it is characterised in that described according to comparative result, obtains any domain name pair
The complete Cookies for answering, including:
When the Cookies length is with the maximum Cookies equal lengths, please to the corresponding server of any domain name
Seek the corresponding complete Cookies of any domain name;
When the Cookies length is unequal with the maximum Cookies length, the Cookies that will be got is used as described
The corresponding complete Cookies of any domain name.
6. method according to claim 1, it is characterised in that described to upload the complete Cookies and file destination
To before server, also include:
The file destination is filtered.
7. method according to claim 6, it is characterised in that described to be filtered to the file destination, including:
Detect whether the file destination is default file type;
When the file destination is not default file type, stop uploading the file destination.
8. method according to claim 6, it is characterised in that described to be filtered to the file destination, including:
Detect the size of the file destination whether more than predetermined threshold value;
When the size of the file destination is more than predetermined threshold value, stop uploading the file destination.
9. method according to claim 1, it is characterised in that described to upload the complete Cookies and file destination
To server, including:
According to the file destination, the coding of preset format is generated;
According to the type of any browser, the coding and the complete Cookies are uploaded onto the server.
10. a kind of data uploading device, it is characterised in that described device includes:
First acquisition module, for any domain name under for any browser, locally obtaining, any domain name is corresponding
Cookies;
Determining module, for the corresponding Cookies length of Cookies for determining to get;
Second acquisition module, for according to the Cookies length, obtaining the corresponding complete Cookies of any domain name;
Uploading module, for the complete Cookies to be uploaded onto the server with file destination.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611219424.2A CN106850751B (en) | 2016-12-26 | 2016-12-26 | Data uploading method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611219424.2A CN106850751B (en) | 2016-12-26 | 2016-12-26 | Data uploading method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850751A true CN106850751A (en) | 2017-06-13 |
| CN106850751B CN106850751B (en) | 2019-06-21 |
Family
ID=59136581
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611219424.2A Active CN106850751B (en) | 2016-12-26 | 2016-12-26 | Data uploading method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106850751B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532824A (en) * | 2012-07-06 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Notification method, browser and server for instant communication message |
| CN103955477A (en) * | 2014-03-31 | 2014-07-30 | 北京奇虎科技有限公司 | Method for writing and reading Cookie information in browser, device and browser |
| EP2800317A1 (en) * | 2011-12-27 | 2014-11-05 | ZTE Corporation | Terminal device and user information synchronization method |
| CN105704120A (en) * | 2016-01-05 | 2016-06-22 | 中云网安科技(北京)有限公司 | Method for safe network access based on self-learning form |
-
2016
- 2016-12-26 CN CN201611219424.2A patent/CN106850751B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2800317A1 (en) * | 2011-12-27 | 2014-11-05 | ZTE Corporation | Terminal device and user information synchronization method |
| CN103532824A (en) * | 2012-07-06 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Notification method, browser and server for instant communication message |
| CN103955477A (en) * | 2014-03-31 | 2014-07-30 | 北京奇虎科技有限公司 | Method for writing and reading Cookie information in browser, device and browser |
| CN105704120A (en) * | 2016-01-05 | 2016-06-22 | 中云网安科技(北京)有限公司 | Method for safe network access based on self-learning form |
Non-Patent Citations (1)
| Title |
|---|
| 王永乐等: "《浅析Cookies欺骗攻击与防御策略》", 《信息技术》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106850751B (en) | 2019-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106302337B (en) | Vulnerability detection method and device | |
| US9680850B2 (en) | Identifying bots | |
| CN101388768B (en) | Method and device for detecting malicious HTTP request | |
| KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
| Ismail et al. | A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability | |
| CN101895516B (en) | Method and device for positioning cross-site scripting attack source | |
| CN104601540B (en) | A kind of cross site scripting XSS attack defence method and Web server | |
| US20070136809A1 (en) | Apparatus and method for blocking attack against Web application | |
| CN105760379B (en) | Method and device for detecting webshell page based on intra-domain page association relation | |
| US20100251371A1 (en) | Real-time malicious code inhibitor | |
| EP3991389B1 (en) | File upload control for client-side applications in proxy solutions | |
| US9230103B2 (en) | System and method for registering users for communicating information on a web site | |
| CN104767747A (en) | Click jacking safety detection method and device | |
| CN107463844B (en) | WEB Trojan horse detection method and system | |
| CN111628990A (en) | Attack recognition method and device and server | |
| KR101372906B1 (en) | Method and system to prevent malware code | |
| CN108282443B (en) | Crawler behavior identification method and device | |
| CN113420300A (en) | Method and system for detecting and defending file uploading vulnerability | |
| CN101901307B (en) | Method and device for detecting whether database is attacked by cross-site script | |
| CN111541687A (en) | Network attack detection method and device | |
| Barhoom et al. | A new server-side solution for detecting cross site scripting attack | |
| CN106850751A (en) | Data uploading method and device | |
| CN110851840A (en) | WEB backdoor detection method and device based on website vulnerability | |
| CN114329459A (en) | Browser protection method and device | |
| Duraisamy et al. | A server side solution for protection of web applications from cross-site scripting attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230821 Address after: 518000 Youyiju Lighting City, Shanglin Community, Yuanling Street, Futian District, Shenzhen City, Guangdong Province 4008, at the junction of Bagua Road and Nigang Road Patentee after: Shenzhen Hetang Huizhi Technology Co.,Ltd. Address before: 430000 Wuhan Donghu Development Zone, Wuhan, Hubei Province, No. 1 Software Park East Road 4.1 Phase B1 Building 11 Building Patentee before: WUHAN DOUYU NETWORK TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |