CN107193963B - Distributed development method of database application system - Google Patents

Distributed development method of database application system Download PDF

Info

Publication number
CN107193963B
CN107193963B CN201710374209.8A CN201710374209A CN107193963B CN 107193963 B CN107193963 B CN 107193963B CN 201710374209 A CN201710374209 A CN 201710374209A CN 107193963 B CN107193963 B CN 107193963B
Authority
CN
China
Prior art keywords
data
development
subsystem
virtual machine
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710374209.8A
Other languages
Chinese (zh)
Other versions
CN107193963A (en
Inventor
曹琦
路翔
王文政
李剑
曹阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Services College Of Cpla Ground Force
Original Assignee
Services College Of Cpla Ground Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Services College Of Cpla Ground Force filed Critical Services College Of Cpla Ground Force
Priority to CN201710374209.8A priority Critical patent/CN107193963B/en
Publication of CN107193963A publication Critical patent/CN107193963A/en
Application granted granted Critical
Publication of CN107193963B publication Critical patent/CN107193963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a distributed development method of a database application system, which adopts a semi-closed development mode of encrypting data in a basic database and a data application support subsystem and providing data calling with limited authority for the development task of each business application subsystem, so that the development task of the business application subsystem can be handed to other project development groups outside a confidential range for distributed development, which is beneficial to solving the contradiction between the data confidential requirement and the configuration of technical developers, thereby better ensuring the development progress of the database application system under the environment of considering the confidential requirement, reducing the development work difficulty and the technical cost, adopting multi-level anti-disclosure protective measures, enhancing the data confidential safety under the distributed development environment of the database application system, effectively weakening and even avoiding the data disclosure risk, well meets the requirements of the confidential development environment.

Description

Distributed development method of database application system
Technical Field
The invention relates to the technical field of database software system development, in particular to a distributed development method of a database application system.
Background
The database application system is a computer application system established under the support of a database management system, takes a database as a data knowledge base and a service application subsystem as main development content, and is used for providing different service application functions according to different service requirements. Common database application systems are, for example, database-based financial management systems, personnel management systems, book management systems, and the like. From a technical point of view, these database applications are all database-based and core computer applications, whether they are internal business and management-oriented management information systems or external business information systems that provide information services externally.
In the development of a database application system, besides a basic database needs to be established, a business application subsystem providing corresponding business application functions needs to be developed according to business requirements, and professional developers in related business fields need to implement development because business function requirements and development technologies related to business application subsystem development tasks corresponding to different business fields are greatly different. In the development process of the service application subsystem, because data access, call, data interface and the like of different function items in the service application subsystem to the basic database need to be coordinated, information interaction between the basic database and different project development groups of the service application subsystems often needs to be carried out depending on a local area network or an internet environment so as to be convenient for viewing and knowing data content in the basic database and related data and program content in other service application subsystems, so that the service application subsystem and the basic database and the related service application subsystems can work cooperatively.
However, sometimes for some special reasons, such as existence of trade secrets or industry privacy regulations, it is necessary to avoid leakage of confidential data information, especially some core data in the basic database. However, if the development tasks of the basic database and all the service application subsystems are simultaneously completed by the project development groups within the security scope for security, the workload is huge, the development period is long, and the development tasks are difficult to be integrated to the service application subsystem technical developers corresponding to different service fields, which increases the development difficulty and the technical cost, and may even cause the development work of the whole database application system to be trapped in difficulty and the development progress to be stopped. If the system is distributed to other project development groups outside the security scope to assist in completing the development task of the business application subsystem, how to solve the problems of information security and collaborative development and debugging among the business application subsystems becomes a problem to be solved urgently.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a distributed development method of a database application system, so as to solve the problem that the development of the database application system under the confidential requirement environment is difficult to meet both the confidential requirement and the development progress.
In order to achieve the purpose, the invention adopts the following technical scheme:
a distributed development method of a database application system comprises a basic database and a plurality of service application subsystems, wherein the database application system also comprises a data application support subsystem for providing distributed development support; the method comprises the steps of firstly, carrying out architecture design of a basic database and development of a data application support subsystem, then respectively developing each service application subsystem, limiting access and calling authority of called data in the basic database in development of each service application subsystem by adopting a data encryption calling mechanism through the data application support subsystem, adding the functional items into the basic database through the data application support subsystem after development of the functional items in the service application subsystems is completed, and completing corresponding data updating, so that development tasks of all the functional items in each service application subsystem and updating tasks of the basic database are gradually completed, and distributed development of the whole database application system is completed.
In the distributed development method of the database application system, specifically, the development process includes the following steps:
1) completing the architecture design of a basic database, and storing the called data for each business application subsystem in the basic database;
2) in the development of the data application support subsystem, called data of each function item in each service application subsystem stored in a basic database is called for encryption, a corresponding data encryption calling virtual machine is generated, an anti-cracking monitoring program used for judging that all data in the data encryption calling virtual machine are automatically deleted when illegal decryption is cracked is added into the data encryption calling virtual machine, and a data calling interface used for executing calling operation on the called data in the data encryption calling virtual machine is generated and used for limiting access and calling permission of the called data in the data encryption calling virtual machine;
3) in the development of a business application subsystem, acquiring a data encryption calling virtual machine and a data calling interface corresponding to a function item in a corresponding business application subsystem, acquiring called data in the data encryption calling virtual machine by using the data calling interface to complete the development of the corresponding function item, then packaging all codes, documents and database scripts of the function item into a corresponding function execution program module, and generating a data feedback interface of the function execution program module;
4) acquiring a function execution program module and a data feedback interface corresponding to a function item in a service application subsystem through a data application support subsystem, butting the corresponding function execution program module with the data application support subsystem by using the data feedback interface, calling data content provided by the function execution program module, adding the data content into a basic database, and synchronously updating called data in a corresponding data encryption calling virtual machine and the corresponding data calling interface aiming at the function item in other service application subsystems relevant to the function execution program module;
5) and repeating and circularly executing the steps 3) -4) until the development tasks of all the functional items in each service application subsystem and the updating task of the basic database are completed, thereby completing the distributed development of the whole database application system.
In the distributed development method of the database application system, specifically, the anti-decryption monitoring program in the data encryption calling virtual machine is used for identifying decryption operation on the data encryption calling virtual machine, if the number of decryption operations reaches a preset decryption limit number and the decryption is still not successful, the data encryption calling virtual machine is determined to be decrypted illegally, and all data in the data encryption calling virtual machine is automatically deleted.
In the distributed development method of the database application system, as an improvement scheme, after the data encryption calling virtual machine and the corresponding data calling interface are generated in the data application support subsystem in the step 2), and after the data application support subsystem updates the data encryption calling virtual machine and the corresponding data calling interface in the step 4), the data encryption calling virtual machine and the corresponding data calling interface are encrypted and compressed to generate a corresponding virtual machine compression file;
in the development of the service application subsystem in the step 3), a virtual machine compressed file corresponding to one function item in the corresponding service application subsystem is obtained first, and then the virtual machine compressed file is decrypted and decompressed to obtain a data encryption calling virtual machine and a data calling interface corresponding to the corresponding function item.
In the distributed development method of the database application system, as an improved scheme, after a virtual machine compressed file corresponding to one function item in the service application subsystem is generated in the step 2) and the step 4), the virtual machine compressed file is stored in a storage medium;
in the development of the service application subsystem in the step 3), the storage medium is read to obtain a virtual machine compressed file corresponding to one function item in the corresponding service application subsystem.
In the distributed development method of the database application system, as an improved scheme, after a function execution program module and a corresponding data feedback interface thereof are generated in the development of the service application subsystem in the step 3), the function execution program module and the corresponding data feedback interface thereof are encrypted and compressed to generate a corresponding program module compressed file;
in the step 4), the data application support subsystem first obtains the program module compressed file corresponding to the function item in the service application subsystem, and then decrypts and decompresses the program module compressed file to obtain the function execution program module and the data feedback interface corresponding to the corresponding function item.
In the distributed development method of the database application system, as an improved scheme, a program module compressed file corresponding to a function item is generated in the development of the service application subsystem in the step 3), and then is stored in a storage medium;
in the step 4), the data application support subsystem obtains the program module compressed file corresponding to the function item in the service application subsystem by reading the storage medium.
In the distributed development method of the database application system, as an improvement scheme, after the data encryption calling virtual machine and the corresponding data calling interface thereof are generated in the data application support subsystem in the step 2), and after the data application support subsystem updates the data encryption calling virtual machine and the corresponding data calling interface thereof in the step 4), the data encryption calling virtual machine and the corresponding data calling interface thereof are stored in a storage medium;
in the development of the service application subsystem in the step 3), a storage medium is read to obtain a data encryption calling virtual machine and a data calling interface corresponding to a function item in the corresponding service application subsystem, and after a function execution program module and a data feedback interface corresponding to the function item are generated, the function execution program module and the data feedback interface are both stored in the storage medium;
the data application support subsystem in the step 4) obtains the function execution program module and the data feedback interface corresponding to the function item in the service application subsystem by reading the storage medium.
In the distributed development method of the database application system, as a further improvement, an anti-disclosure monitoring program is set in the storage medium, the anti-disclosure monitoring program records a specified permitted device physical address and is used for reading a device actual physical address establishing data connection with the storage medium, and if the read device actual physical address is consistent with the specified permitted device physical address, the device establishing data connection is allowed to directly read data stored in the storage medium; and if the read actual physical address of the device is not consistent with the specified allowable device physical address, hiding all data stored in the storage medium.
In the distributed development method of the database application system, as a further improvement, after the read actual physical address of the device is inconsistent with the specified permitted physical address of the device and all data stored in the storage medium are hidden by the anti-disclosure monitoring program in the storage medium, if the device establishing the data connection tries to read the hidden data, the anti-disclosure monitoring program deletes all data stored in the storage medium.
Compared with the prior art, the invention has the following beneficial effects:
1. in the distributed development method of the database application system, a semi-closed development mode that data encryption is carried out in a basic database and a data application support subsystem and data calling with limited authority is provided for development tasks of all business application subsystems is adopted, so that the development tasks of the basic database and the data application support subsystem can be developed by project development groups in a confidential range, and the development tasks of all business application subsystems can be developed in a distributed manner by other project development groups outside the confidential range, thus being beneficial to solving the contradiction between data confidentiality requirements and developer allocation, better ensuring the development progress of the database application system in an environment with confidentiality requirements, and reducing the development work difficulty and the technical cost.
2. In the distributed development method of the database application system, a multi-level anti-disclosure protection measure can be adopted in the data interaction process between the development tasks of the data application support subsystem and each service application subsystem, the data security in the distributed development environment of the database application system is enhanced, the risk of data disclosure can be effectively weakened or even avoided, and the requirements of the confidential development environment can be well met.
Drawings
FIG. 1 is a flow chart of a distributed development method of a database application system according to the present invention.
Detailed Description
Aiming at a development task of a database application system under a confidential environment, in order to better give consideration to the confidential requirement and the development progress, the invention provides a distributed development method of the database application system, and the method has the main idea that the development task aiming at a data application support subsystem is added besides the development tasks of a basic database and a plurality of service application subsystems in the database application system; the development work of the database application system comprises the steps of firstly carrying out architecture design of a basic database and development of a data application support subsystem, then respectively carrying out development of each business application subsystem, limiting access and calling permission of called data in the basic database in development of each business application subsystem by adopting a data encryption calling mechanism through the data application support subsystem, adding the functional items in the business application subsystems into the basic database through the data application support subsystem after the development of the functional items is finished, and finishing corresponding data updating, thereby gradually finishing development tasks of all the functional items in each business application subsystem and updating tasks of the basic database, and further finishing the distributed development of the whole database application system.
In this way, the development tasks of the basic database and the data application support subsystem can be developed by project development groups in a confidential range to ensure data confidentiality, the development tasks of the business application subsystems can be developed in a distributed manner by project development groups outside the confidential range, in the data application support subsystem, the access and calling authority of the project development groups outside the confidential range to the called data in the basic database is limited through a data encryption calling mechanism, after the development of the function items in the business application subsystems is completed, the function items are added into the basic database through the data application support subsystem to complete corresponding data updating, so that the project development group responsible for each business application subsystem only has the authority of accessing and calling the data information related to the developed function items, and due to different business application subsystems, the development tasks of the business application subsystems, The difference of the called data requirements exists among different function items, and the different project development groups in charge of each business application subsystem are difficult to directly share data information, so that the risk of cross leakage of the data information among the project development groups of each business application subsystem is reduced; therefore, data confidentiality is guaranteed, data coordination and synchronization between the business application subsystem and the basic database and between all related business application subsystems are not influenced, and the contradiction between the data confidentiality requirement and the allocation of technical developers is solved, so that the development progress of the database application system can be better guaranteed under the environment with the confidentiality requirement, and the development work difficulty and the technical cost are reduced.
Specifically, the development process of the distributed development method of the database application system provided by the present invention is shown in fig. 1, and the method includes the following steps:
1) and completing the architecture design of the basic database, and storing the called data for each business application subsystem in the basic database.
In the process of constructing the basic database, besides the need of completing the design of the database architecture, the related data for each service application subsystem needs to be stored in the basic database for calling. The created called data for each business application subsystem can be some source data bodies, parameters, documents, instructions, scripts and the like, and as long as the data is called by the function item in the business application subsystem and the related data when the function item performs data access and calling, the called data can be used as the required called data.
2) In the development of the data application support subsystem, called data of each function item in each service application subsystem stored in a basic database is called for encryption, a corresponding data encryption calling virtual machine is generated, an anti-cracking monitoring program used for judging that all data in the data encryption calling virtual machine are automatically deleted when illegal decryption is cracked is added into the data encryption calling virtual machine, and a data calling interface used for executing calling operation on the called data in the data encryption calling virtual machine is generated and used for limiting access and calling permission of the called data in the data encryption calling virtual machine.
The data application support subsystem is used to support distributed development tasks and therefore needs to be developed prior to the development tasks of the business application subsystem. In the development of the data application support subsystem, called data of different function items in each service application subsystem are encrypted, so that secret-related data in the called data are prevented from being randomly accessed and called, a data encryption calling virtual machine is generated after encryption, the called data can be accessed and called externally through the data encryption calling virtual machine after being encrypted, and the data encryption calling virtual machine is realized by a data calling interface executing corresponding calling operation so as to limit the access and calling permission of the called data in the data encryption calling virtual machine. The data encryption call virtual machine generated in this step may correspond to only one function item in one service application subsystem, or may correspond to a plurality of function items or all function items in one service application subsystem.
3) In the development of the service application subsystem, a data encryption calling virtual machine and a data calling interface corresponding to a function item in the corresponding service application subsystem are obtained, the called data in the data encryption calling virtual machine is obtained by using the data calling interface to complete the development of the corresponding function item, then all codes, documents and database scripts of the function item are packaged into a corresponding function execution program module, and a data feedback interface of the function execution program module is generated.
For a project development group executing the development of a service application subsystem, a data encryption calling virtual machine is equivalent to a 'black box', the data content in the virtual machine cannot be directly read, the data can only be accessed and called within a limited authority range through a data calling interface, and an anti-cracking monitoring program is added into the data encryption calling virtual machine; the anti-cracking monitoring program in the data encryption calling virtual machine is used for identifying the decryption operation of the data encryption calling virtual machine, if the decryption operation times reach the preset decryption limit times and the decryption is still not successful, the illegal decryption is judged to be cracked, and all data in the data encryption calling virtual machine can be automatically deleted; therefore, if the data encryption calling virtual machine is tried to be illegally decrypted and cracked in the development process of the service application subsystem, all data in the data encryption calling virtual machine is automatically deleted by the anti-cracking monitoring program, and therefore the effect of preventing data leakage is achieved. In the development work of one business application subsystem, development tasks of one or more function items may be involved, and after a corresponding function execution program module is generated for the development task of one function item in the business application subsystem, corresponding functions or data contents provided by the corresponding function execution program module need to be added into a basic database through a data application support subsystem so as to be ready for allowing other business application subsystems to be called by making requests to the data application support subsystem and the like, so that a data feedback interface of the function execution program module needs to be generated so as to be convenient for interfacing with the data application support subsystem.
4) The method comprises the steps of obtaining a function execution program module and a data feedback interface corresponding to a function item in a service application subsystem through the data application support subsystem, butting the corresponding function execution program module with the data application support subsystem through the data feedback interface, calling data content provided by the function execution program module, adding the data content into a basic database, and synchronously updating called data in a corresponding data encryption calling virtual machine and the corresponding data calling interface aiming at the function item in other service application subsystems relevant to the function execution program module.
After the data application support subsystem obtains the function execution program module and the data feedback interface corresponding to each function item in each service application subsystem, the file completion degree of the function execution program module needs to be evaluated first (checking the relation between the combined codes and data, establishing whether the relation is complete, and the like); if the completion degree does not meet the requirement, the project development group of the corresponding service application subsystem needs to be informed to further modify and perfect the function execution program module and the data feedback interface; if the completion degree meets the requirement, the corresponding function execution program module is butted with the data application support subsystem by using the data feedback interface, the data content provided by the function execution program module is called and added into the basic database, and simultaneously, because the data content provided by the function execution program module is added, the corresponding functions or data content provided by it may be invoked by other business application subsystems via the data application support subsystem, it is possible to cause new data content to be generated in the invoked data corresponding to the function item in the other business application subsystem, it is necessary to execute the function item in the subsystem for these other services related to the program module for this function, and synchronously updating the called data in the corresponding data encryption calling virtual machine and the corresponding data calling interface so as to meet the requirement of subsequent development of the service application subsystem.
5) And repeating and circularly executing the steps 3) -4) until the development tasks of all the functional items in each service application subsystem and the updating task of the basic database are completed, thereby completing the distributed development of the whole database application system.
In this way, after each function item in each service application subsystem is developed to obtain a corresponding function execution program module, the function execution program module is added into the basic database through the data application support subsystem and corresponding data updating is completed, so that development tasks of all function items in each service application subsystem and updating tasks of the basic database are gradually completed until distributed development tasks of the whole database application system are completed.
It can be seen from the above flow that the distributed development method of the database application system of the present invention does not adopt a totally enclosed type, i.e. the whole database application system all uses a uniform development mode, nor a totally open type, i.e. a parallel development mode in which data is completely shared between the data application support subsystem and each business application subsystem, but adopts a semi-enclosed development mode in which data encryption is performed in the basic database and the data application support subsystem, and rights-limited data invocation is provided for the development tasks of each business application subsystem, so that the development tasks of the business application subsystems can be externally opened for distributed development in the environment of data confidentiality requirement, thereby solving the contradiction between the data confidentiality requirement and the technical developer allocation, and being beneficial to better ensuring the development progress of the database application system in the environment of considering the confidentiality requirement, the development work difficulty and the technical cost are reduced.
In the development process, data transmission is needed between a project development group executing a data application support subsystem development task and a project development group executing a service application subsystem development task, and due to the complexity of a data transmission environment, direct data copying is not a safe mode, and network transmission is not a data interaction way with very good safety.
In order to enhance data confidentiality, in the distributed development process of the database application system, after the data encryption calling virtual machine and the corresponding data calling interface are generated in the data application supporting subsystem in the step 2), and after the data application supporting subsystem updates the data encryption calling virtual machine and the corresponding data calling interface in the step 4), the data encryption calling virtual machine and the corresponding data calling interface are preferably encrypted and compressed to generate a corresponding virtual machine compressed file; and in the development of the service application subsystem in the step 3), firstly, acquiring a virtual machine compressed file corresponding to one functional item in the corresponding service application subsystem, and then, carrying out decryption and decompression processing on the virtual machine compressed file to obtain a data encryption calling virtual machine and a data calling interface corresponding to the corresponding functional item. Therefore, the confidentiality in the data transmission process is further enhanced by adding an encryption protection.
Similarly, in the distributed development process of the database application system of the present invention, after the function execution program module and the corresponding data feedback interface thereof are generated in the development of the service application subsystem in step 3), the function execution program module and the corresponding data feedback interface thereof are preferably encrypted and compressed to generate a corresponding program module compressed file; in step 4), the data application support subsystem first obtains the program module compressed file corresponding to the function item in the service application subsystem, and then obtains the function execution program module and the data feedback interface corresponding to the corresponding function item by performing decryption and decompression processing on the program module compressed file. Therefore, the confidentiality in the data transmission process is further enhanced by adding an encryption protection.
As an implementation scheme for further enhancing data confidentiality, after the virtual machine compressed file corresponding to one functional item in the business application subsystem is generated in the step 2) and the step 4), the virtual machine compressed file is preferably stored in a storage medium; in the development of the service application subsystem in step 3), the storage medium can be read to obtain a virtual machine compressed file corresponding to one function item in the corresponding service application subsystem, and the data encryption calling virtual machine and the data calling interface corresponding to the corresponding function item are obtained through decryption and decompression. Correspondingly, after a program module compressed file corresponding to a function item is generated in the development of the service application subsystem in the step 3), the program module compressed file is preferably stored in a storage medium; in step 4), the data application support subsystem obtains the program module compressed file corresponding to the function item in the service application subsystem by reading the storage medium, and obtains the function execution program module and the data feedback interface corresponding to the corresponding function item through decryption and decompression processing. Therefore, data transmission is carried out between the project development group executing the data application support subsystem development task and the project development group executing the service application subsystem development task in a mode of simultaneously increasing encryption protection measures by means of the storage medium, double protection is carried out on data confidentiality, and the safety risk of a network transmission environment is avoided.
Certainly, if only from the perspective of considering the security risk of the network transmission environment, in the distributed development process of the database application system of the present invention, after the data encryption calling virtual machine and the corresponding data calling interface are generated in the data application support subsystem of step 2), and after the data encryption calling virtual machine and the corresponding data calling interface are updated in the data application support subsystem of step 4), the data encryption calling virtual machine and the corresponding data calling interface thereof may also be directly stored in the storage medium; in the development of the service application subsystem in the step 3), a storage medium is read to obtain a data encryption calling virtual machine and a data calling interface corresponding to a function item in the corresponding service application subsystem, and the data encryption calling virtual machine and the data calling interface are also stored in the storage medium after a function execution program module and a data feedback interface corresponding to the function item are generated; and 4) the data application support subsystem obtains the function execution program module and the data feedback interface corresponding to the function item in the service application subsystem by reading the storage medium. Therefore, data transmission is carried out between the project development group for executing the data application support subsystem development task and the project development group for executing the service application subsystem development task through the storage medium, and although the encryption compression processing is not specially carried out on the related data of the data encryption calling virtual machine and the related data of the function execution program module, the data leakage safety risk caused by data interaction through a network transmission environment can still be avoided.
In addition, as a further improvement, in order to better ensure data security under the condition that a storage medium is used for data interaction between development tasks of the data application support subsystem and the service application subsystem, a leakage-prevention monitoring program may be additionally arranged in the storage medium, where the leakage-prevention monitoring program records a device physical address specified for permission, and is used for reading a device actual physical address for establishing data connection with the storage medium, such as a Media Access Control (MAC) address of a reading device; if the read actual physical address of the device is consistent with the specified allowable physical address of the device, allowing the device establishing the data connection to directly read the data stored in the storage medium; and if the read actual physical address of the device is not consistent with the specified allowable device physical address, hiding all data stored in the storage medium. Therefore, designated permission equipment for reading data stored in the storage medium can be appointed between different project development groups in charge of the development task of the data application support subsystem and the development task of the business application subsystem, and the physical address of the designated permission equipment is recorded in the anti-leakage monitoring program of the storage medium, so that the designated permission equipment can normally read the data from the storage medium, and for non-designated permission equipment, the anti-leakage monitoring program prevents the non-designated permission equipment from reading the data in the storage medium in a data hiding mode, and leakage of secret-related data is avoided. In addition, a means of attempting to read the hidden data after connecting the storage medium to the non-specified permission device in an illegal manner may be faced, and therefore, in order to further prevent data leakage in such a way, in the anti-leakage monitoring program of the storage medium, an anti-leakage coping function may be added, that is, after the read actual physical address of the device is inconsistent with the physical address of the specified permission device and all data stored in the storage medium is hidden, if the device that establishes the data connection attempts to read the hidden data, the anti-leakage monitoring program deletes all data stored in the storage medium, thereby completely eliminating the possibility of data leakage.
In summary, the distributed development method of the database application system of the present invention adopts a semi-closed development mode for encrypting data in the basic database and the data application support subsystem and providing the development tasks of each service application subsystem with limited authority data call, so that the development tasks of the service application subsystems can be handed to other project development groups outside the security scope for distributed development in the environment of data security requirement, which is beneficial to solving the contradiction between the data security requirement and the configuration of technical developers, thereby better ensuring the development progress of the database application system in the environment of considering the security requirement, reducing the development work difficulty and the technical cost, and adopting multi-level anti-disclosure protection measures in the data interaction process between the development tasks of the data application support subsystem and the service application subsystems, the data confidentiality and security under the distributed development environment of the database application system are enhanced, the data leakage risk can be effectively weakened or even avoided, and the requirements of the confidential development environment are well met.
Finally, the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all of them should be covered in the claims of the present invention.

Claims (9)

1. A distributed development method of a database application system is used for developing the database application system under the environment of confidential requirements, wherein the database application system comprises a basic database and a plurality of service application subsystems, and is characterized in that the database application system also comprises a data application support subsystem for providing distributed development support; firstly, the architecture design of a basic database and the development of a data application support subsystem are carried out, then the development of each service application subsystem is respectively carried out, the data application support subsystem limits the access and calling authority of called data in the basic database in the development of each service application subsystem by adopting a data encryption calling mechanism, after the development of functional items in the service application subsystems is finished, the functional items are added into the basic database through the data application support subsystem and corresponding data updating is finished, so that the development tasks of all functional items in each service application subsystem and the updating tasks of the basic database are gradually finished, and the distributed development of the whole database application system is finished; the development process comprises the following steps:
1) completing the architecture design of a basic database, and storing the called data for each business application subsystem in the basic database;
2) in the development of the data application support subsystem, called data of each function item in each service application subsystem stored in a basic database is called for encryption, a corresponding data encryption calling virtual machine is generated, an anti-cracking monitoring program used for judging that all data in the data encryption calling virtual machine are automatically deleted when illegal decryption is cracked is added into the data encryption calling virtual machine, and a data calling interface used for executing calling operation on the called data in the data encryption calling virtual machine is generated and used for limiting access and calling permission of the called data in the data encryption calling virtual machine;
3) in the development of a business application subsystem, acquiring a data encryption calling virtual machine and a data calling interface corresponding to a function item in a corresponding business application subsystem, acquiring called data in the data encryption calling virtual machine by using the data calling interface to complete the development of the corresponding function item, then packaging all codes, documents and database scripts of the function item into a corresponding function execution program module, and generating a data feedback interface of the function execution program module;
4) acquiring a function execution program module and a data feedback interface corresponding to a function item in a service application subsystem through a data application support subsystem, butting the corresponding function execution program module with the data application support subsystem by using the data feedback interface, calling data content provided by the function execution program module, adding the data content into a basic database, and synchronously updating called data in a corresponding data encryption calling virtual machine and the corresponding data calling interface aiming at the function item in other service application subsystems relevant to the function execution program module;
5) and repeating and circularly executing the steps 3) -4) until the development tasks of all the functional items in each service application subsystem and the updating task of the basic database are completed, thereby completing the distributed development of the whole database application system.
2. The distributed development method of the database application system according to claim 1, wherein the anti-decryption monitoring program in the data encryption calling virtual machine is used for identifying decryption operations on the data encryption calling virtual machine, if the number of decryption operations reaches a preset decryption limit number and the decryption is still not successful, the data encryption calling virtual machine is determined to be decrypted illegally, and all data in the data encryption calling virtual machine is automatically deleted.
3. The distributed development method of the database application system according to claim 1, wherein after the data encryption calling virtual machine and the corresponding data calling interface thereof are generated in the data application support subsystem in step 2), and after the data encryption calling virtual machine and the corresponding data calling interface thereof are updated in the data application support subsystem in step 4), the data encryption calling virtual machine and the corresponding data calling interface thereof are encrypted and compressed to generate a corresponding virtual machine compression file;
in the development of the service application subsystem in the step 3), a virtual machine compressed file corresponding to one function item in the corresponding service application subsystem is obtained first, and then the virtual machine compressed file is decrypted and decompressed to obtain a data encryption calling virtual machine and a data calling interface corresponding to the corresponding function item.
4. The distributed development method of the database application system according to claim 3, wherein the compressed file of the virtual machine corresponding to one function item in the service application subsystem is generated in the step 2) and the step 4), and then is stored in the storage medium;
in the development of the service application subsystem in the step 3), the storage medium is read to obtain a virtual machine compressed file corresponding to one function item in the corresponding service application subsystem.
5. The distributed development method of the database application system according to claim 1, wherein after a function execution program module and a corresponding data feedback interface thereof are generated in the development of the business application subsystem in step 3), the function execution program module and the corresponding data feedback interface thereof are encrypted and compressed to generate a corresponding program module compressed file;
in the step 4), the data application support subsystem first obtains the program module compressed file corresponding to the function item in the service application subsystem, and then decrypts and decompresses the program module compressed file to obtain the function execution program module and the data feedback interface corresponding to the corresponding function item.
6. The distributed development method of a database application system according to claim 5, wherein a program module compressed file corresponding to a function item is generated in the development of the service application subsystem in step 3), and then stored in a storage medium;
in the step 4), the data application support subsystem obtains the program module compressed file corresponding to the function item in the service application subsystem by reading the storage medium.
7. The distributed development method of the database application system according to claim 1, wherein the data encryption calling virtual machine and its corresponding data calling interface are stored in the storage medium after the data encryption calling virtual machine and its corresponding data calling interface are generated in the data application support subsystem of step 2), and after the data application support subsystem updates the data encryption calling virtual machine and its corresponding data calling interface in step 4);
in the development of the service application subsystem in the step 3), a storage medium is read to obtain a data encryption calling virtual machine and a data calling interface corresponding to a function item in the corresponding service application subsystem, and after a function execution program module and a data feedback interface corresponding to the function item are generated, the function execution program module and the data feedback interface are both stored in the storage medium;
the data application support subsystem in the step 4) obtains the function execution program module and the data feedback interface corresponding to the function item in the service application subsystem by reading the storage medium.
8. The distributed development method of the database application system according to claim 4, 6 or 7, characterized in that a leakage-prevention monitoring program is provided in the storage medium, the leakage-prevention monitoring program records a device physical address specified as a permission and is used for reading a device actual physical address establishing data connection with the storage medium, and if the read device actual physical address is consistent with the device physical address specified as the permission, the device establishing data connection is allowed to directly read data stored in the storage medium; and if the read actual physical address of the device is not consistent with the specified allowable device physical address, hiding all data stored in the storage medium.
9. The distributed development method of the database application system according to claim 8, wherein after the read actual physical address of the device is inconsistent with the specified allowable physical address of the device and all data stored in the storage medium are hidden by the anti-disclosure monitoring program in the storage medium, if the device that establishes the data connection tries to read the hidden data, the anti-disclosure monitoring program deletes all data stored in the storage medium.
CN201710374209.8A 2017-05-24 2017-05-24 Distributed development method of database application system Active CN107193963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710374209.8A CN107193963B (en) 2017-05-24 2017-05-24 Distributed development method of database application system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710374209.8A CN107193963B (en) 2017-05-24 2017-05-24 Distributed development method of database application system

Publications (2)

Publication Number Publication Date
CN107193963A CN107193963A (en) 2017-09-22
CN107193963B true CN107193963B (en) 2020-04-21

Family

ID=59874336

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710374209.8A Active CN107193963B (en) 2017-05-24 2017-05-24 Distributed development method of database application system

Country Status (1)

Country Link
CN (1) CN107193963B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1976320A (en) * 2006-12-22 2007-06-06 中国建设银行股份有限公司 Data access control method and system
CN102236766A (en) * 2011-05-10 2011-11-09 桂林电子科技大学 Security data item level database encryption system
CN102646228A (en) * 2012-02-23 2012-08-22 天津市电力公司 Multi-service real-time data integration processing system and method of intelligent power grid
CN103092631A (en) * 2007-04-06 2013-05-08 西安万年科技实业有限公司 Database application system development platform and development method
CN103106372A (en) * 2013-01-17 2013-05-15 上海交通大学 Lightweight class privacy data encryption method and system for Android system
CN103778565A (en) * 2014-01-14 2014-05-07 国家电网公司 Public-data-resource sharing and exchanging system and method
CN105407097A (en) * 2015-11-26 2016-03-16 晶赞广告(上海)有限公司 Third-party based data supply method and device
CN105447398A (en) * 2014-08-15 2016-03-30 阿里巴巴集团控股有限公司 Data safety protection method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1976320A (en) * 2006-12-22 2007-06-06 中国建设银行股份有限公司 Data access control method and system
CN103092631A (en) * 2007-04-06 2013-05-08 西安万年科技实业有限公司 Database application system development platform and development method
CN102236766A (en) * 2011-05-10 2011-11-09 桂林电子科技大学 Security data item level database encryption system
CN102646228A (en) * 2012-02-23 2012-08-22 天津市电力公司 Multi-service real-time data integration processing system and method of intelligent power grid
CN103106372A (en) * 2013-01-17 2013-05-15 上海交通大学 Lightweight class privacy data encryption method and system for Android system
CN103778565A (en) * 2014-01-14 2014-05-07 国家电网公司 Public-data-resource sharing and exchanging system and method
CN105447398A (en) * 2014-08-15 2016-03-30 阿里巴巴集团控股有限公司 Data safety protection method and device
CN105407097A (en) * 2015-11-26 2016-03-16 晶赞广告(上海)有限公司 Third-party based data supply method and device

Also Published As

Publication number Publication date
CN107193963A (en) 2017-09-22

Similar Documents

Publication Publication Date Title
US9147069B2 (en) System and method for protecting computer resources from unauthorized access using isolated environment
CN102760219B (en) A kind of Android platform software protection system, method and apparatus
CN100592313C (en) Electric document anti-disclosure system and its implementing method
US10114932B2 (en) Adapting a mobile application to a partitioned environment
CN109918919A (en) Authenticate the management of variable
KR102275827B1 (en) Method and apparatus for data encryption
CN104834835A (en) Universal digital rights protection method under Windows platform
CN105303074A (en) Method for protecting security of Web application
CN113886862B (en) Trusted computing system and resource processing method based on trusted computing system
WO2024002103A1 (en) Data asset management method and data asset active management system
WO2024002102A1 (en) Active administration system for data assets, computing device, and storage medium
CN113468576A (en) Role-based data security access method and device
CN110807191B (en) Safe operation method and device of application program
WO2024002105A1 (en) Data asset usage control method, client and intermediate service platform
EP3912109B1 (en) Data sharing architecture
CN106326733A (en) Method and apparatus for managing applications in mobile terminal
US11531763B1 (en) Automated code generation using analysis of design diagrams
CN107092517B (en) SDK tool package generation method and device
US10438003B2 (en) Secure document repository
CN107193963B (en) Distributed development method of database application system
CN107392010B (en) Root operation execution method and device, terminal equipment and storage medium
CN112231753B (en) Encryption protection method and device for sensitive information in Shell script
CN115033870A (en) Anti-malicious tampering code method and device based on big data cloud deployment
JP2015185071A (en) Information track system and information track method
CN109190381B (en) Method for detecting hadoop security vulnerability

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 401331, No. 20, Chengbei Road, Shapingba District, Chongqing

Applicant after: SERVICES COLLEGE OF CPLA GROUND FORCE

Address before: 401331, No. 20, Chengbei Road, Shapingba District, Chongqing

Applicant before: LOGISTICAL ENGINEERING UNIVERSITY OF PLA

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant