CN107273758A - A kind of data bank access method and equipment - Google Patents
A kind of data bank access method and equipment Download PDFInfo
- Publication number
- CN107273758A CN107273758A CN201710305785.7A CN201710305785A CN107273758A CN 107273758 A CN107273758 A CN 107273758A CN 201710305785 A CN201710305785 A CN 201710305785A CN 107273758 A CN107273758 A CN 107273758A
- Authority
- CN
- China
- Prior art keywords
- access
- account
- database
- sql statement
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The purpose of the application is to provide a kind of data bank access method and equipment, the application by create database from account, and preset access rights from account;When user is needed by accessing database from account, the access request by accessing database from account that user equipment is sent is received;Parsing filtration treatment, the SQL statement after being filtered are carried out to access request based on access rights, and the SQL statement after filtering is sent to database service equipment;The data message that database service equipment is returned based on the SQL statement after filtering is received, and data message is sent to user equipment.Using establishment database from account and its access rights, not only meet the access request of different user, it also avoid the compromised risk of the data message of the possible caused database of primary account number in shared or change data storehouse, the security and high efficiency for the data message for accessing database are ensure that simultaneously, further ensure that the security of the primary account number of database.
Description
Technical field
The application is related to computer realm, more particularly to a kind of data bank access method and equipment.
Background technology
With the development and the increase of data application scenarios of information technology, the requirements for access of data also shows obvious increase
Trend.In enterprise due to business and O&M the need for, increasing personnel need obtain database access rights.One
Aspect occurs that following four accesses Behavior- Based control along with different requirements for access:(1) user needs to have always and can visited
Ask persistent access behavior of database;(2) user can only access the regularity of database in defined preset time period
Access behavior, to afternoon can access database at 6 points in the at 9 points in the morning that such as user can only be on Monday to Friday, and at it
He can not access database the period;(3) user can only periodically access the periodic of one section of preset time period of database
Access behavior, such as user can only access databases in 9 points to 10 points of the morning of monthly one day, and other times can not access number
According to storehouse;(4) user is granted by one section of preset time period temporarily can access the provisional access behavior of database, for example with
9 points of this week a whole morning is awarded in family temporarily can access database at 6 points to afternoon, and other times can not access database.Separately
On the one hand, following two access content-controls occur along with different requirements for access:(1) user can be accessed in database
All tables and the access content-control of overall importance of field;(2) user may only access the table specified in database and field
Locality access content-control.As described above, different requirements for access result in different access Behavior- Based control and difference
Access content-control.
Access control scheme of the prior art is mainly realized in itself by database.For example pass through shared database
Account meets different access demand of the different user to database, if once shared database account is lost by a certain user
Or it is compromised if, it will the compromised risk of increase database data;In another example by it is newly-built and delete database account come
Different access demand of the different user to database is met, although so meeting different users possesses different access times
Section and access content, but this access mode adds the difficulty of database maintenance and management, and may exist new
The database account built is not deleted in time, so as to also increase the compromised risk of database data.
The content of the invention
The purpose of the application is to provide a kind of data bank access method and equipment, to solve to pass through number in the prior art
Accessed in itself during the data in database according to storehouse, may caused by data compromised excessive risk the problem of.
, should according to the one side of the application there is provided a kind of data bank access method from account management equipment end
Method includes:
Create database from account, and preset access rights from account;
Receive user equipment send pass through it is described from account access database access request;
Based on the access rights to access request progress parsing filtration treatment, the SQL statement after being filtered, and
SQL statement after the filtering is sent to database service equipment;
The data message that the database service equipment is returned based on the SQL statement after the filtering is received, and will be described
Data message is sent to the user equipment.
Further, in the above method, the quantity from account is at least one.
It is further, described to include user name from account in the above method,
It is described to receive including by the access request for accessing database from account for user equipment transmission:
Receive being asked by the access for accessing database from account for user equipment transmission corresponding with the user name
Ask.
Further, it is described the access request to be carried out at parsing filtering based on the access rights in the above method
Reason, the SQL statement after being filtered, including:
Dissection process is carried out to the access request, at least one SQL statement is obtained;
Filtration treatment, the SQL languages after being handled are carried out at least one described SQL statement based on the access rights
Sentence.
Further, it is described that dissection process is carried out to the access request in the above method, obtain at least one SQL language
Sentence, including:
Dissection process is carried out to the access request based on default resolution rules, at least one SQL statement is obtained.
Further, it is described to receive the database service equipment based on the SQL statement after the filtering in the above method
The data message of return, and the data message is sent to after the user equipment, in addition to:
Obtain and preserve the user equipment and pass through corresponding access log during the access database from account.
Further, in the above method, methods described also includes:
Delete described from account based on prefixed time interval.
Further, in the above method, methods described also includes:
Update the access rights from account.
Further, in the above method, the access rights include access time and/or access data.
According to the another aspect of the application, a kind of data bank access method in database service equipment end is additionally provided,
Wherein, methods described includes
The SQL statement after the filtering sent from account management equipment is received, wherein, the SQL statement after the filtering is by institute
State from account management equipment based on the preset access rights from account, to user equipment by described from account access database
Access request carry out parsing filtration treatment obtain;
The SQL statement after the filtering is performed, corresponding implementing result is obtained;
Will data message corresponding with the implementing result be sent to it is described from account management equipment.
Further, in the above method, the access rights include access time and/or access data.
According to the another aspect of the application, additionally provide it is a kind of for database access from account management equipment, wherein,
It is described to include from account management equipment:
Creating device, for create database from account, and preset access rights from account;
Reception device is asked, for receiving being asked by the access for accessing database from account for user equipment transmission
Ask;
Processing unit, for carrying out parsing filtration treatment to the access request based on the access rights, is filtered
SQL statement afterwards, and the SQL statement after the filtering is sent to database service equipment;
Message retransmission unit, is returned for receiving the database service equipment based on the SQL statement after the filtering
Data message, and the data message is sent to the user equipment.
Further, in the above-mentioned equipment from account management, the quantity from account is at least one.
It is further, described to include user name from account in the above-mentioned equipment from account management,
The request reception device is used for:
Receive being asked by the access for accessing database from account for user equipment transmission corresponding with the user name
Ask.
Further, in the above-mentioned equipment from account management, the processing unit is used for:
Dissection process is carried out to the access request, at least one SQL statement is obtained;
Filtration treatment, the SQL languages after being handled are carried out at least one described SQL statement based on the access rights
Sentence.
Further, in the above-mentioned equipment from account management, the processing unit is used for:
Dissection process is carried out to the access request based on default resolution rules, at least one SQL statement is obtained.
Further, in the above-mentioned equipment from account management, described information retransmission unit 14 is additionally operable to:
Obtain and preserve the user equipment and pass through corresponding access log during the access database from account.
Further, it is described also to include deleting device from account management equipment in the above-mentioned equipment from account management, wherein,
The deletion device is used for:
Delete described from account based on prefixed time interval.
Further, it is described also to include updating device from account management equipment in the above-mentioned equipment from account management, wherein,
The updating device is used for:
Update the access rights from account.
Further, in the above-mentioned equipment from account management, the access rights include access time and/or access data.
According to the another aspect of the application, a kind of database service equipment for database access is additionally provided, wherein,
The database service equipment includes
Sentence reception device, for receiving the SQL statement after the filtering sent from account management equipment, wherein, the mistake
SQL statement after filter by it is described from account management equipment based on the preset access rights from account, institute is passed through to user equipment
The access request progress parsing filtration treatment for accessing database from account is stated to obtain;
Performs device, for performing the SQL statement after the filtering, obtains corresponding implementing result;
Information transmitting apparatus, for data message corresponding with the implementing result to be sent to and described set from account management
It is standby.
Further, in above-mentioned database service equipment, the access rights include access time and/or access data.
Compared with prior art, the application by database from account management equipment end create database from account
Number, and the preset access rights from account;It is described from account pipe when user is needed by that should access database from account
Manage equipment receive user equipment send pass through it is described from account access database access request;Based on the access rights pair
The access request carries out parsing filtration treatment, the SQL statement after being filtered, and the SQL statement after the filtering is sent
Give database service equipment;The data that the database service equipment is returned based on the SQL statement after the filtering are received afterwards
Information, and the data message is sent to the user equipment.Using establishment database from account, not only meet not
With the access request of user, it is thus also avoided that the data message quilt of database caused by the primary account number in shared or change data storehouse is possible
The risk of leakage, at the same by it is preset from the access rights of account ensure that access database data message security and
High efficiency, further ensure that the security of the primary account number of database.
Further, the application is also by after database service equipment end receives the filtering sent from account management equipment
SQL statement, wherein, SQL statement after the filtering by it is described from account management equipment based on the preset access from account
Authority, carries out parsing filtration treatment by the access request for accessing database from account to user equipment and obtains;Perform institute
The SQL statement after filtering is stated, corresponding implementing result is obtained;Will data message corresponding with the implementing result be sent to it is described
From account management equipment so that described that the data message received is transmitted into the access request from account management equipment
Corresponding user equipment, so realize user by described in establishment from account be able to access that database in data message, no
It only ensure that the security of the primary account number of database, it is thus also avoided that the leakage of the data message in database or loss, pass through institute
State and ensure that the security conducted interviews to the data message in database and flexibility from account.
Brief description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, the application's is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 shows a kind of stream of data bank access method from account management equipment end according to the application one side
Journey schematic diagram;
Fig. 2 shows a kind of data bank access method in database service equipment end that further aspect of the application is provided
Schematic flow sheet;
Fig. 3 shows to be shown according to a kind of structure from account management equipment for database access of the application one side
It is intended to;
Fig. 4 shows to be shown according to a kind of structure of database service equipment for database access of the application one side
It is intended to.
Same or analogous reference represents same or analogous part in accompanying drawing.
Embodiment
The application is described in further detail below in conjunction with the accompanying drawings.
In one typical configuration of the application, terminal, the equipment of service network and trusted party include one or more
Processor (CPU), input/output interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, magnetic disk storage or other magnetic storage apparatus or
Any other non-transmission medium, the information that can be accessed by a computing device available for storage.Defined according to herein, computer
Computer-readable recording medium does not include the data-signal and carrier wave of non-temporary computer readable media (transitory media), such as modulation.
In database access process in the embodiment of the present application, when user needs to access database, the use of database
Family equipment end obtains the access request in user accesses data storehouse, and the access request is sent into being set from account management for database
It is standby, wherein, Fig. 1 shows a kind of stream of data bank access method from account management equipment end according to the application one side
Journey schematic diagram;This method be applied to the database in database access process from account management service equipment end, including step
S11, step S12, step S13 and step S14, wherein, specifically include:
The step S11, create database from account, and preset access rights from account pass through establishment
Database from account, can be on the premise of the primary account number in change data storehouse not be needed, based on the preset access from account
Authority realizes the flexible and efficient access control to the data message of database;When user is needed by that should access data from account
During storehouse, the step S12, receive that user equipment sends passes through the access request that database is accessed from account, wherein institute
State sentence SQL statement (the Structured Query of operating database when user accesses data storehouse is included in access request
Language sentences, SQL sentence);The step S13, is entered based on the access rights to the access request
Go and parse filtration treatment, the SQL statement after being filtered, and the SQL statement after the filtering is sent to database service and set
It is standby;After the SQL statement that the database service equipment has been performed after filtering obtains implementing result, by database with holding
The corresponding data message of row result is sent to described from account management equipment, and the step S14, receives the database clothes afterwards
The data message that equipment of being engaged in is returned based on the SQL statement after the filtering, and the data message is sent to the user set
It is standby.Using establishment database from account, not only meet the access request of different user, it is thus also avoided that share or change number
According to the compromised risk of the data message of the primary account number in storehouse database caused by possible, while passing through the preset access from account
Authority ensure that the security and high efficiency for the data message for accessing database, further ensure that the primary account number of database
Security.
It should be noted that connecting (Java Data Base by java databases in the step S13
Connectivity, JDBC) or open CNC (Open Database Connectivity, ODBC) mode, will
SQL statement after the filtering is sent to database service equipment so that database service equipment receives and performs the filtering
SQL statement afterwards.
In the embodiment of the application one, in order to meet requirements for access of the different user to the data in database, the step
Can be created simultaneously in S11 at least one database that can conduct interviews from account, thus the number from account created
Measure at least one, to meet requirements for access of the different user to the data in database.Further, at least one is being created
From account when, it is in order to ensure a requirements for access that user is met from account correspondence, then described to include user from account
User name, then what the step S12 receptions user equipment was sent is included by the access request for accessing database from account:
Receive that corresponding with user name user equipment sends passes through the access request that database is accessed from account, realizes and creates
The each database access demand that the corresponding user of a user name is met from account correspondence built, it is ensured that to database access
It is simple efficient.
For example, for database A, if needing the control that conducted interviews to the data in database A in the presence of 100 users,
Create simultaneously 100 database A that can conduct interviews from account, to be used respectively for 100 users;In order to prevent from account
Corresponding relation number between user changes unrest because create it is described from account when, it is described also to include user name from account, for example from
Account 1 includes corresponding user name ID1, includes corresponding user name ID2 ... ... from account 2, includes from account 100 corresponding
User name ID100;When user name ID25 needs to conduct interviews to database A, then the corresponding users of the user name ID25 set
It is standby to by described from account 25 to the access request for accessing database is sent from account management equipment, the step S12 afterwards
Receive that corresponding with user name ID25 user equipment sends by the access request that database is accessed from account, it is logical
The demand of the access database of the user that can be simply and efficiently solved very much from account under corresponding user name is crossed, is improved
Access the efficiency of database.
In the embodiment of the application one, in the step S11 create database after account, it is necessary to each from account
Number corresponding access rights are set, the access request of different users is met to ensure different from account, wherein, it is described to visit
Ask that authority includes access time and/or accesses data.For example when creating from account 25, also need preset to access from account 25
The access time of database, and/or, it is preset that the access data (accessing content) of database can be accessed from account 25, pass through
Preset access time from account and access data, can allow the user to quickly and efficiently preset access time and/
Or access data get off to access database, the time required to reducing the access process for accessing database, the visit of access database is improved
Ask the access efficiency of process.
In the embodiment of the application one, being solved based on the access rights to the access request in the step S13
Analysis filtration treatment, the SQL statement after being filtered, including:
Dissection process is carried out to the access request, at least one SQL statement is obtained;
Filtration treatment, the SQL languages after being handled are carried out at least one described SQL statement based on the access rights
Sentence.
In the embodiment of the application one, the access request is presented in the form of packet, then the access request is data
When the user equipment end in storehouse from account using database is accessed, the packet of data base manipulation statement (i.e. SQL statement) is included, then
The step S13 need to carry out dissection process to the access request presented in the form of packet first, after obtaining dissection process
At least one SQL statement.Further, in order to be carried out to the access request presented in the form of packet preferably at parsing
Dissection process is carried out to the access request after in reason, the step S13, obtaining at least one SQL statement includes:Based on pre-
If resolution rules to the access request carry out dissection process, obtain at least one SQL statement.Here, the default solution
Analysis rule can include but is not limited to be data query sentence resolution rules, data manipulation statement resolution rules, data definition language
Sentence resolution rules and data control statement resolution rules.For example, the step S13 uses several default parsings of the example above
Rule, dissection process is carried out to the access request presented in the form of packet, obtain the user equipment end of database by from
Account accesses at least one SQL statement included during database, and then realizes the dissection process to the access request, to obtain
Specific data base manipulation statement.
Then above-described embodiment of the application, the step S13 is after dissection process is carried out to the access request
Prevent illegal data base manipulation statement from carrying out unauthorized access to database, the step S13 is based on access rights to parsing
Handle obtained at least one SQL and carry out filtration treatment, it is illegal at least one SQL that dissection process is obtained to filter out
SQL statement, with the SQL statement after being filtered.If here, the access rights include access time, being carried out to SQL statement
Filter process be:Judge respectively each SQL statement the execution time whether from account management equipment it is preset described in
In access time, if not existing, the SQL statement is abandoned and not performed;If the SQL statement is being retained, to dissection process
Obtained all SQL statements are carried out after filtration treatment, and the SQL statement after the processing remained is sent into database service
Equipment, makes the database service equipment perform the SQL statement after filtering, realizes to being obtained after access request dissection process
At least one SQL statement carries out filtration treatment, it is ensured that access the legitimacy of the SQL statement of database, and then ensure that access
Security during database.
Then the above embodiments of the present application, if the access rights include accessing data, the filtering carried out to SQL statement
Processing procedure is:Judge access content (such as the table in database, field etc.) in each SQL statement whether from account respectively
In number preset access data of management equipment, if not existing, the SQL statement is abandoned and not performed;If by the SQL
Sentence retains, after all SQL statements obtained to dissection process carry out filtration treatment, after the processing remained
SQL statement is sent to database service equipment, the database service equipment is performed the SQL statement after filtering, realizes to visiting
Ask that at least one SQL statement obtained after request analysis processing carries out filtration treatment, it is ensured that access the SQL statement of database
Legitimacy, and then ensure that access database when security.
Then the above embodiments of the present application, if the access rights include accessing data and access time, to SQL statement
The filter process of progress is:Judge the execution time of each SQL statement whether preset from account management equipment respectively
In the access time, and each SQL statement access content (such as the table in database, field etc.) whether from account pipe
Manage in the preset access data of equipment, if not existing, the SQL statement is abandoned and not performed;If existing, by the SQL
Sentence retains, after all SQL statements obtained to dissection process carry out filtration treatment, after the processing remained
SQL statement is sent to database service equipment, the database service equipment is performed the SQL statement after filtering, realizes to visiting
Ask that at least one SQL statement obtained after request analysis processing carries out accurate filtration treatment, it is ensured that access the SQL of database
The legitimacy of sentence, further ensure that security when accessing database so that only meet the user of access rights
Equipment can get the data message in preset access data in preset access time.
In the embodiment of the application one, root place, institute are can not find when there is leaking data or loss in order to avoid database
State step S14 and receive the data message that the database service equipment is returned based on the SQL statement after the filtering, and will be described
Data message is sent to after the user equipment, in addition to:Obtain and preserve the user equipment and visited by described from account
Ask corresponding access log during database so that, can be based on number after the data message in database occurs revealing or lost
According to the data message in storehouse by compromised time and/or data message, being reviewed by the access log and find access should
The compromised data message of database, by being accessed from account, and then is found in then database by which user equipment
Data message is compromised and/or the root lost where, it is ensured that data message in database sends leakage and/or loses it
After can quickly cope with problem.
In the embodiment of the application one, the application provides a kind of data bank access method from account management equipment end, also
Including:Delete described from account based on prefixed time interval.In order to save from the storage resource of account management equipment and avoid
In the insecurity from the data message in database caused by the leakage of account and/or loss created, the embodiment of the present application
From account have life cycle to establishment each, i.e., each from account since create, more than between preset time
After, then it will delete, to avoid the leakage and/or loss from account, and then further protected from account described in establishment
The security of the data message in database is demonstrate,proved, while also saving depositing from account management equipment from account described in deleting
Store up resource.
In the embodiment of the application one, the application provides a kind of data bank access method from account management equipment end, also
Including:Update the access rights from account.In order to meet different users to the different access requests of database, it is necessary to
Be updated to described from the access rights of account, with meet user equipment by it is described can be in different access from account
Access that is interior and/or accessing progress database in data, and then user is met by described from account progress database access
When different access demand.
The access request for the access database for sending user equipment from account management equipment in database is parsed
After filter processing, the SQL statement after the corresponding filtering of access request is obtained, and the SQL statement after filtering is sent to database
Service equipment carries out subsequent access processing as shown in Fig. 2 Fig. 2 shows one kind of further aspect of the application offer in database
The schematic flow sheet of the data bank access method at service equipment end;This method is applied to the database clothes in database access process
Business equipment end, wherein, methods described includes step S21, step S22 and step S23, wherein, specifically include:The step S21,
The SQL statement after the filtering sent from account management equipment is received, wherein, the SQL statement after the filtering is by described from account
Management equipment, please by the access for accessing database from account to user equipment based on the preset access rights from account
Progress parsing filtration treatment is asked to obtain;The step S22, performs the SQL statement after the filtering, obtains corresponding performing knot
Really;The step S23, will data message corresponding with the implementing result be sent to it is described from account management equipment so that institute
State and be transmitted to the corresponding user equipment of the access request, Jin Ershi from account management equipment by the data message received
Existing user by described in establishment from account be able to access that database in data message, not only ensure that the primary account number of database
Security, it is thus also avoided that the leakage of the data message in database or loss, be ensure that by described from account to database
In the security that conducts interviews of data message and flexibility.
In order to meet different access requests when different users conduct interviews to database, it is necessary to each from account
Corresponding access rights are set, the access request of different users is met to ensure different from account, wherein, it is described to access
Authority includes access time and/or accesses data.For example also needed preset from account from account management equipment when creating from account 25
Numbers 25 can access the access time of database, and/or, the preset access data that can access database from account 25 (are visited
Ask content), by the preset access time from account and access data, it can allow the user to quickly and efficiently preset
Access time and/or access data get off to access database, the time required to reducing the access process for accessing database, improve access
The access efficiency of the access process of database.
In database access process in the embodiment of the present application, when user needs to access database, the use of database
Family equipment end obtains the access request in user accesses data storehouse, and the access request is sent into being set from account management for database
It is standby, wherein, Fig. 3 shows to be shown according to a kind of structure from account management equipment for database access of the application one side
It is intended to;Applied to the database in database access process from account management service equipment end, including creating device 11, request
Reception device 12, processing unit 13 and information transmitting apparatus 14, wherein, specifically include:
The creating device 11, for create database from account, and preset access rights from account pass through
The database of establishment from account, can be on the premise of the primary account number in change data storehouse not be needed, based on preset from account
Access rights realize flexible and efficient access control to the data message of database;When user is needed by that should be visited from account
When asking database, the request reception device 12, for receive user equipment transmission by it is described from account access database
Access request;The processing unit 13, for carrying out parsing filtration treatment to the access request based on the access rights,
SQL statement after being filtered, and the SQL statement after the filtering is sent to database service equipment;In the database
Service equipment has been performed after the SQL statement after filtering obtains implementing result, by number corresponding with implementing result in database
It is believed that breath is sent to described from account management equipment, described information dispensing device 14 afterwards, for receiving the database service
The data message that equipment is returned based on the SQL statement after the filtering, and the data message is sent to the user equipment.
Using establishment database from account, not only meet the access request of different user, it is thus also avoided that share or change data
The compromised risk of the data message of database caused by the primary account number in storehouse is possible, while passing through the preset access right from account
Limit ensure that the security and high efficiency for the data message for accessing database, further ensure that the peace of the primary account number of database
Quan Xing.
It should be noted that connecting (Java Data Base by java databases in the processing unit 13
Connectivity, JDBC) or open CNC (Open Database Connectivity, ODBC) mode, will
SQL statement after the filtering is sent to database service equipment so that database service equipment receives and performs the filtering
SQL statement afterwards.
In the embodiment of the application one, in order to meet requirements for access of the different user to the data in database, the establishment
Can be created simultaneously in device 11 at least one database that can conduct interviews from account, thus create it is described from account
Quantity is at least one, to meet requirements for access of the different user to the data in database.Further, at least one is being created
It is individual from account when, in order to ensure one from account correspondence meet a user requirements for access, then it is described from account include user
User name, then it is described request reception device 12 be used for:Receive user equipment transmission corresponding with the user name passes through institute
The access request that database is accessed from account is stated, realizes that each of establishment meets the corresponding user of a user name from account correspondence
Database access demand, it is ensured that to database access it is simple efficiently.
For example, for database A, if needing the control that conducted interviews to the data in database A in the presence of 100 users,
Create simultaneously 100 database A that can conduct interviews from account, to be used respectively for 100 users;In order to prevent from account
Corresponding relation number between user changes unrest because create it is described from account when, it is described also to include user name from account, for example from
Account 1 includes corresponding user name ID1, includes corresponding user name ID2 ... ... from account 2, includes from account 100 corresponding
User name ID100;When user name ID25 needs to conduct interviews to database A, then the corresponding users of the user name ID25 set
For to by described, from account 25 to the access request for accessing database is sent from account management equipment, the request afterwards is received
What device 12 received that corresponding with user name ID25 user equipment sends passes through the access from account access database
Request, passes through the need of the access database of the user that can be simply and efficiently solved very much from account under corresponding user name
Ask, improve the efficiency for accessing database.
In the embodiment of the application one, in the creating device 11 create database after account, it is necessary to each
From account corresponding access rights are set, the access request of different users is met to ensure different from account, wherein, institute
Access rights are stated including access time and/or data are accessed.For example when creating from account 25, also need it is preset can be with from account 25
The access time of database is accessed, and/or, it is preset that the access data (accessing content) of database can be accessed from account 25,
By the preset access time from account and access data, it can allow the user to quickly and efficiently in preset access time
And/or access data get off to access database, the time required to reducing the access process for accessing database, access database is improved
The access efficiency of access process.
In the embodiment of the application one, the processing unit 13 is used for:
Dissection process is carried out to the access request, at least one SQL statement is obtained;
Filtration treatment, the SQL languages after being handled are carried out at least one described SQL statement based on the access rights
Sentence.
In the embodiment of the application one, the access request is presented in the form of packet, then the access request is data
When the user equipment end in storehouse from account using database is accessed, the packet of data base manipulation statement (i.e. SQL statement) is included, then
The processing unit 13 need to first in the form of packet present access request carry out dissection process, obtain dissection process it
At least one SQL statement afterwards.
Further, in order to the access request presented in the form of packet progress preferably dissection process, the place
Reason device 13 is used for:Dissection process is carried out to the access request based on default resolution rules, at least one SQL language is obtained
Sentence.Here, the default resolution rules can include but is not limited to be data query sentence resolution rules, data manipulation statement
Resolution rules, data definition statement resolution rules and data control statement resolution rules.For example, the processing unit 13 is using upper
Several default resolution rules of citing are stated, dissection process is carried out to the access request presented in the form of packet, counted
At least one SQL statement included during according to the user equipment end in storehouse by accessing database from account, and then realize to the visit
The dissection process of request is asked, to obtain specific data base manipulation statement.
Then above-described embodiment of the application, the processing unit 13 the access request is carried out dissection process it
Afterwards, in order to prevent illegal data base manipulation statement from carrying out unauthorized access to database, the processing unit 13 is based on access right
Limit at least one SQL obtained to dissection process and carry out filtration treatment, to filter out at least one SQL that dissection process is obtained
Illegal SQL statement, with the SQL statement after being filtered.If here, the access rights include access time, to SQL
Sentence carry out filter process be:Judge the execution time of each SQL statement whether pre- from account management equipment respectively
In the access time put, if not existing, the SQL statement is abandoned and not performed;If the SQL statement is being retained, right
All SQL statements that dissection process is obtained are carried out after filtration treatment, and the SQL statement after the processing remained is sent into number
According to storehouse service equipment, the database service equipment is performed the SQL statement after filtering, realize to access request dissection process it
At least one SQL statement obtained afterwards carries out filtration treatment, it is ensured that access the legitimacy of the SQL statement of database, and then really
Security when accessing database is protected.
Then the above embodiments of the present application, if the access rights include accessing data, the filtering carried out to SQL statement
Processing procedure is:Judge access content (such as the table in database, field etc.) in each SQL statement whether from account respectively
In number preset access data of management equipment, if not existing, the SQL statement is abandoned and not performed;If by the SQL
Sentence retains, after all SQL statements obtained to dissection process carry out filtration treatment, after the processing remained
SQL statement is sent to database service equipment, the database service equipment is performed the SQL statement after filtering, realizes to visiting
Ask that at least one SQL statement obtained after request analysis processing carries out filtration treatment, it is ensured that access the SQL statement of database
Legitimacy, and then ensure that access database when security.
Then the above embodiments of the present application, if the access rights include accessing data and access time, to SQL statement
The filter process of progress is:Judge the execution time of each SQL statement whether preset from account management equipment respectively
In the access time, and each SQL statement access content (such as the table in database, field etc.) whether from account pipe
Manage in the preset access data of equipment, if not existing, the SQL statement is abandoned and not performed;If existing, by the SQL
Sentence retains, after all SQL statements obtained to dissection process carry out filtration treatment, after the processing remained
SQL statement is sent to database service equipment, the database service equipment is performed the SQL statement after filtering, realizes to visiting
Ask that at least one SQL statement obtained after request analysis processing carries out accurate filtration treatment, it is ensured that access the SQL of database
The legitimacy of sentence, further ensure that security when accessing database so that only meet the user of access rights
Equipment can get the data message in preset access data in preset access time.
In the embodiment of the application one, root place, institute are can not find when there is leaking data or loss in order to avoid database
Information transmitting apparatus 14 is stated for receiving the data that the database service equipment is returned based on the SQL statement after the filtering
Information, and the data message is sent to after the user equipment, it is additionally operable to:Obtain and preserve the user equipment and pass through
Corresponding access log during the access database from account so that, the data message in database occurs revealing or loses it
Afterwards, it can be reviewed simultaneously by the access log based on the data message in database by compromised time and/or data message
Find and access the compromised data message of the database by which user equipment by being accessed from account, and then find
When database in data message is compromised and/or the root lost where, it is ensured that data message in database sends and let out
Problem can be quickly coped with after dew and/or loss.
In the embodiment of the application one, the application provide it is a kind of for database access from account management equipment, in addition to
Device is deleted, wherein, the deletion device is used for:Delete described from account based on prefixed time interval.In order to save from account
The data message from the leakage of account and/or caused by losing in database that the storage resource of management equipment and avoiding is created
Insecurity, from account have life cycle to each of establishment in the embodiment of the present application, i.e., each is from account
Since establishment, after prefixed time interval, then it will be deleted described in establishment from account, to avoid the leakage from account
And/or lose, and then the further security of the data message in guarantee database, while from account described in deleting,
Save the storage resource from account management equipment.
In the embodiment of the application one, the application provide it is a kind of for database access from account management equipment, in addition to
Updating device, wherein, the updating device is used for:Update the access rights from account.In order to meet different users couple
The different access requests of database are passed through with meeting user equipment, it is necessary to be updated to described from the access rights of account
It is described to carry out the access of database in different access times and/or in access data from account, and then meet user
Pass through the different access demand during progress database access from account.
The access request for the access database for sending user equipment from account management equipment in database is parsed
After filter processing, the SQL statement after the corresponding filtering of access request is obtained, and the SQL statement after filtering is sent to database
Service equipment carries out subsequent access processing, the database service equipment as shown in figure 4, Fig. 4 is shown according to the application on one side
A kind of database service equipment for database access structural representation;Applied to the data in database access process
Storehouse service equipment end, wherein, methods described includes sentence reception device 21, performs device 22 and information transmitting apparatus 23, wherein,
Specifically include:The sentence reception device 21, for receiving the SQL statement after the filtering sent from account management equipment, wherein,
SQL statement after the filtering by it is described from account management equipment based on the preset access rights from account, to user equipment
Parsing filtration treatment is carried out by the access request for accessing database from account to obtain;The performs device 22, for holding
SQL statement after the row filtering, obtains corresponding implementing result;Described information dispensing device 23, for that will be performed with described
As a result corresponding data message is sent to described from account management equipment so that it is described from account management equipment by the institute received
State data message and be transmitted to the corresponding user equipment of the access request, so realize user by described in establishment from account energy
The data message in database is enough accessed, the security of the primary account number of database is not only ensure that, it is thus also avoided that in database
The leakage of data message or loss, from account the security conducted interviews to the data message in database is ensure that by described
And flexibility.
In order to meet different access requests when different users conduct interviews to database, it is necessary to each from account
Corresponding access rights are set, the access request of different users is met to ensure different from account, wherein, it is described to access
Authority includes access time and/or accesses data.For example also needed preset from account from account management equipment when creating from account 25
Numbers 25 can access the access time of database, and/or, the preset access data that can access database from account 25 (are visited
Ask content), by the preset access time from account and access data, it can allow the user to quickly and efficiently preset
Access time and/or access data get off to access database, the time required to reducing the access process for accessing database, improve access
The access efficiency of the access process of database.
In summary, the application by database from account management equipment end create database from account, and in advance
Put the access rights from account;It is described from account management equipment when user is needed by that should access database from account
Receive user equipment send pass through it is described from account access database access request;Visited based on the access rights described
Ask that request carries out parsing filtration treatment, the SQL statement after being filtered, and the SQL statement after the filtering is sent to data
Storehouse service equipment;The data message that the database service equipment is returned based on the SQL statement after the filtering is received afterwards, and
The data message is sent to the user equipment.Using establishment database from account, not only meet different user
Access request, it is thus also avoided that share or change data storehouse primary account number may caused by database data message it is compromised
Risk, at the same by it is preset from the access rights of account ensure that access database data message security and efficiently
Property, it further ensure that the security of the primary account number of database.I.e. in embodiments herein, the access of database is being accessed
During, add database controls the authority in user accesses data storehouse from account management equipment, enormously simplify logarithm
The complexity of the management such as change and deletion according to the primary account number in storehouse, and the access rights from account for the database for passing through establishment
It is preset, to improve the security in user accesses data storehouse.
Further, the application is also by after database service equipment end receives the filtering sent from account management equipment
SQL statement, wherein, SQL statement after the filtering by it is described from account management equipment based on the preset access from account
Authority, carries out parsing filtration treatment by the access request for accessing database from account to user equipment and obtains;Perform institute
The SQL statement after filtering is stated, corresponding implementing result is obtained;Will data message corresponding with the implementing result be sent to it is described
From account management equipment so that described that the data message received is transmitted into the access request from account management equipment
Corresponding user equipment, so realize user by described in establishment from account be able to access that database in data message, no
It only ensure that the security of the primary account number of database, it is thus also avoided that the leakage of the data message in database or loss, pass through institute
State and ensure that the security conducted interviews to the data message in database and flexibility from account.
It should be noted that the application can be carried out in the assembly of software and/or software and hardware, for example, can adopt
Realized with application specific integrated circuit (ASIC), general purpose computer or any other similar hardware device.In one embodiment
In, the software program of the application can realize steps described above or function by computing device.Similarly, the application
Software program (including related data structure) can be stored in computer readable recording medium storing program for performing, for example, RAM memory,
Magnetically or optically driver or floppy disc and similar devices.In addition, some steps or function of the application can employ hardware to realize, example
Such as, as coordinating with processor so as to performing the circuit of each step or function.
In addition, the part of the application can be applied to computer program product, such as computer program instructions, when its quilt
When computer is performed, by the operation of the computer, it can call or provide according to the present processes and/or technical scheme.
And the programmed instruction of the present processes is called, it is possibly stored in fixed or moveable recording medium, and/or pass through
Broadcast or the data flow in other signal bearing medias and be transmitted, and/or be stored according to described program instruction operation
In the working storage of computer equipment.Here, including a device according to one embodiment of the application, the device includes using
In the memory and processor for execute program instructions of storage computer program instructions, wherein, when the computer program refers to
When order is by the computing device, method and/or skill of the plant running based on foregoing multiple embodiments according to the application are triggered
Art scheme.
It is obvious to a person skilled in the art that the application is not limited to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit herein or essential characteristic, the application can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, scope of the present application is by appended power
Profit is required rather than described above is limited, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the application.Any reference in claim should not be considered as to the claim involved by limitation.This
Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in device claim is multiple
Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table
Show title, and be not offered as any specific order.
Claims (22)
1. a kind of data bank access method from account management equipment end, wherein, methods described includes:
Create database from account, and preset access rights from account;
Receive user equipment send pass through it is described from account access database access request;
Parsing filtration treatment is carried out to the access request based on the access rights, the SQL statement after being filtered, and by institute
State the SQL statement after filtering and be sent to database service equipment;
The data message that the database service equipment is returned based on the SQL statement after the filtering is received, and by the data
Information is sent to the user equipment.
2. according to the method described in claim 1, wherein, the quantity from account be at least one.
3. method according to claim 2, wherein, it is described to include user name from account,
It is described to receive including by the access request for accessing database from account for user equipment transmission:
Receive that corresponding with user name user equipment sends passes through the access request from account access database.
4. according to the method described in claim 1, wherein, it is described that the access request is parsed based on the access rights
Filtration treatment, the SQL statement after being filtered, including:
Dissection process is carried out to the access request, at least one SQL statement is obtained;
Filtration treatment, the SQL statement after being handled are carried out at least one described SQL statement based on the access rights.
5. method according to claim 4, wherein, it is described that dissection process is carried out to the access request, obtain at least one
Individual SQL statement, including:
Dissection process is carried out to the access request based on default resolution rules, at least one SQL statement is obtained.
6. according to the method described in claim 1, wherein, it is described receive the database service equipment based on the filtering after
The data message that SQL statement is returned, and the data message is sent to after the user equipment, in addition to:
Obtain and preserve the user equipment and pass through corresponding access log during the access database from account.
7. according to the method described in claim 1, wherein, methods described also includes:
Delete described from account based on prefixed time interval.
8. according to the method described in claim 1, wherein, methods described also includes:
Update the access rights from account.
9. method according to any one of claim 1 to 8, wherein, the access rights include access time and/or visit
Ask data.
10. a kind of data bank access method in database service equipment end, wherein, methods described includes
Receive the SQL statement after the filtering sent from account management equipment, wherein, SQL statement after the filtering by it is described from
Account management equipment passes through the visit that database is accessed from account based on the preset access rights from account to user equipment
Ask that request carries out parsing filtration treatment and obtained;
The SQL statement after the filtering is performed, corresponding implementing result is obtained;
Will data message corresponding with the implementing result be sent to it is described from account management equipment.
11. method according to claim 10, wherein, the access rights include access time and/or access data.
12. it is a kind of for database access from account management equipment, wherein, it is described include from account management equipment:
Creating device, for create database from account, and preset access rights from account;
Ask reception device, for receive user equipment transmission by it is described from account access database access request;
Processing unit, for carrying out parsing filtration treatment to the access request based on the access rights, after being filtered
SQL statement, and the SQL statement after the filtering is sent to database service equipment;
Message retransmission unit, for receiving the data that the database service equipment is returned based on the SQL statement after the filtering
Information, and the data message is sent to the user equipment.
13. it is according to claim 12 from account management equipment, wherein, the quantity from account is at least one.
14. it is according to claim 13 from account management equipment, wherein, it is described to include user name from account,
The request reception device is used for:
Receive that corresponding with user name user equipment sends passes through the access request from account access database.
15. it is according to claim 12 from account management equipment, wherein, the processing unit is used for:
Dissection process is carried out to the access request, at least one SQL statement is obtained;
Filtration treatment, the SQL statement after being handled are carried out at least one described SQL statement based on the access rights.
16. it is according to claim 15 from account management equipment, wherein, the processing unit is used for:
Dissection process is carried out to the access request based on default resolution rules, at least one SQL statement is obtained.
17. it is according to claim 12 from account management equipment, wherein, described information retransmission unit 14 is additionally operable to:
Obtain and preserve the user equipment and pass through corresponding access log during the access database from account.
18. it is according to claim 12 from account management equipment, wherein, it is described also to include deleting dress from account management equipment
Put, wherein, the deletion device is used for:
Delete described from account based on prefixed time interval.
19. it is according to claim 12 from account management equipment, wherein, it is described also to include more new clothes from account management equipment
Put, wherein, the updating device is used for:
Update the access rights from account.
20. according to any one of claim 12 to 19 from account management equipment, wherein, the access rights include visit
Ask the time and/or access data.
21. a kind of database service equipment for database access, wherein, the database service equipment includes
Sentence reception device, for receiving the SQL statement after the filtering sent from account management equipment, wherein, after the filtering
SQL statement by it is described from account management equipment based on the preset access rights from account, to user equipment by it is described from
The access request progress parsing filtration treatment that account accesses database is obtained;
Performs device, for performing the SQL statement after the filtering, obtains corresponding implementing result;
Information transmitting apparatus, for will data message corresponding with the implementing result be sent to it is described from account management equipment.
22. database service equipment according to claim 21, wherein, the access rights include access time and/or
Access data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710305785.7A CN107273758A (en) | 2017-05-03 | 2017-05-03 | A kind of data bank access method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710305785.7A CN107273758A (en) | 2017-05-03 | 2017-05-03 | A kind of data bank access method and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107273758A true CN107273758A (en) | 2017-10-20 |
Family
ID=60073667
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710305785.7A Pending CN107273758A (en) | 2017-05-03 | 2017-05-03 | A kind of data bank access method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107273758A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795485A (en) * | 2019-10-29 | 2020-02-14 | 杭州求是优脉科技有限公司 | Database access method, device and equipment |
| CN112487451A (en) * | 2020-11-30 | 2021-03-12 | 北京字跳网络技术有限公司 | Display method and device and electronic equipment |
| CN112800463A (en) * | 2021-02-02 | 2021-05-14 | 天津五八到家货运服务有限公司 | Information processing method, device and system |
| CN112989401A (en) * | 2019-12-13 | 2021-06-18 | 北京金山云网络技术有限公司 | Authority management method and device, electronic equipment and storage medium |
| CN113438082A (en) * | 2021-06-21 | 2021-09-24 | 郑州阿帕斯数云信息科技有限公司 | Database access method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708316A (en) * | 2012-04-19 | 2012-10-03 | 北京华胜天成科技股份有限公司 | Method for isolating data in multi-tenant architecture |
| CN104766023A (en) * | 2015-02-02 | 2015-07-08 | 苏州全维软件科技有限公司 | User management method based on ORACLE database |
-
2017
- 2017-05-03 CN CN201710305785.7A patent/CN107273758A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708316A (en) * | 2012-04-19 | 2012-10-03 | 北京华胜天成科技股份有限公司 | Method for isolating data in multi-tenant architecture |
| CN104766023A (en) * | 2015-02-02 | 2015-07-08 | 苏州全维软件科技有限公司 | User management method based on ORACLE database |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110795485A (en) * | 2019-10-29 | 2020-02-14 | 杭州求是优脉科技有限公司 | Database access method, device and equipment |
| CN112989401A (en) * | 2019-12-13 | 2021-06-18 | 北京金山云网络技术有限公司 | Authority management method and device, electronic equipment and storage medium |
| CN112487451A (en) * | 2020-11-30 | 2021-03-12 | 北京字跳网络技术有限公司 | Display method and device and electronic equipment |
| CN112800463A (en) * | 2021-02-02 | 2021-05-14 | 天津五八到家货运服务有限公司 | Information processing method, device and system |
| CN113438082A (en) * | 2021-06-21 | 2021-09-24 | 郑州阿帕斯数云信息科技有限公司 | Database access method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107273758A (en) | A kind of data bank access method and equipment | |
| US11995124B2 (en) | Query language interoperability in a graph database | |
| WO2020001108A1 (en) | Block chain-based data processing method and device | |
| US8887271B2 (en) | Method and system for managing object level security using an object definition hierarchy | |
| US11971867B2 (en) | Global column indexing in a graph database | |
| CN110443059A (en) | Data guard method and device | |
| US10691658B2 (en) | Automatically optimizing resource usage on a target database management system to increase workload performance | |
| US11210410B2 (en) | Serving data assets based on security policies by applying space-time optimized inline data transformations | |
| CN103959264A (en) | Managing redundant immutable files using deduplication in storage clouds | |
| US9531830B2 (en) | Odata offline cache for mobile device | |
| CN101493826A (en) | Database system based on WEB application and data management method thereof | |
| CN110414259A (en) | A kind of method and apparatus for constructing data element, realizing data sharing | |
| EP2570943B1 (en) | Protection of data privacy in an enterprise system | |
| JP2023520212A (en) | Privacy-centric data security in cloud environments | |
| US20140149387A1 (en) | Database row access control | |
| KR101797483B1 (en) | Technique for processing query in database management system | |
| US20160210273A1 (en) | In-memory workspace management | |
| CN109491971A (en) | A kind of file filter method, apparatus, equipment and computer readable storage medium | |
| DE202021102320U1 (en) | System for implementing sub-database replication | |
| US20160034700A1 (en) | Search permissions within hierarchically associated data | |
| US20170220656A1 (en) | Information Access System | |
| US10606502B2 (en) | Data aging infrastructure for automatically determining aging temperature | |
| US8438146B2 (en) | Generating containers for electronic records based on configurable parameters | |
| CN116860862B (en) | Front-end caching method of low-code platform and related equipment | |
| US20240061723A1 (en) | Identifying Cluster Idleness For Cluster Shutdown |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171020 |
|
| RJ01 | Rejection of invention patent application after publication |