Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present invention provide a method and an apparatus for operating a container. The technical scheme is as follows:
in one aspect, a DB2 database management method is provided, the method is applied to a database management system, the database management system comprises a man-in-the-middle platform, and collects database session information on a data collection man-in-the-middle platform, the method comprises:
acquiring a structural body for data analysis;
filling the database session information into a session space in the structure body;
in the current session duration, reading the request data of the DB2 through the intermediary platform to obtain a message corresponding to the selected type code, filtering the message by a blacklist, filling an operation display structure according to the content of the filtered message, and generating a request display frame at a webpage end;
analyzing the database response and filling a response display frame, and filling the inquired data or operation return codes into the webpage end through the man-in-the-middle platform to generate a visual data display report;
and forming a preset log format based on a preset man-in-the-middle frame and forwarding the recombined DB2 control data.
Optionally, the obtaining a structural body for data analysis includes:
formulating analysis structure content according to operation requirements, wherein the analysis structure content at least comprises a network session information space, an operation display structure and a response display frame;
and forming an executable file by compiling the codes, and sending the executable file to the man-in-the-middle environment for execution.
Optionally, the filling the database session information into the session space in the structure body includes:
and acquiring session information and user information from a DB2 client and a server through the man-in-the-middle platform, and filling the session information and the user information into a session space in the structure body, wherein the session information and the user information comprise a session ID, a user name, a password, a database name and login time.
Optionally, the method further includes:
and generating a conversation log according to the mechanism of the man-in-the-middle platform, the conversation information and the user information, and displaying the conversation information and the user information through the webpage end.
Optionally, analyzing the database response and filling a response display frame, and filling the queried data or operation return code into the webpage through the broker platform to generate a visual data display report, including:
for returned data corresponding to any version of client, determining the data position of the returned data through a specific type code, and determining the cell content of the data record through a rebound method;
and submitting the cell content to a response display frame of the webpage end for display, and recording the execution duration and the number of the affected lines.
Optionally, the forming a preset log format and forwarding the recombined DB2 control data based on the preset man-in-the-middle frame includes:
displaying session data in a list form, wherein the session data comprises session data, request data and response data;
when a click instruction of a control corresponding to a session data position is received, displaying a target window, wherein request content corresponding to the click instruction is displayed in the target window, and response information is displayed in a form below the request content;
and forwarding the processed original data.
In another aspect, there is provided a DB2 database management apparatus, the apparatus being applied to a database management system including a man-in-the-middle platform and collecting database session information on a data collection man-in-the-middle platform, the apparatus including:
the acquisition module is used for acquiring a structural body for data analysis;
the filling module is used for filling the database session information into a session space in the structural body;
the first generation module is used for reading the request data of the DB2 through the intermediary platform within the current session duration time, obtaining the message corresponding to the selected type code, performing blacklist filtering on the message, filling an operation display structure according to the content of the filtered message, and generating a request display frame at a webpage end;
the second generation module is used for analyzing the database response and filling a response display frame, and filling the inquired data or the operation return code into the webpage end through the man-in-the-middle platform to generate a visual data display report;
and the forwarding module is used for forming a preset log format and forwarding the recombined DB2 control data based on a preset man-in-the-middle frame.
Optionally, the filling module is used for
And acquiring session information and user information from a DB2 client and a server through the man-in-the-middle platform, and filling the session information and the user information into a session space in the structure body, wherein the session information and the user information comprise a session ID, a user name, a password, a database name and login time.
Optionally, the first generating module is configured to:
for returned data corresponding to any version of client, determining the data position of the returned data through a specific type code, and determining the cell content of the data record through a rebound device;
and submitting the cell content to a response display frame of the webpage end for display, and recording the execution duration and the number of the affected lines.
Optionally, the forwarding module is configured to:
displaying session data in a list form, wherein the session data comprises session data, request data and response data;
when a click instruction of a control corresponding to a session data position is received, displaying a target window, wherein request content corresponding to the click instruction is displayed in the target window, and response information is displayed in a form below the request content;
and forwarding the processed original data.
The invention provides a DB2 database management method, (1) a login mechanism which can acquire login authority regardless of a user name and a password of a client can be realized, and an internal database manager can debug a database management scheme conveniently. (2) The method can realize a set of management scheme which can analyze the flow of any DB2 database regardless of the client and the DB2 version, and has the characteristics of safety isolation, cross-platform, space resource saving and the like. (3) Real-time forwarding is realized, and chip memory resources are saved. The method has the characteristics of safety isolation, cross-platform performance, space resource saving and the like.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The embodiment of the invention provides a DB2 database management method, which is characterized in that the method is applied to a database management system, the database management system comprises a man-in-the-middle platform, the database session information is collected on the data collection man-in-the-middle platform, and the database management system also comprises a web server and a client (also called a web server). As shown in fig. 1, the method comprises the steps of:
step 101, obtaining a structure for data analysis.
In the implementation, a total analysis template needs to be designed, wherein the content of the total analysis template at least comprises a network session information space, a request display frame and a response display frame; the specific treatment process may include the following steps:
step one, formulating analysis structure content according to operation requirements, wherein the analysis structure content at least comprises a network session information space, an operation display structure and a response display frame.
Wherein, the content of the analysis structure body is the content of the total analysis template.
And step two, forming an executable file by compiling the codes, and sending the executable file to the man-in-the-middle environment for execution.
The relevant codes of the database management method provided by the embodiment of the invention run in an MITM (man in the middle) environment, a data analysis structure body, a character string matching algorithm, a packing algorithm and the like of the database management method are all deployed in an embedded L inux operating system environment of a middle person, and a data display frame (comprising a request/response) is deployed on a webpage server.
Step 102, filling the database session information into a session space in the structure body.
In implementation, the broker platform will obtain session information and user information from the DB2 client (i.e., the client described above) and the web server, and then fill in the session space, thereby generating a session unit and presenting the corresponding session data on the web side. The session information and the user information may be referred to as user characteristic information, and the user characteristic information may include session information and user information including a session ID, a user name, a password, a database name, a login time, and the like. Then, a conversation log is generated according to the mechanism of the man-in-the-middle platform and the user characteristic information, and the user characteristic information (namely the conversation information and the user information) is displayed through a webpage end. The specific treatment process may be as follows:
preferably, referring to fig. 2, each DB2 session is initialized and state classification is performed for the session.
The session state types include complete information, incomplete information, in-process operation, end and the like.
If the information such as network five-tuple, login time, session ID, FIFO (First Input First Output, First Input First Output queue) space, etc. is complete, the "request/response" in the operation processing in step 103 is entered, otherwise, the session is blocked or released according to the management requirement. The operation processing means that each operation in the session is processed in a time-series linear sequence, and the state of the session in the middle man is ended after the processing is completed.
Referring to fig. 3, it is a flowchart of the DB2 data management method based on the man-in-the-middle and string matching algorithm of the present invention; in the step of security check, when a session is initialized, the management method can match with the input user name, password and database name to determine whether injected characters exist, and if so, the session establishment is blocked.
Referring to fig. 3, in the step of "security check", a default password may be set, and the default password is replaced by the default password regardless of the password input by the request issuer, so as to facilitate login.
Referring to FIG. 4, a flow chart for parsing the operation and populating each request/response presentation framework according to the present invention is shown; the man-in-the-middle platform in the operation process classifies each operation according to the own DB2 status code.
Step 103, reading the request data of the DB2 through the man-in-the-middle platform within the current session duration to obtain the message corresponding to the selected type code, filtering the blacklist of the message, filling the operation display structure according to the content of the filtered message, and generating a request display frame at the webpage end.
In implementation, in the current session duration, the broker platform may read the request data of the DB2, obtain messages corresponding to the selected type codes, then perform blacklist filtering on the messages, further fill the operation display structure according to the filtered messages, and generate a request display frame at the web page side.
Referring to fig. 4, a DB2 status code corresponding to the request is selected, the request sql is read according to the offset and length information of the DB2 header, and regular expression matching is used to detect whether there is an injected character.
And 104, analyzing the database response, filling a response display frame, filling the inquired data or the operation return code into a webpage end through the man-in-the-middle platform, and generating a visual data display report.
In implementation, for the returned data corresponding to the client with any version, the data position of the returned data is determined through the specific type code, and the returned data is filled into a response display frame of the webpage end through a jump back method to determine the cell content of the data record, so that a visual data display report is generated and displayed, and meanwhile, the execution time length and the number of the affected lines can be recorded. The specific treatment process may be as follows:
referring to fig. 5, the format of the server-side return data table is slightly different under different DB2 clients and versions, the main difference is that the header encapsulation format is different by 1-3 bytes at the edge, the transition character is different by 0x00 and 0xff, etc., which causes different DB2 client data to be displayed as a garbled code under the standard client. However, there is a fixed separator 0xff (round box) between the columns in the header, the information to be extracted (thin box) is preceded and followed by a large segment 0x00, and 15 bytes ahead of it have fixed 4 bytes of information indicating the data type of the column, beginning with 0xc, from which the following matching algorithm jumps:
finding a prefix 0 xff;
match 0 xc;
matching 0x 00000000, and finding the 1 st non-0 byte as the length of the column name;
matching the length of the column name and obtaining the position of the right end of the column name according to the length skip;
matching 0x 00000000 again at the position, if the matching is successful, extracting the column name at the position located in the step c
Searching the prefix 0xff again, jumping to b if found, otherwise ending the algorithm
The above algorithm may ensure that the database management methods mentioned herein have cross-platform characteristics.
And 105, forming a preset log format based on a preset man-in-the-middle frame, and forwarding the recombined DB2 control data.
In implementation, the web page end can display session data in a list form, the session data comprises session, request and response data, when a click instruction of a control corresponding to a certain session data position is received, a target window is displayed, content requested by the click instruction is displayed in the target window, response information is displayed in a form below the content, and the processed original data are forwarded.
Referring to fig. 6 and 7, an example of a request/response exposure framework of the present invention is shown. The effect of the customer playback and data template display can be seen in fig. 6 and 7.
In addition, the difference between the buffer management caching strategy of the traditional plain and the buffer management caching strategy in the data forwarding process is that the middle man platform immediately performs forwarding once processing a complete data packet, and the traditional method performs forwarding after the whole frame is completely cached.
Based on the invention, the memory consumption can be reduced from the frame length level to the data packet length level, and the memory requirement on the intermediate human equipment is reduced, thereby avoiding the communication congestion caused by the overlarge frame length and having no influence on the original communication data with higher probability.
In the invention, any database operation is subjected to content analysis and efficient recombination by a man-in-the-middle, so that unsafe operation caused by direct database operation by a user is effectively avoided.
The embodiment of the invention provides a DB2 database management method, (1) a login mechanism capable of acquiring login authority regardless of a user name and a password of a client can be realized, and an internal database manager can debug a database management scheme conveniently. (2) The method can realize a set of management scheme which can analyze the flow of any DB2 database regardless of the client and the DB2 version, and has the characteristics of safety isolation, cross-platform, space resource saving and the like. (3) Real-time forwarding is realized, and chip memory resources are saved. The method has the characteristics of safety isolation, cross-platform performance, space resource saving and the like.
Based on the same technical concept, as shown in fig. 8, an embodiment of the present invention further provides a DB2 database management apparatus, where the apparatus is applied to a database management system, the database management system includes a man-in-the-middle platform, and collects database session information on a data collection man-in-the-middle platform, and the apparatus includes:
an obtaining module 810, configured to obtain a structural body for data analysis;
a filling module 820, configured to fill the database session information into a session space in the structure;
the first generation module 830 is configured to, within the current session duration, read request data of the DB2 through the broker platform, obtain a message corresponding to the selected type code, perform blacklist filtering on the message, fill an operation display structure according to content of the filtered message, and generate a request display frame at a web page end;
the second generation module 840 is used for analyzing the database response and filling a response display frame, and filling the inquired data or operation return code into the webpage end through the man-in-the-middle platform to generate a visual data display report;
and the forwarding module 850 is used for forming a preset log format and forwarding the recombined DB2 control data based on the preset man-in-the-middle frame.
Optionally, the filling module 820 is used for
And acquiring session information and user information from a DB2 client and a server through the man-in-the-middle platform, and filling the session information and the user information into a session space in the structure body, wherein the session information and the user information comprise a session ID, a user name, a password, a database name and login time.
Optionally, the first generating module 830 is configured to:
for returned data corresponding to any version of client, determining the data position of the returned data through a specific type code, and determining the cell content of the data record through a rebound device;
and submitting the cell content to a response display frame of the webpage end for display, and recording the execution duration and the number of the affected lines.
Optionally, the forwarding module 850 is configured to:
displaying session data in a list form, wherein the session data comprises session data, request data and response data;
when a click instruction of a control corresponding to a session data position is received, displaying a target window, wherein request content corresponding to the click instruction is displayed in the target window, and response information is displayed in a form below the request content;
and forwarding the processed original data.
The embodiment of the invention provides a DB2 database management device, (1) a login mechanism capable of acquiring login authority regardless of a user name and a password of a client can be realized, and an internal database manager can debug a database management scheme conveniently. (2) The method can realize a set of management scheme which can analyze the flow of any DB2 database regardless of the client and the DB2 version, and has the characteristics of safety isolation, cross-platform, space resource saving and the like. (3) Real-time forwarding is realized, and chip memory resources are saved. The method has the characteristics of safety isolation, cross-platform performance, space resource saving and the like.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention and are not limited. Although the present invention has been described in detail with reference to the embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the spirit and scope of the invention as defined in the appended claims.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.