CN106970939B - A kind of database audit method and its system - Google Patents
A kind of database audit method and its system Download PDFInfo
- Publication number
- CN106970939B CN106970939B CN201710077935.3A CN201710077935A CN106970939B CN 106970939 B CN106970939 B CN 106970939B CN 201710077935 A CN201710077935 A CN 201710077935A CN 106970939 B CN106970939 B CN 106970939B
- Authority
- CN
- China
- Prior art keywords
- translation unit
- reply
- action statement
- access
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2452—Query translation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2452—Query translation
- G06F16/24524—Access plan code generation and invalidation; Reuse of access plans
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the present invention provides a kind of database audit method and its auditing system.Wherein, which comprises identified by feature database, request message is distributed into corresponding action statement translation unit;The request message is parsed by the action statement translation unit, generate action statement and is cached;It is identified by feature database, message will be replied and distributed into corresponding reply translation unit;The reply message is parsed by the reply translation unit, generates corresponding return parsing result;Merge the action statement and return to parsing result, generates operation note.The parsing with different resolution units otherwise is known by feature database, it can be realized the depth audit of SQL statement, object accesses and multidimensional data group access, the operation content and correlation for recording different clients ending tool return the result, and guarantee the safe and stable operation of database.
Description
Technical field
The present invention relates to database audit technical fields, more particularly to a kind of database audit method and its system.
Background technique
With network technology, the development of storage equipment and technology, people read the high efficiency read-write of mass data, high concurrent
It writes, the high scalability of data and availability, transaction consistency, read-write real-time, complexity SQL, especially multilist correlation inquiry etc.
Demand increasingly increase.
In relevant database, lead to poor performance main the reason is that multilist correlation inquiry, and it is complicated
The complicated SQL report query of data analysis type.In order to guarantee the ACID characteristic of database, the model required as far as possible according to it is needed
Formula is designed, and the table in relevant database is all the data structure for storing a formatting.
The composition of each tuple field is just as, even if not being that each tuple requires all fields, but database
All fields can be distributed for each tuple, such structure can be in order to carry out linking etc. operation, but from another between poster table
It is also a factor of relevant database performance bottleneck for one angle.
Based on the above reasons, there is non-relational database, such as mainstream product therein: Cach é database
(product of Intersystems company, the U.S.).Cach é is mainly used in medical treatment, financial service, government and other many necks
Domain provides data management, strategic interoperability and analysis platform technology.As non-relational database, the appearance of Cach é
Although a series of problems existing for very good solution relevant database, it brings database audit work huge
Challenge.It is either domestic or external for the research and application of the security audit technology of Cach é database, all in compared with
For the state of blank.
During realizing the application, inventor has found that the relevant technologies have the following problems: usually to the audit of database
The operation content for database is mainly extracted by good application Packet analyzing.In traditional Relational DataBase, operation
It is all to meet by ANSI and International Organization for standardization (International Standards Organization, ISO) conduct
The SQL standard of 9075 standard care of ISO/IEC.Therefore, tradition can be parsed by the agreement defined inside " SQL standard "
SQL statement.
But for non-relational databases such as Cach é databases, and " SQL standard " is not complied with, therefore uses tradition
Protocol analysis can not carry out complete security audit to Cach é database, can not identify the wind to Cach é database
Danger operation.
Summary of the invention
The present invention provides a kind of database audit method and its system, it is intended to which solving available data auditing method can not be to non-
Relational data carries out the problem of complete security audit.
On the one hand the embodiment of the present invention provides a kind of database audit method.This method comprises:
It is identified by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, generate action statement and is cached;
It is identified by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, generates corresponding return parsing result;
Merge the action statement and return to parsing result, generates operation note.
Optionally, the method also includes: judge whether to be cached with action statement;If so, merging the action statement
And corresponding return parsing result;If it is not, then handling next request message and replying message.
Optionally, the action statement translation unit includes: Portal tool operation statement translation unit, Studio tool
Action statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit,
Terminal tool replys translation unit and SQL access tools reply translation unit.
Optionally, described that the request message is parsed by the action statement translation unit, it generates action statement and delays
It deposits, specifically includes:
Access operation is obtained by Studio tool operation statement translation unit;
The operation content of the access operation is determined according to the M language content of the access operation;The access operation packet
It includes: calling method name, preservation movement and the compiling movement when M language.
Optionally, the method also includes: for the client of health care management information system, corresponding database is set
Access authority.
On the other hand the embodiment of the present invention provides a kind of database audit system.The auditing system includes: that feature database is known
Request message is distributed into corresponding action statement translation unit and will be replied for being identified by feature database by other unit
Message is distributed into corresponding reply translation unit;Action statement translation unit is generated and is corresponded to for parsing the request message
Action statement;Cache unit, for caching the action statement;Translation unit is replied, it is raw for parsing the reply message
At return parsing result;And operation note generation unit generates behaviour for merging the action statement and returning to parsing result
It notes down.
Optionally, the operation note generation unit is also used to: judging whether to be cached with action statement;If so, merging
The action statement and corresponding return parsing result;If it is not, then handling next request message and replying message.
Optionally, the action statement translation unit includes: Portal tool operation statement translation unit, Studio tool
Action statement translation unit, Terminal tool operation statement translation unit and SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit,
Terminal tool replys translation unit and SQL access tools reply translation unit.
Optionally, the Studio tool operation statement translation unit is specifically used for: obtaining access operation;It is grasped according to access
The M language content of work determines the operation content of the access operation;The access operation include: call M language when method name,
Preservation movement and compiling movement.
Optionally, the system also includes priority assignation units, for the client for health care management information system
Corresponding database-access rights are set.
The database audit method and its system of the embodiment of the present invention are known otherwise by feature database, can be to various
Access stencil, form message format identified after, parsed by corresponding resolution unit, can be realized SQL statement,
Object accesses and the audit of the depth of multidimensional data group access, the operation content and correlation for recording different clients ending tool return to knot
Fruit guarantees the safe and stable operation of database.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application will make below to required in the embodiment of the present application
Attached drawing is briefly described.It should be evident that drawings described below is only some embodiments of the present application, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the method flow diagram of database audit method provided in an embodiment of the present invention;
Fig. 2 is the method flow diagram of caching sentence provided in an embodiment of the present invention;
Fig. 3 is the functional block diagram of database audit system provided in an embodiment of the present invention;
Fig. 4 be another embodiment of the present invention provides database audit system functional block diagram;
Fig. 5 is the hardware structural diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the application, not
For limiting the application.
In Cach é database, data are stored in each Global.One Global is the multidimensional number of a name
Group is stored in the physical data files of Cach é.Wherein, the storage cell of physical data files is data block Block (general
It is 8K).Cach é database controls these data blocks using the structure of a similar downtree.
In the database, the subscript and data of Global is stored in sequence in together in one block.Therefore,
Cach é database provides three kinds of modes to access data, is sql sentence, object accesses database, n-dimension access number respectively
According to array.Existing auditing system usually only provides the audit of sql access mode, without supporting such as object accesses database
And the mode of n-dimension access array of data.
Fig. 1 is database audit method provided in an embodiment of the present invention.During regular job, user can pass through
Various client utilities, application system or the third party's tool of Cach é geo-database integration pass through the logarithms such as ODBC connection type
It accesses operation according to library.These access operations indicate (i.e. specific data cell) with PDU group packet.
This method comprises the following steps:
100: being identified by feature database, request message is distributed into corresponding action statement translation unit.
The data (PDU group packet) in database access process can be analyzed first, determine that it belongs to request message
Or message is replied, to carry out corresponding feature database identification process.Feature database identification is a kind of common monitoring identification method,
By the feature for including in some default rules and feature database, request/reply message is matched or identified, judges it
Whether a certain specific classification (such as whether have the characteristics that specific " fingerprint ", Feature Words or flow) is belonged to.
In some embodiments, the strategy that feature database identification can specifically be combined using DFI, DPI or both.Its
In, DPI (deep packet inspection) can be referred to as " deep packet " detection, by increasing the application for message
Layer analysis, accurately to identify and detect application therein and content, the functions such as finishing service identification, control or statistics.DFI
(deep flow inspection) is a kind of recognition strategy based on traffic behavior, is embodied in meeting based on different application type
The principle that state in words connection or data flow is had nothing in common with each other establishes characteristic model by the traffic behavior feature of different messages
To identify application type.
DFI and DPI has respective advantage and deficiency, can be by the way that both the above is used in combination in feature database identification
Recognition strategy is obtained for request/accurate classification recognition result of reply message, and distribution is solved into corresponding functional unit
Analysis.
Action statement translation unit can be any suitable, be combined by corresponding software, hardware or hardware and software real
Existing, execute the functional module of packet parsing function.In embodiments of the present invention, due to non-relational database, such as Cach é
For database there are the diversity of access mode, form, access stencil of message format etc. are many kinds of.Therefore, it is necessary to according to spy
The recognition result for levying library, be included into different action statement translation units parsed, translating operation, and be not available unified
Parsing translation unit (the parsing translation unit for such as meeting SQL statement parsing standard).
In embodiments of the present invention, according to the access mode of Cach é database, Portal tool behaviour specifically can be set
Make statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and SQL
This four different types of action statement translation units of access tools action statement translation unit.
Wherein, Terminal tool is Cach é geo-database integration, can be directly connected to the tool of database, use
Be telent agreement mode, remote login service may be implemented.Studio tool is Cach é geo-database integration, is used for
The tool for compiling and debugging for developer directly accesses database by executing M language.Portal tool is then
Another developing instrument of Cach é geo-database integration.It carries out operation and maintenance, energy to database using form web page
Enough database, the data that can also be directly viewable on each global node are accessed using common SQL statement.
In embodiments of the present invention, it can be recorded, be made by all operations of Terminal tool and Portal tool
With Studio tool to some access operations of database, for example, the method name, preservation movement and compiling when calling M language are dynamic
Make, can also be recorded.
200: the request message being parsed by the action statement translation unit, action statement is generated and caches.
After action statement translation unit is parsed, the action statement of acquisition or an incomplete operation note,
Also need the corresponding reply data in merging data library.Therefore, can be with caching sentence, replying, packet parsing completion is laggard
Row union operation.
300: being identified by feature database, the reply message in data packet is distributed into corresponding reply translation unit.
Analogously with step 100, it can use corresponding, pre-set feature database, carry out feature to message is replied
Library identification operation, determines after replying the specific application type of message, will reply message and distributes to corresponding reply translation unit
The middle parsing for carrying out message and translating operation.
400: the reply message being parsed by the reply translation unit, generates corresponding return parsing result.It is described
It is corresponding with message is replied to return to parsing result, usually may include operation of the database root according to request message, the data of return
Content or the status information of return etc..
In embodiments of the present invention, with aforesaid operations statement translation unit correspondingly, reply translation unit also can wrap
Include: Portal tool reply translation unit, Studio tool reply translation unit, Terminal tool reply translation unit and
SQL access tools reply translation unit, are parsed respectively to the reply message of corresponding types, translating operation.
500: merging the action statement and return to parsing result, generate operation note.It is reported to request message and reply
After text is all parsed, the parsing result of request message and reply message can be merged into a complete operation note, with
Complete the task of database audit.And the complete operation record finally obtained can carry out saving or carrying out it
Subsequent data processing operation.
Above-mentioned database audit method is provided with the characteristics of access for non-relational database there is non-SQL statement
Audit of a variety of different types of translation units in a manner of realizing for different access, generates corresponding operation note.Further
, data message is identified and is classified first otherwise using feature database knowledge, it is ensured that request/reply message can be turned over
It translates or parses.In this way, it may be implemented to solve the message of a variety of different access modes, different shape
Analysis, obtains operation content therein and records, realize complete database audit.For example, for Cach é database, Ke Yishi
Now to the comprehensive security audit of database, identification removes risk operations, realizes the safe and stable operation of database.
In some embodiments, the action statement exported after parsing can be completed using step as shown in Figure 2 slow
Deposit process.As shown in Fig. 2, this method may include:
210: judging whether action statement has cache tag.If executing step 230,220 are thened follow the steps if not.
220: caching sentence.
230: the action statement and alternate parameter are operated by sqlid.In some cases, some request messages parse
Action statement out is possible to an only identification characteristics, is an incomplete sentence.Therefore, it is necessary to operate language by this
The feature sqlid of sentence (sql), finds out its original action statement and executes step 500, merge with returning the result, generation can
The operation note read.
In embodiments of the present invention, request message and reply message are to separate to carry out feature database identification and translate parsing to operate
's.The parsing result of request message can be cached first, and be merged with corresponding reply message.
Therefore, it before merging, can first determine whether in caching with the presence or absence of efficient operation sentence.If so, will
It merges with the translation parsing result for replying message.If it does not exist, then this parsing result can be abandoned, next report is handled
Text repeats method shown in FIG. 1 to complete database audit.
As described above, Cach é database can also be accessed by some application systems, such as when it is applied in medical treatment, public affairs
Altogether when health field, it can be accessed by health care management information system (HIS system).
Since Cach é database uses security component, encryption has been carried out for the data of HIS system access, and
HIS system can not be decrypted.Therefore, such operation can not be parsed.It is such, then it can be by HIS system
Permission control, either by between each client (or department) set up firewall be isolated, distribute different numbers
Guarantee the safety (such as limit each department can only read the medical record data of oneself department) of data according to library permission.Further
Ground can also provide the operation log recording of HIS system.
Below by taking Cach é database as an example, if developer is compiled and is adjusted by its integrated Studio tool
Examination.Developer accesses database by executing M language.It is identified, some important access operations, such as called by feature database
Method name, preservation movement and compiling movement when M language etc., can send to Studio tool operation statement translation unit.Then,
M language content in action statement after translation parsing, determines the operation content of the access operation, completes database audit.
For the Terminal tool and studio tool of Cach é geo-database integration, user is by these tools to data
All operations that library carries out, can parse and record, realize the complete audit of database by corresponding parsing functional module.
The embodiment of the invention also provides a kind of database audit systems.As shown in figure 3, the system includes: that feature database is known
Other unit 100, cache unit 300, replys translation unit 400 and operation note generation unit at action statement translation unit 200
500。
In practical audit process, identified first by feature database recognition unit 100 by feature database, respectively by request message
Distribution is distributed into corresponding action statement translation unit and by message is replied into corresponding reply translation unit.Then,
The request message is parsed by action statement translation unit 200, it is slow by cache unit 300 after generating corresponding action statement
Deposit the action statement.
On the other hand, the reply message is parsed by replying translation unit 400, generates and returns to parsing result.Finally, by
The action statement and return that operation note generation unit 500 exports action statement translation unit 200 and reply translation unit 400
Parsing result merges, and generates operation note.The operation note ultimately generated is as database audit as a result, can be by any suitable
Storage equipment save, such as disk memory, flush memory device or other non-volatile solid state memory parts.
Optionally, the action statement translation unit 200 and reply translation unit 400 can specifically be set according to the actual situation
The interpretative function unit of multiple types is set, such as is audited for Cach é wide area information server, Portal tool can be set
Action statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and
SQL access tools action statement translation unit and Portal tool reply translation unit, Studio tool replys translation unit,
Terminal tool replys translation unit and SQL access tools reply translation unit.
In this way, the data accountability system can to the various access stencils of Cach é database, generation
The message format of various forms is correctly identified solve the problems, such as the Cach é Method of Database Secure Audit of object-oriented, can be complete
Whole audit goes out client utility: the operation content and phase of Studio, Terminal, Portal, MedTrak, Sqlmanager
Pass returns the result.
Wherein, Portal tool can be audited to SQL statement, inquiry Global, be returned the result, and Terminal energy tool then can
It audits to M sentence and returning the result, goes out object accesses operation and straight in the audit of original pair of sql sentence audit external enwergy more depth
The operation of multidimensional data group access is connect, realization completely audits for database.
For example, the Studio tool operation statement translation unit specifically can be used for: obtaining access operation.Then, root
The operation content of the access operation is determined according to the M language content of access operation.The access operation includes: when calling M language
Method name, preservation movement and compiling movement.
In further embodiments, Cach é database can be applied in medical treatment, field of public health.User is also possible to lead to
HIS system is crossed to access to database.Due to using specific security component, the data of HIS system access are carried out
Encryption, and HIS system can not be decrypted.Therefore, to guarantee the audit for part access operation, Fig. 3 is removed
Shown in outside module 100-500, as shown in figure 4, can also include a priority assignation unit 600.The priority assignation unit 600
For corresponding database-access rights to be arranged for the client of health care management information system, pass through the power to HIS system
Limit control, can ensure the safety of data.Further, the priority assignation unit 600 can also pass through HIS system operatio
Log recording come realize to these operation monitoring.
It should be noted that since database audit system and database audit method are based on identical application design, because
This, the corresponding contents in embodiment of the method are equally applicable to system embodiment, and and will not be described here in detail.
Fig. 5 is the hardware structural diagram of a kind of electronic equipment provided in an embodiment of the present invention.As shown in figure 5, the equipment
It include: one or more processors 510 and memory 520, in Fig. 5 by taking a processor 510 as an example.
Processor 510 can be connected with memory 520 by bus or other modes, to be connected by bus in Fig. 5
For.
Memory 520 is used as a kind of non-volatile computer readable storage medium storing program for executing, can be used for storing non-volatile software journey
Sequence, non-volatile computer executable program and module, such as the corresponding journey of database audit method in the embodiment of the present invention
Sequence instruction/module is (for example, attached feature database recognition unit 100 shown in Fig. 3, action statement translation unit 200, cache unit
300, translation unit 400 and operation note generation unit 500 are replied).
Non-volatile software program, instruction and the module that processor 510 is stored in memory 520 by operation, from
And the various function application and data processing of execute server, i.e. realization above method embodiment database audit method.
Memory 520 may include storing program area and storage data area, wherein storing program area can store operation system
Application program required for system, at least one function;Storage data area can be stored is created according to using for database audit system
The data etc. built.In addition, memory 520 may include high-speed random access memory, it can also include nonvolatile memory,
A for example, at least disk memory, flush memory device or other non-volatile solid state memory parts.In some embodiments,
Optional memory 520 includes the memory remotely located relative to processor 510, these remote memories can be connected by network
It is connected to content recommendation device.The example of above-mentioned network includes but is not limited to internet, intranet, local area network, mobile communication
Net and combinations thereof.
One or more of modules are stored in the memory 520, when by one or more of processors
When 510 execution, the database audit method in above-mentioned any means embodiment is executed.
Method provided by the embodiment of the present application can be performed in the said goods, has the corresponding functional module of execution method and has
Beneficial effect.The not technical detail of detailed description in the present embodiment, reference can be made to method provided by the embodiment of the present application.
Professional should further appreciate that, described in conjunction with the examples disclosed in the embodiments of the present disclosure
Unit and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, hard in order to clearly demonstrate
The interchangeability of part and software generally describes each exemplary composition and step according to function in the above description.
These functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.
Professional technician can use different methods to achieve the described function each specific application, but this realization
It is not considered that exceeding scope of the present application.The computer software can be stored in computer-readable storage medium, the journey
Sequence is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can for magnetic disk, CD,
Read-only memory or random access memory etc..
The foregoing is merely presently filed embodiments, are not intended to limit the scope of the patents of the application, all to utilize this
Equivalent structure or equivalent flow shift made by application specification and accompanying drawing content, it is relevant to be applied directly or indirectly in other
Technical field similarly includes in the scope of patent protection of the application.
Claims (10)
1. a kind of database audit method characterized by comprising
It is identified by feature database, request message is distributed into corresponding action statement translation unit;
The request message is parsed by the action statement translation unit, generate action statement and is cached;
It is identified by feature database, message will be replied and distributed into corresponding reply translation unit;
The reply message is parsed by the reply translation unit, generates corresponding return parsing result;
Merge the action statement and return to parsing result, generates operation note;
Wherein, feature of the feature database identification for including by preset rules and feature database, determines the type of access data
For the request message or the reply message;Or the feature database identification is for determining access by deep packet inspection technical
The type of data is the request message or the reply message;Or the feature database identification is for detecting skill by deep stream
Art determines that the type of access data is the request message or the reply message;Or the feature database identification is for passing through depth
Packet inspection technical and deep stream detection technique are spent, determines that the type of access data is the request message or the reply message.
2. the method according to claim 1, wherein the method also includes:
Judge whether to be cached with action statement;
If so, merging the action statement and corresponding return parsing result;
If it is not, then handling next request message and replying message.
3. the method according to claim 1, wherein the action statement translation unit includes: Portal tool
Action statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and
SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit,
Terminal tool replys translation unit and SQL access tools reply translation unit.
4. according to the method described in claim 3, it is characterized in that, described by described in action statement translation unit parsing
Request message generates action statement and caches, specifically includes:
Access operation is obtained by Studio tool operation statement translation unit;
The operation content of the access operation is determined according to the M language content of the access operation;The access operation includes: to adjust
Method name, preservation movement and compiling movement when with M language.
5. the method according to claim 1, wherein the method also includes: for health care agrment information system
Corresponding database-access rights are arranged in the client of system.
6. a kind of database audit system characterized by comprising
Feature database recognition unit distributes request message to corresponding action statement translation unit for being identified by feature database
In and by reply message distribute into corresponding reply translation unit;
Action statement translation unit generates corresponding action statement for parsing the request message;
Cache unit, for caching the action statement;
Translation unit is replied, for parsing the reply message, generates and returns to parsing result;
Operation note generation unit generates operation note for merging the action statement and returning to parsing result;
Wherein, feature of the feature database identification for including by preset rules and feature database, determines the type of access data
For the request message or the reply message;Or the feature database identification is for determining access by deep packet inspection technical
The type of data is the request message or the reply message;Or the feature database identification is for detecting skill by deep stream
Art determines that the type of access data is the request message or the reply message;Or the feature database identification is for passing through depth
Packet inspection technical and deep stream detection technique are spent, determines that the type of access data is the request message or the reply message.
7. system according to claim 6, which is characterized in that the operation note generation unit is also used to:
Judge whether to be cached with action statement;
If so, merging the action statement and corresponding return parsing result;
If it is not, then handling next request message and replying message.
8. system according to claim 6, which is characterized in that the action statement translation unit includes: Portal tool
Action statement translation unit, Studio tool operation statement translation unit, Terminal tool operation statement translation unit and
SQL access tools action statement translation unit;
The reply translation unit include: Portal tool reply translation unit, Studio tool reply translation unit,
Terminal tool replys translation unit and SQL access tools reply translation unit.
9. system according to claim 8, which is characterized in that the Studio tool operation statement translation unit is specifically used
In:
Obtain access operation;
The operation content of the access operation is determined according to the M language content of access operation;The access operation includes: to call M
Method name, preservation movement and compiling movement when language.
10. system according to claim 6, which is characterized in that the system also includes priority assignation unit, for for
Corresponding database-access rights are arranged in the client of health care management information system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710077935.3A CN106970939B (en) | 2017-02-14 | 2017-02-14 | A kind of database audit method and its system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710077935.3A CN106970939B (en) | 2017-02-14 | 2017-02-14 | A kind of database audit method and its system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106970939A CN106970939A (en) | 2017-07-21 |
CN106970939B true CN106970939B (en) | 2019-09-03 |
Family
ID=59335139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710077935.3A Active CN106970939B (en) | 2017-02-14 | 2017-02-14 | A kind of database audit method and its system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106970939B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107479988A (en) * | 2017-08-01 | 2017-12-15 | 西安交大捷普网络科技有限公司 | Three layers of related auditing method based on DCOM |
CN110290098B (en) * | 2018-03-19 | 2020-12-25 | 华为技术有限公司 | Method and device for defending network attack |
CN109614082B (en) * | 2018-09-28 | 2022-03-04 | 创新先进技术有限公司 | Translation method, device and equipment for data query script |
CN111209266B (en) * | 2019-12-20 | 2024-05-24 | 深圳昂楷科技有限公司 | Audit method and device based on Redis database and electronic equipment |
CN111177779B (en) * | 2019-12-24 | 2023-04-25 | 深圳昂楷科技有限公司 | Database auditing method, device, electronic equipment and computer storage medium |
CN115618342B (en) * | 2022-12-19 | 2023-03-28 | 深圳昂楷科技有限公司 | Method, device, equipment and storage medium for identifying tool name of access database |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101853289A (en) * | 2010-05-26 | 2010-10-06 | 杭州华三通信技术有限公司 | Database auditing method and equipment |
CN104036000A (en) * | 2014-06-13 | 2014-09-10 | 赵维佺 | Database audit method, device and system |
CN104113598A (en) * | 2014-07-21 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Three-layer auditing method for database |
CN106060149A (en) * | 2016-06-24 | 2016-10-26 | 北京交通大学 | Mobile internet mass data analysis and audit technical architecture |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10489203B2 (en) * | 2015-04-03 | 2019-11-26 | Oracle International Corporation | System and method for using an in-memory data grid to improve performance of a process defined by a process execution language in a SOA middleware environment |
-
2017
- 2017-02-14 CN CN201710077935.3A patent/CN106970939B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101853289A (en) * | 2010-05-26 | 2010-10-06 | 杭州华三通信技术有限公司 | Database auditing method and equipment |
CN104036000A (en) * | 2014-06-13 | 2014-09-10 | 赵维佺 | Database audit method, device and system |
CN104113598A (en) * | 2014-07-21 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Three-layer auditing method for database |
CN106060149A (en) * | 2016-06-24 | 2016-10-26 | 北京交通大学 | Mobile internet mass data analysis and audit technical architecture |
Also Published As
Publication number | Publication date |
---|---|
CN106970939A (en) | 2017-07-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106970939B (en) | A kind of database audit method and its system | |
Zheng et al. | Xblock-eth: Extracting and exploring blockchain data from ethereum | |
US8589343B2 (en) | Systems and methods for digital file change monitoring | |
CN103582868B (en) | Operator state checkpoints | |
WO2015039046A1 (en) | Data flow exploration | |
CN107222472A (en) | A kind of user behavior method for detecting abnormality under Hadoop clusters | |
US20080065616A1 (en) | Metadata integration tool, systems and methods for managing enterprise metadata for the runtime environment | |
Gao et al. | Toward continuous pattern detection over evolving large graph with snapshot isolation | |
CN106528391A (en) | Recording method of operating log by management platform on SSR | |
Pareek et al. | Real-time ETL in Striim | |
CN107704369A (en) | A kind of recording method of Operation Log, electronic equipment, storage medium, system | |
Liang et al. | Financial big data analysis and early warning platform: a case study | |
Accorsi et al. | Towards forensic data flow analysis of business process logs | |
CN108133143A (en) | A kind of data leakage prevention method and system of facing cloud desktop application environment | |
Ashrafi et al. | A data mining architecture for distributed environments | |
Sheikh et al. | Provenance inference techniques: Taxonomy, comparative analysis and design challenges | |
CN112910974B (en) | System and method based on block chain system architecture | |
TW201947492A (en) | System and method for operational data convergence | |
Punn et al. | Testing big data application | |
Roschke et al. | An alert correlation platform for memory‐supported techniques | |
Leida et al. | Dynamic access control to semantics-aware streamed process logs | |
Cervesato et al. | A comparison between strand spaces and multiset rewriting for security protocol analysis | |
Cheah | Quality, retrieval and analysis of provenance in large-scale data | |
Estupiñán | Analysis of Modern Blockchain Networks Using Graph Databases | |
Xuewei et al. | Research on the key technology of reconstructing attack scenario based on state machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |