CN106970939A - A kind of database audit method and its system - Google Patents
A kind of database audit method and its system Download PDFInfo
- Publication number
- CN106970939A CN106970939A CN201710077935.3A CN201710077935A CN106970939A CN 106970939 A CN106970939 A CN 106970939A CN 201710077935 A CN201710077935 A CN 201710077935A CN 106970939 A CN106970939 A CN 106970939A
- Authority
- CN
- China
- Prior art keywords
- translation unit
- reply
- statement
- action statement
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2452—Query translation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2452—Query translation
- G06F16/24524—Access plan code generation and invalidation; Reuse of access plans
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
Abstract
The embodiment of the present invention provides a kind of database audit method and its auditing system.Wherein, methods described includes:Recognized by feature database, request message is distributed into corresponding action statement translation unit;The request message is parsed by the action statement translation unit, action statement is generated and caches;Recognized by feature database, message will be replied and distributed into corresponding reply translation unit;The reply message is parsed by the reply translation unit, corresponding return analysis result is generated;Merge the action statement and return to analysis result, generate operation note.Pass through the parsing of feature database knowledge otherwise with different resolution units, the depth audit of SQL statement, object accesses and multidimensional data group access can be realized, record the operation content and related returning result of different clients ending tool, it is ensured that the safe and stable operation of database.
Description
Technical field
The present invention relates to database audit technical field, more particularly to a kind of database audit method and its system.
Background technology
With the development of network technology, storage device technology, high efficiency read-write, high concurrent reading of the people for mass data
Write, the high scalability of data and availability, transaction consistency, read-write real-time, complexity SQL, particularly multilist correlation inquiry etc.
Demand increasingly increase.
In relevant database, the main reason for causing poor performance is the correlation inquiry of multilist, and complicated
The complicated SQL report querys of data analysis type.In order to ensure the ACID characteristics of database, it is necessary to as far as possible according to the model of its requirement
Formula is designed, and the table in relevant database is all the data structure for storing a formatting.
The composition of each tuple field is just as, even if not being that each tuple is required for all fields, but database
All fields can be distributed for each tuple, such structure can be in order to carry out linking etc. operation, but from another between poster table
It is also a factor of relevant database performance bottleneck for one angle.
Based on above reason, non-relational database is occurred in that, such as mainstream product therein:Cach é databases
(product of Intersystems companies of the U.S.).Cach é are mainly used in medical treatment, financial service, government and other many necks
There is provided data management, strategic interoperability and analysis platform technology in domain.It is used as non-relational database, Cach é appearance
Although solving a series of problems of relevant database presence well, it brings huge to database audit work
Challenge.It is either domestic or external for the research and application of the security audit technology of Cach é databases, all in compared with
For the state of blank.
During the application is realized, inventor has found that correlation technique has problems with:The usually audit to database
The operation content for database is mainly extracted by good application Packet analyzing.In traditional Relational DataBase, operation
All it is to meet by ANSI and International Organization for standardization (International Standards Organization, ISO) conduct
The SQL standard of the standard cares of ISO/IEC 9075.It therefore, it can parse tradition by the agreement defined inside " SQL standard "
SQL statement.
But for Cach é database non-relational databases, it is not complied with " SQL standard " simultaneously, therefore use tradition
Protocol analysis can not carry out complete security audit to Cach é databases, it is impossible to identify the wind to Cach é databases
Danger operation.
The content of the invention
The present invention provides a kind of database audit method and its system, it is intended to which solving available data auditing method can not be to non-
The problem of relational data carries out complete security audit.
On the one hand the embodiment of the present invention provides a kind of database audit method.This method includes:
Recognized by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, action statement is generated and caches;
Recognized by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, corresponding return analysis result is generated;
Merge the action statement and return to analysis result, generate operation note.
Alternatively, methods described also includes:Judge whether to be cached with action statement;If so, then merging the action statement
And corresponding return analysis result;If it is not, then handling next request message and replying message.
Alternatively, the action statement translation unit includes:Portal tool operation statement translations unit, Studio instruments
Action statement translation unit, Terminal tool operation statement translation units and SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit,
Terminal instruments reply translation unit and SQL access tools reply translation unit.
Alternatively, it is described that the request message is parsed by the action statement translation unit, generate action statement and delay
Deposit, specifically include:
Obtained by Studio tool operation statement translations unit and access operation;
The operation content for accessing operation is determined according to the M language contents for accessing operation;It is described to access operation bag
Include:Call method name, preservation action and the compiling action during M language.
Alternatively, methods described also includes:For the client of health care management information system, corresponding database is set
Access rights.
On the other hand the embodiment of the present invention provides a kind of database audit system.The auditing system includes:Feature database is known
Other unit, request message for being recognized by feature database, distributed into corresponding action statement translation unit and will replied
Message is distributed into corresponding reply translation unit;Action statement translation unit, for parsing the request message, generation correspondence
Action statement;Buffer unit, for caching the action statement;Translation unit is replied, it is raw for parsing the reply message
Into return analysis result;And operation note generation unit, for merging the action statement and returning to analysis result, generation behaviour
Note down.
Alternatively, the operation note generation unit is additionally operable to:Judge whether to be cached with action statement;If so, then merging
The action statement and corresponding return analysis result;If it is not, then handling next request message and replying message.
Alternatively, the action statement translation unit includes:Portal tool operation statement translations unit, Studio instruments
Action statement translation unit, Terminal tool operation statement translation units and SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit,
Terminal instruments reply translation unit and SQL access tools reply translation unit.
Alternatively, the Studio tool operations statement translation unit specifically for:Obtain and access operation;Grasped according to accessing
The M language contents of work determine the operation content for accessing operation;The access operation includes:Method name when calling M language,
Preservation action and compiling action.
Alternatively, the system also includes:Priority assignation unit, for the client for health care management information system
Corresponding database-access rights are set.
The database audit method and its system of the embodiment of the present invention, are known otherwise by feature database, can be to various
After access stencil, the message format of form are identified, parsed by corresponding resolution unit, can realize SQL statement,
Object accesses and the audit of the depth of multidimensional data group access, record the operation content and related return knot of different clients ending tool
Really, it is ensured that the safe and stable operation of database.
Brief description of the drawings
In order to illustrate more clearly of the technical scheme of the embodiment of the present application, it will make below to required in the embodiment of the present application
Accompanying drawing is briefly described.It should be evident that drawings described below is only some embodiments of the present application, for
For those of ordinary skill in the art, on the premise of not paying creative work, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is the method flow diagram of database audit method provided in an embodiment of the present invention;
Fig. 2 is the method flow diagram of caching sentence provided in an embodiment of the present invention;
Fig. 3 is the functional block diagram of database audit system provided in an embodiment of the present invention;
Fig. 4 is the functional block diagram for the database audit system that another embodiment of the present invention is provided;
Fig. 5 is the hardware architecture diagram of electronic equipment provided in an embodiment of the present invention.
Embodiment
In order that the object, technical solution and advantage of the application are more clearly understood, it is right below in conjunction with drawings and Examples
The application is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the application, not
For limiting the application.
In Cach é databases, data storage is in each Global.One Global is many dimensions of a name
In group, the physical data files for being stored in Cach é.Wherein, the storage cell of physical data files is data block Block (general
It is 8K).Cach é databases control these data blocks using the structure of a similar downtree.
In the database, Global subscript and data are stored in sequence in together in one block.Therefore,
Cach é databases provide three kinds of modes to access data, are sql sentences, object accesses database, n-dimension access number respectively
According to array.Existing auditing system generally only provides the audit of sql access modes, without supporting such as object accesses database
And the mode of n-dimension access array of data.
Fig. 1 is database audit method provided in an embodiment of the present invention.During regular job, user can pass through
Various client utilitys, application system or the third party's instrument of Cach é geo-database integrations pass through the logarithms such as ODBC connected modes
Conducted interviews operation according to storehouse.These are accessed operation and represented (i.e. specific data cell) with PDU groups bag.
This method comprises the following steps:
100:Recognized by feature database, request message is distributed into corresponding action statement translation unit.
The data (PDU groups bag) in database access process can be analyzed first, determine that it belongs to request message
Or message is replied, to carry out corresponding feature database identification process.Feature database identification is a kind of conventional monitoring identification method,
By the feature included in some default rules and feature database, request/reply message is matched or recognized, it is judged
Whether a certain specific classification (such as whether with specific " fingerprint ", Feature Words or flow feature) is belonged to.
In certain embodiments, the strategy that feature database identification can be specifically combined using DFI, DPI or both.Its
In, DPI (deep packet inspection) can be referred to as " deep packet " detection, and it is by increasing the application for message
Layer analysis, accurately to recognize and detect application therein and content, the function such as finishing service identification, control or statistics.DFI
(deep flow inspection) is a kind of recognition strategy based on traffic behavior, and it is embodied in meeting based on different application type
The principle that state in words connection or data flow is had nothing in common with each other, by the traffic behavior feature of different messages, sets up characteristic model
So as to differentiate application type.
DFI and DPI have respective advantage and deficiency, can be by the way that both the above is used in combination in feature database identification
Recognition strategy, is obtained for the accurate Classification and Identification result of request/reply message, distribution is solved into corresponding functional unit
Analysis.
Action statement translation unit can be any suitable, be combined by corresponding software, hardware or hardware and software real
Existing, perform the functional module of packet parsing function.In embodiments of the present invention, due to non-relational database, such as Cach é
There is the diversity of access mode in database, the species such as form, access stencil of message format is various.Accordingly, it would be desirable to according to spy
Levy the recognition result in storehouse, be included into different action statement translation units parsed, translating operation, and can not use unified
Parsing translation unit (such as meets the parsing translation unit that SQL statement parses standard).
In embodiments of the present invention, according to the access mode of Cach é databases, Portal instruments can be specifically set to grasp
Make statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and SQL
This four different types of action statement translation units of access tools action statement translation unit.
Wherein, Terminal instruments are Cach é geo-database integrations, can be directly connected to the instrument of database, and it is used
Be telent agreements mode, it is possible to achieve remote login service.Studio instruments are Cach é geo-database integrations, are used for
The instrument for compiling and debugging for developer, it is directly accessed database by performing M language.Portal instruments are then
Another developing instrument of Cach é geo-database integrations.It uses form web page and carries out operation and maintenance, energy to database
It is enough to access database using conventional SQL statement, the data on each global node can also be directly viewable.
In embodiments of the present invention, it can be recorded, made by all operations of Terminal instruments and Portal instruments
Some with Studio instruments to database access operation, for example, the method name, preservation action and compiling when calling M language are dynamic
Make, can also be recorded.
200:The request message is parsed by the action statement translation unit, action statement is generated and caches.
After action statement translation unit is parsed, the action statement of acquisition or an incomplete operation note,
Also need to the corresponding reply data in merging data storehouse.It therefore, it can caching sentence, complete laggard replying packet parsing
Row union operation.
300:Recognized by feature database, the reply message in packet is distributed into corresponding reply translation unit.
With step 100 analogously, it is possible to use corresponding, the feature database pre-set, feature is carried out to replying message
Storehouse identification operation, it is determined that replying after the specific application type of message, will reply message and distributes to corresponding reply translation unit
The middle parsing for carrying out message and translating operation.
400:The reply message is parsed by the reply translation unit, corresponding return analysis result is generated.It is described
Return to analysis result corresponding with replying message, can generally include database root according to the operation of request message, the data of return
Content or the status information of return etc..
In embodiments of the present invention, with aforesaid operations statement translation unit accordingly, reply translation unit can also wrap
Include:Portal instruments reply translation unit, Studio instruments reply translation unit, Terminal instruments reply translation unit and
SQL access tools reply translation unit, respectively the reply message to corresponding types parsed, translating operation.
500:Merge the action statement and return to analysis result, generate operation note.Reported to request message and reply
After text is all parsed, the analysis result of request message and reply message can be merged into a complete operation note, with
Complete the task of database audit.And the complete operation record finally obtained can be preserved or it is carried out
Follow-up data processing operation.
Above-mentioned database audit method, the characteristics of non-SQL statement is accessed is had for non-relational database, there is provided
A variety of different types of translation units produce corresponding operation note to realize the audit for different access mode.Further
, known using feature database and data message is identified and classified first otherwise, it is ensured that request/reply message can be turned over
Translate or parse.Pass through such mode, it is possible to achieve the message of a variety of different access modes, different shape is solved
Analysis, obtains operation content therein and records, realize complete database audit.For example, for Cach é databases, Ke Yishi
Now to the comprehensive security audit of database, identification removes risk operations, realizes the safe and stable operation of database.
In certain embodiments, it can complete slow using step as shown in Figure 2 for the action statement exported after parsing
Deposit process.As shown in Fig. 2 this method can include:
210:Judge whether action statement carries cache tag.If performing step 230, if otherwise performing step 220.
220:Caching sentence.
230:The action statement and alternate parameter are operated by sqlid.In some cases, there is the parsing of some request messages
The action statement gone out is possible to a simply identification characteristics, is an incomplete sentence.Accordingly, it would be desirable to pass through this operation language
The feature sqlid of sentence (sql), finds out its original action statement and performs step 500, merge with returning result, generation can
The operation note read.
In embodiments of the present invention, request message and reply message are separated progress feature database identification and translation parsing operation
's.The analysis result of request message can be cached first, and be merged with corresponding reply message.
Therefore, before merging, it can first determine whether in caching with the presence or absence of operating effectively sentence.If so, then will
It merges with replying the translation analysis result of message.If being not present, this analysis result can be abandoned, next report is handled
Text, repeats the method shown in Fig. 1 to complete database audit.
As described above, Cach é databases can also be accessed by some application systems, such as it is public when it is applied in medical treatment
Altogether during health field, it can be accessed by health care management information system (HIS systems).
Because Cach é databases employ security component, encryption has been carried out for the data that HIS systems are accessed, and
HIS systems can not be decrypted.Therefore, such operation can not be parsed.It is such, then can be by HIS systems
Control of authority, or isolated by setting up fire wall between each client (or department), the different numbers of distribution
Ensure the security of data according to storehouse authority (medical record data of oneself section office can only be read by for example limiting each section office).Further
Ground, can also provide the operation log recording of HIS systems.
Below by taking Cach é databases as an example, if developer is compiled and adjusted by its integrated Studio instrument
Examination.Developer accesses database by performing M language.Recognize that some important access operations are for example called by feature database
Method name, preservation action and compiling action during M language etc., can deliver to Studio tool operation statement translation units.Then,
M language contents in action statement after translation parsing, determine the operation content for accessing operation, complete database audit.
For the Terminal instruments and studio instruments of Cach é geo-database integrations, user is by these instruments to data
All operations that storehouse is carried out, can parse and record, realize the complete audit of database by corresponding analytical capabilities module.
The embodiment of the present invention additionally provides a kind of database audit system.As shown in figure 3, the system includes:Feature database is known
Other unit 100, action statement translation unit 200, buffer unit 300, reply translation unit 400 and operation note generation unit
500。
In actual audit process, recognized first by feature database recognition unit 100 by feature database, respectively by request message
Distribution is distributed into corresponding reply translation unit into corresponding action statement translation unit and by reply message.Then,
The request message is parsed by action statement translation unit 200, generated after corresponding action statement, it is slow by buffer unit 300
Deposit the action statement.
On the other hand, the reply message is parsed by replying translation unit 400, generation returns to analysis result.Finally, by
Operation note generation unit 500 is by action statement translation unit 200 and replys action statement and return that translation unit 400 is exported
Analysis result merges, and generates operation note.The operation note ultimately generated, can be by any suitable as database audit result
Storage device preserve, such as disk memory, flush memory device or other non-volatile solid state memory parts.
Alternatively, the action statement translation unit 200 and reply translation unit 400 can specifically be set according to actual conditions
The interpretative function unit of multiple types is put, for example, is audited for Cach é wide area information servers, Portal instruments can be set
Action statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and
SQL access tools action statement translation units and Portal instruments reply translation unit, Studio instruments reply translation unit,
Terminal instruments reply translation unit and SQL access tools reply translation unit.
By such mode, the data accountability system can to the various access stencils of Cach é databases, generation
The message format of various forms is correctly recognized, solves the problems, such as the Cach é Method of Database Secure Audit of object-oriented, can be complete
Whole audit goes out client utility:Studio, Terminal, Portal, MedTrak, Sqlmanager operation content and phase
Close returning result.
Wherein, Portal instruments can be audited to SQL statement, inquire about Global, returning result, and Terminal energy instruments then can
Audit to M sentences and returning result, object accesses operation is gone out and straight in original audit that external enwergy more depth is audited to sql sentences
The operation of multidimensional data group access is connect, is realized for the complete audit of database.
For example, the Studio tool operations statement translation unit specifically can be used for:Obtain and access operation.Then, root
The operation content for accessing operation is determined according to the M language contents for accessing operation.The access operation includes:When calling M language
Method name, preservation action and compiling action.
In further embodiments, Cach é databases can be applied in medical treatment, field of public health.User is also possible to lead to
HIS systems are crossed to conduct interviews to database.As a result of specific security component, carried out for the data that HIS systems are accessed
Encryption, and HIS systems can not be decrypted.Therefore, to ensure to access the audit operated for part, except Fig. 3
Outside shown module 100-500, as shown in figure 4, a priority assignation unit 600 can also be included.The priority assignation unit 600
For setting corresponding database-access rights for the client of health care management information system, pass through the power to HIS systems
Limit control, can ensure the security of data.Further, the priority assignation unit 600 can also pass through HIS system operatios
Log recording come realize to these operation monitoring.
It should be noted that because database audit system and database audit method are conceived based on identical application, because
This, the corresponding contents in embodiment of the method are equally applicable to system embodiment, are no longer described in detail herein.
Fig. 5 is the hardware architecture diagram of a kind of electronic equipment provided in an embodiment of the present invention.As shown in figure 5, the equipment
Including:In one or more processors 510 and memory 520, Fig. 5 by taking a processor 510 as an example.
Processor 510 and memory 520 can be connected by bus or other modes, to be connected by bus in Fig. 5
Exemplified by.
Memory 520 is as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey
The corresponding journey of database audit method in sequence, non-volatile computer executable program and module, such as embodiment of the present invention
Sequence instruction/module is (for example, feature database recognition unit 100, action statement translation unit 200, buffer unit shown in accompanying drawing 3
300th, translation unit 400 and operation note generation unit 500 are replied).
Processor 510 is stored in non-volatile software program, instruction and module in memory 520 by operation, from
And various function application and the data processing of execute server, that is, realize above method embodiment database audit method.
Memory 520 can include storing program area and storage data field, wherein, storing program area can store operation system
Application program required for system, at least one function;Storage data field can be stored to be created according to using for database audit system
Data built etc..In addition, memory 520 can include high-speed random access memory, nonvolatile memory can also be included,
For example, at least one disk memory, flush memory device or other non-volatile solid state memory parts.In certain embodiments,
Memory 520 is optional including the memory remotely located relative to processor 510, and these remote memories can be connected by network
It is connected to content recommendation device.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, mobile communication
Net and combinations thereof.
One or more of modules are stored in the memory 520, when by one or more of processors
During 510 execution, the database audit method in above-mentioned any means embodiment is performed.
The said goods can perform the method that the embodiment of the present application is provided, and possesses the corresponding functional module of execution method and has
Beneficial effect.Not ins and outs of detailed description in the present embodiment, reference can be made to the method that the embodiment of the present application is provided.
Professional should further appreciate that, each example described with reference to the embodiments described herein
Unit and algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, hard in order to clearly demonstrate
The interchangeability of part and software, generally describes the composition and step of each example according to function in the above description.
These functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.
Professional and technical personnel can realize described function to each specific application using distinct methods, but this realize
It is not considered that beyond scope of the present application.Described computer software can be stored in computer read/write memory medium, the journey
Sequence is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can for magnetic disc, CD,
Read-only memory or random access memory etc..
Presently filed embodiment is the foregoing is only, the scope of the claims of the application is not thereby limited, it is every to utilize this
Equivalent structure or equivalent flow conversion that application specification and accompanying drawing content are made, or directly or indirectly it is used in other correlations
Technical field, is similarly included in the scope of patent protection of the application.
Claims (10)
1. a kind of database audit method, it is characterised in that including:
Recognized by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, action statement is generated and caches;
Recognized by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, corresponding return analysis result is generated;
Merge the action statement and return to analysis result, generate operation note.
2. according to the method described in claim 1, it is characterised in that methods described also includes:
Judge whether to be cached with action statement;
If so, then merging the action statement and corresponding return analysis result;
If it is not, then handling next request message and replying message.
3. according to the method described in claim 1, it is characterised in that the action statement translation unit includes:Portal instruments
Action statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and
SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit,
Terminal instruments reply translation unit and SQL access tools reply translation unit.
4. method according to claim 3, it is characterised in that described described by action statement translation unit parsing
Request message, generates action statement and caches, specifically include:
Obtained by Studio tool operation statement translations unit and access operation;
The operation content for accessing operation is determined according to the M language contents for accessing operation;The access operation includes:Adjust
Acted with method name during M language, preservation action and compiling.
5. according to the method described in claim 1, it is characterised in that methods described also includes:For health care agrment information system
The client of system sets corresponding database-access rights.
6. a kind of database audit system, it is characterised in that including:
Feature database recognition unit, for being recognized by feature database, request message is distributed to corresponding action statement translation unit
In and by reply message distribute to it is corresponding reply translation unit in;
Action statement translation unit, for parsing the request message, generates corresponding action statement;
Buffer unit, for caching the action statement;
Translation unit is replied, for parsing the reply message, generation returns to analysis result;
Operation note generation unit, for merging the action statement and returning to analysis result, generates operation note.
7. system according to claim 6, it is characterised in that the operation note generation unit is additionally operable to:
Judge whether to be cached with action statement;
If so, then merging the action statement and corresponding return analysis result;
If it is not, then handling next request message and replying message.
8. system according to claim 6, it is characterised in that the action statement translation unit includes:Portal instruments
Action statement translation unit, Studio tool operation statement translations unit, Terminal tool operation statement translation units and
SQL access tools action statement translation units;
The reply translation unit includes:Portal instruments reply translation unit, Studio instruments reply translation unit,
Terminal instruments reply translation unit and SQL access tools reply translation unit.
9. system according to claim 6, it is characterised in that the Studio tool operations statement translation unit is specifically used
In:
Obtain and access operation;
M language contents according to operation is accessed determine the operation content for accessing operation;The access operation includes:Call M
Method name, preservation action and compiling action during language.
10. system according to claim 6, it is characterised in that the system also includes:Priority assignation unit, for for
The client of health care management information system sets corresponding database-access rights.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710077935.3A CN106970939B (en) | 2017-02-14 | 2017-02-14 | A kind of database audit method and its system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710077935.3A CN106970939B (en) | 2017-02-14 | 2017-02-14 | A kind of database audit method and its system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106970939A true CN106970939A (en) | 2017-07-21 |
CN106970939B CN106970939B (en) | 2019-09-03 |
Family
ID=59335139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710077935.3A Active CN106970939B (en) | 2017-02-14 | 2017-02-14 | A kind of database audit method and its system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106970939B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107479988A (en) * | 2017-08-01 | 2017-12-15 | 西安交大捷普网络科技有限公司 | Three layers of related auditing method based on DCOM |
CN109614082A (en) * | 2018-09-28 | 2019-04-12 | 阿里巴巴集团控股有限公司 | A kind of interpretation method, device and equipment for data query script |
CN110290098A (en) * | 2018-03-19 | 2019-09-27 | 华为技术有限公司 | A kind of method and device of defending against network attacks |
CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
CN111209266A (en) * | 2019-12-20 | 2020-05-29 | 深圳昂楷科技有限公司 | Auditing method and device based on Redis database and electronic equipment |
CN115618342A (en) * | 2022-12-19 | 2023-01-17 | 深圳昂楷科技有限公司 | Method, device, equipment and storage medium for identifying tool name of access database |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101853289A (en) * | 2010-05-26 | 2010-10-06 | 杭州华三通信技术有限公司 | Database auditing method and equipment |
CN104036000A (en) * | 2014-06-13 | 2014-09-10 | 赵维佺 | Database audit method, device and system |
CN104113598A (en) * | 2014-07-21 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Three-layer auditing method for database |
US20160292008A1 (en) * | 2015-04-03 | 2016-10-06 | Oracle International Corporation | System and method for using an in-memory data grid to improve performance of a process defined by a process execution language in a soa middleware environment |
CN106060149A (en) * | 2016-06-24 | 2016-10-26 | 北京交通大学 | Mobile internet mass data analysis and audit technical architecture |
-
2017
- 2017-02-14 CN CN201710077935.3A patent/CN106970939B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101853289A (en) * | 2010-05-26 | 2010-10-06 | 杭州华三通信技术有限公司 | Database auditing method and equipment |
CN104036000A (en) * | 2014-06-13 | 2014-09-10 | 赵维佺 | Database audit method, device and system |
CN104113598A (en) * | 2014-07-21 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Three-layer auditing method for database |
US20160292008A1 (en) * | 2015-04-03 | 2016-10-06 | Oracle International Corporation | System and method for using an in-memory data grid to improve performance of a process defined by a process execution language in a soa middleware environment |
CN106060149A (en) * | 2016-06-24 | 2016-10-26 | 北京交通大学 | Mobile internet mass data analysis and audit technical architecture |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107479988A (en) * | 2017-08-01 | 2017-12-15 | 西安交大捷普网络科技有限公司 | Three layers of related auditing method based on DCOM |
CN110290098A (en) * | 2018-03-19 | 2019-09-27 | 华为技术有限公司 | A kind of method and device of defending against network attacks |
US11570212B2 (en) | 2018-03-19 | 2023-01-31 | Huawei Technologies Co., Ltd. | Method and apparatus for defending against network attack |
CN109614082A (en) * | 2018-09-28 | 2019-04-12 | 阿里巴巴集团控股有限公司 | A kind of interpretation method, device and equipment for data query script |
CN109614082B (en) * | 2018-09-28 | 2022-03-04 | 创新先进技术有限公司 | Translation method, device and equipment for data query script |
CN111209266A (en) * | 2019-12-20 | 2020-05-29 | 深圳昂楷科技有限公司 | Auditing method and device based on Redis database and electronic equipment |
CN111177779A (en) * | 2019-12-24 | 2020-05-19 | 深圳昂楷科技有限公司 | Database auditing method, device thereof, electronic equipment and computer storage medium |
CN115618342A (en) * | 2022-12-19 | 2023-01-17 | 深圳昂楷科技有限公司 | Method, device, equipment and storage medium for identifying tool name of access database |
Also Published As
Publication number | Publication date |
---|---|
CN106970939B (en) | 2019-09-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106970939B (en) | A kind of database audit method and its system | |
Zheng et al. | Xblock-eth: Extracting and exploring blockchain data from ethereum | |
Munk et al. | Data preprocessing evaluation for web log mining: reconstruction of activities of a web visitor | |
US8285698B2 (en) | Securing search queries | |
CN109086413A (en) | For searching for the method, equipment and readable storage medium storing program for executing of block chain data | |
US20220138271A1 (en) | Method, Device and Computer Program for Collecting Data From Multi-Domain | |
Pareek et al. | Real-time ETL in Striim | |
Srivastava et al. | Fraud detection in the distributed graph database | |
CN107704369A (en) | A kind of recording method of Operation Log, electronic equipment, storage medium, system | |
CN110008197A (en) | A kind of data processing method, system and electronic equipment and storage medium | |
CN110825641B (en) | Micro-service application test system based on simulation data generator | |
Veiga et al. | Analysis and evaluation of MapReduce solutions on an HPC cluster | |
Khan | Graph analysis of the ethereum blockchain data: A survey of datasets, methods, and future work | |
Accorsi et al. | Towards forensic data flow analysis of business process logs | |
US20060259459A1 (en) | Verification of cross domain data system query results | |
Sun et al. | Expert system for automatic microservices identification using API similarity graph | |
Zheng et al. | On-chain and off-chain blockchain data collection | |
KR20200066428A (en) | A unit and method for processing rule based action | |
CN110457934A (en) | A kind of high emulation data desensitization algorithm based on hash algorithm | |
Punn et al. | Testing big data application | |
Rani et al. | Social data provenance framework based on zero-information loss graph database | |
Hadzic et al. | Alternative approach to tree-structured web log representation and mining | |
Gu et al. | Fingerprinting network entities based on traffic analysis in high-speed network environment | |
Raiyani et al. | Enhance preprocessing technique Distinct user identification using web log usage data | |
Deng et al. | An efficient policy evaluation engine with locomotive algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |