CN108616502B - Web safe storage method - Google Patents
Web safe storage method Download PDFInfo
- Publication number
- CN108616502B CN108616502B CN201810200564.8A CN201810200564A CN108616502B CN 108616502 B CN108616502 B CN 108616502B CN 201810200564 A CN201810200564 A CN 201810200564A CN 108616502 B CN108616502 B CN 108616502B
- Authority
- CN
- China
- Prior art keywords
- user
- storage
- file
- module
- stored
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
A web safe storage method comprises a user module, a storage module and a safety analysis module, wherein a user initiates a storage request and verifies the identity of the user module and obtains a dynamic token of the user; a user initiates a storage request, and a security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user; the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement; and the storage module receives the file to be stored and stores the file. The invention provides a web safe storage method, which limits a file uploading path of a user by using double verification of user identity and user source, prevents file position errors, limits the user to randomly upload files and deliberately destroy storage service by analyzing user behaviors, and realizes stable storage service.
Description
Technical Field
The invention relates to the field of network communication, in particular to a web secure storage method.
Background
Currently, with the continuous development of communication technology, a series of value-added services are continuously developed. The service development system provides a platform for developing and publishing value-added services for service personnel, and can comprise a web server and a web client, and a web storage function is required to be used in the service development process.
The existing web storage has several problems, namely, file position errors between users and between systems are easy to occur; secondly, files are uploaded randomly, so that viruses can easily invade a storage system; third, without analyzing and limiting the source users of the files, it may happen that individual users intentionally destroy the storage service.
Disclosure of Invention
The invention aims to provide a web safe storage method, which limits a file uploading path of a user by using double verification of user identity and user source, prevents file position errors, and limits the user to randomly upload files and intentionally destroy storage service by analyzing user behaviors.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for web secure storage, comprising a user module, a storage module and a security analysis module, wherein the user module is used for verifying user identity and storing user information, the security analysis module is used for analyzing and detecting storage process, the storage module is used for storing files verified by the user module and the security analysis module, and the method comprises the following steps of:
step A: before a user initiates a storage request, the user module verifies the identity and acquires a dynamic token of the user;
and B: a user initiates a storage request, and the security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user;
and C: the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement;
step D: and the storage module receives the file to be stored and stores the file.
Preferably, the process comprises the steps of analyzing and detecting by the security analysis module:
step C1: the security analysis module acquires the information of the user from the user module through the dynamic token of the user;
step C2: the safety analysis module analyzes the user behavior according to a preset rule, detects whether the user is a dangerous user, and does not allow the user to execute the storage requirement if the user is detected to be a dangerous user;
step C3: if the user is detected not to be a dangerous user, then detecting whether the file to be stored by the user belongs to the file type allowing uploading, if not, not executing the storage requirement and recording the storage requirement to the user module; if the file size meets the requirement, detecting whether the size of the file to be uploaded meets the requirement, if not, not executing the storage requirement and recording the storage requirement to the user module;
step C4: if the size and the type of the file to be uploaded by the user are detected to meet the requirements, then whether the dynamic token of the user is available is detected, if not, the storage requirement is not executed, and the storage requirement is recorded in the user module;
step C5: if the dynamic token of the user is detected to be available, the security analysis module then detects whether the user has uploading authority on the file to be uploaded, and if the user does not have the uploading authority, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C6: if the user is detected to have the uploading authority on the file to be uploaded, the security analysis module detects whether the domain name of the user has the operation authority on the storage path, and if the domain name of the user does not have the operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C7: if the domain name of the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the user has the operation authority on the storage path, and if the user is detected to have no operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C8: if the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the file to be uploaded has the operation authority on the storage path, and if the file to be uploaded is detected to have no operation authority on the storage path, the storage requirement is not executed and the file is recorded to the user module.
Preferably, if the security analysis module detects that the file to be uploaded has an operation right on the storage path, the storage module then detects whether the current storage path has file duplication, if so, the file to be uploaded covers the original file on the current storage path and returns a file exclusive ID, and if not, the file to be uploaded is directly saved in the current storage path and returns the file exclusive ID.
Preferably, the user module is provided with an independent API interface.
Preferably, the security analysis module is provided with an independent API interface.
Preferably, the storage module is provided with an independent API interface.
Drawings
FIG. 1 is a framework diagram of the present invention;
FIG. 2 is a flow diagram of the web-implemented secure store of the present invention;
FIG. 3 is a flow diagram of a security analysis module detection analysis of the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
The method for web secure storage in this embodiment includes a user module, a storage module, and a security analysis module, where the user module is used to verify a user identity and store user information, the security analysis module is used to analyze and detect a storage process, and the storage module is used to store a file verified by the user module and the security analysis module, as shown in fig. 1 and fig. 2, the method includes a process of implementing web secure storage:
step A: before a user initiates a storage request, the user module verifies the identity and acquires a dynamic token of the user;
and B: a user initiates a storage request, and the security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user;
and C: the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement;
step D: and the storage module receives the file to be stored and stores the file.
According to the technical scheme, a file uploading path of a user is limited by utilizing double verification of the user identity and the user source, the identity is firstly verified before a storage request is initiated, so that a dynamic token is obtained, then the user initiates the storage request, a safety analysis module obtains a domain name or an IP address of the user, the dynamic token, a file and the storage path, and the obtained information is detected and analyzed, namely the user source is detected and analyzed, so that double verification of the user identity and the user source is realized, and the phenomenon that the position of the file is disordered can be avoided.
Preferably, as shown in fig. 3, the process includes the steps of analyzing and detecting by the security analysis module:
step C1: the security analysis module acquires the information of the user from the user module through the dynamic token of the user;
step C2: the safety analysis module analyzes the user behavior according to a preset rule, detects whether the user is a dangerous user, and does not allow the user to execute the storage requirement if the user is detected to be a dangerous user;
step C3: if the user is detected not to be a dangerous user, then detecting whether the file to be stored by the user belongs to the file type allowing uploading, if not, not executing the storage requirement and recording the storage requirement to the user module; if the file size meets the requirement, detecting whether the size of the file to be uploaded meets the requirement, if not, not executing the storage requirement and recording the storage requirement to the user module;
step C4: if the size and the type of the file to be uploaded by the user are detected to meet the requirements, then whether the dynamic token of the user is available is detected, if not, the storage requirement is not executed, and the storage requirement is recorded in the user module;
step C5: if the dynamic token of the user is detected to be available, the security analysis module then detects whether the user has uploading authority on the file to be uploaded, and if the user does not have the uploading authority, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C6: if the user is detected to have the uploading authority on the file to be uploaded, the security analysis module detects whether the domain name of the user has the operation authority on the storage path, and if the domain name of the user does not have the operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C7: if the domain name of the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the user has the operation authority on the storage path, and if the user is detected to have no operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C8: if the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the file to be uploaded has the operation authority on the storage path, and if the file to be uploaded is detected to have no operation authority on the storage path, the storage requirement is not executed and the file is recorded to the user module.
According to the technical scheme, multi-level verification of the user identity and the user source is achieved through cooperation between the security analysis module and the user module, the behavior of the user is analyzed firstly, it is ensured that the user is not a dangerous user, it is ensured that the phenomenon that the storage service is damaged intentionally by an individual user does not occur, then the type and the size of the file to be stored are analyzed and detected, it is ensured that the file belongs to the type capable of being uploaded and the size of the file do not exceed the limit, it is ensured that the phenomenon of uploading the file in disorder does not occur, then the usability of the dynamic token is detected, it is ensured that the dynamic token is available, the information of the user can be obtained by using the dynamic token, and finally the authority of uploading the file is ensured, including limitation on the file path, and it is ensured that the file position disorder between users and between systems.
Preferably, if the security analysis module detects that the file to be uploaded has an operation right on the storage path, the storage module then detects whether the current storage path has file duplication, if so, the file to be uploaded covers the original file on the current storage path and returns a file exclusive ID, and if not, the file to be uploaded is directly saved in the current storage path and returns the file exclusive ID.
Preferably, the user module is provided with an independent API interface.
Preferably, the security analysis module is provided with an independent API interface.
Preferably, the storage module is provided with an independent API interface.
The user module, the storage module and the safety analysis module are all provided with independent API interfaces, so that decoupling of services and storage is achieved, the storage system has expandability, the interfaces can be expanded aiming at different service scenes, and development cost is reduced.
The technical principle of the present invention is described above in connection with specific embodiments. The description is made for the purpose of illustrating the principles of the invention and should not be construed in any way as limiting the scope of the invention. Based on the explanations herein, those skilled in the art will be able to conceive of other embodiments of the present invention without inventive effort, which would fall within the scope of the present invention.
Claims (5)
1. A method of web secure storage, characterized by: the system comprises a user module, a storage module and a security analysis module, wherein the user module is used for verifying the identity of a user and storing user information, the security analysis module is used for analyzing, detecting and storing the process, the storage module is used for storing files verified by the user module and the security analysis module, and the process of realizing web security storage comprises the following steps:
step A: before a user initiates a storage request, the user module verifies the identity and acquires a dynamic token of the user;
and B: a user initiates a storage request, and the security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user;
and C: the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement;
step D: the storage module receives a file to be stored and stores the file;
the method comprises the following steps of analyzing and detecting by a security analysis module:
step C1: the security analysis module acquires the information of the user from the user module through the dynamic token of the user;
step C2: the safety analysis module analyzes the user behavior according to a preset rule, detects whether the user is a dangerous user, and does not allow the user to execute the storage requirement if the user is detected to be a dangerous user;
step C3: if the user is detected not to be a dangerous user, then detecting whether the file to be stored by the user belongs to the file type allowing uploading, if not, not executing the storage requirement and recording the storage requirement to the user module; if the file size meets the requirement, detecting whether the size of the file to be uploaded meets the requirement, if not, not executing the storage requirement and recording the storage requirement to the user module;
step C4: if the size and the type of the file to be uploaded by the user are detected to meet the requirements, then whether the dynamic token of the user is available is detected, if not, the storage requirement is not executed, and the storage requirement is recorded in the user module;
step C5: if the dynamic token of the user is detected to be available, the security analysis module then detects whether the user has uploading authority on the file to be uploaded, and if the user does not have the uploading authority, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C6: if the user is detected to have the uploading authority on the file to be uploaded, the security analysis module detects whether the domain name of the user has the operation authority on the storage path, and if the domain name of the user does not have the operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C7: if the domain name of the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the user has the operation authority on the storage path, and if the user is detected to have no operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C8: if the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the file to be uploaded has the operation authority on the storage path, and if the file to be uploaded is detected to have no operation authority on the storage path, the storage requirement is not executed and the file is recorded to the user module.
2. The method of claim 1, wherein the method comprises:
if the security analysis module detects that the file to be uploaded has operation authority on the storage path, the storage module detects whether the current storage path has file repetition or not, if so, the file to be uploaded covers the original file on the current storage path and returns the exclusive ID of the file, and if not, the file to be uploaded is directly stored in the current storage path and returns the exclusive ID of the file.
3. The method of claim 1, wherein the method comprises: the user module is provided with an independent API interface.
4. The method of claim 1, wherein the method comprises: the safety analysis module is provided with an independent API interface.
5. The method of claim 1, wherein the method comprises: the storage module is provided with an independent API interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810200564.8A CN108616502B (en) | 2018-03-12 | 2018-03-12 | Web safe storage method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810200564.8A CN108616502B (en) | 2018-03-12 | 2018-03-12 | Web safe storage method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108616502A CN108616502A (en) | 2018-10-02 |
CN108616502B true CN108616502B (en) | 2020-11-06 |
Family
ID=63658704
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810200564.8A Active CN108616502B (en) | 2018-03-12 | 2018-03-12 | Web safe storage method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108616502B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112052135A (en) * | 2020-07-30 | 2020-12-08 | 许继集团有限公司 | Client program user operation record and exception reporting method based on C/S architecture |
CN112565358B (en) * | 2020-11-25 | 2023-04-18 | 武汉联影医疗科技有限公司 | File uploading method, device, equipment and storage medium |
CN113014665A (en) * | 2021-03-15 | 2021-06-22 | 深圳市思迪信息技术股份有限公司 | Method, system and equipment for safely storing and downloading files in distributed system |
CN113595997A (en) * | 2021-07-14 | 2021-11-02 | 上海淇玥信息技术有限公司 | File uploading safety detection method and device and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104967591A (en) * | 2014-09-26 | 2015-10-07 | 浙江大华技术股份有限公司 | Cloud storage data read-write method and device, and read-write control method and device |
CN104980401A (en) * | 2014-04-09 | 2015-10-14 | 北京亿赛通科技发展有限责任公司 | Secure data storage system and secure data storage and reading method of NAS server |
CN106856475A (en) * | 2015-12-08 | 2017-06-16 | 佳能株式会社 | Authorization server and certification cooperative system |
WO2017120076A1 (en) * | 2016-01-04 | 2017-07-13 | Microsoft Technology Licensing, Llc | Systems and methods for the detection of advanced attackers using client side honeytokens |
CN107004094A (en) * | 2014-12-09 | 2017-08-01 | 佳能株式会社 | Information processor, the control method of information processor, information processing system and computer program |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9772787B2 (en) * | 2014-03-31 | 2017-09-26 | Amazon Technologies, Inc. | File storage using variable stripe sizes |
CN104834599B (en) * | 2015-04-24 | 2018-10-12 | 百度在线网络技术(北京)有限公司 | WEB safety detection methods and device |
CN106713360B (en) * | 2017-02-15 | 2020-05-08 | 上海市共进通信技术有限公司 | Method for realizing web encryption access and information encryption storage based on gateway equipment |
-
2018
- 2018-03-12 CN CN201810200564.8A patent/CN108616502B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104980401A (en) * | 2014-04-09 | 2015-10-14 | 北京亿赛通科技发展有限责任公司 | Secure data storage system and secure data storage and reading method of NAS server |
CN104967591A (en) * | 2014-09-26 | 2015-10-07 | 浙江大华技术股份有限公司 | Cloud storage data read-write method and device, and read-write control method and device |
CN107004094A (en) * | 2014-12-09 | 2017-08-01 | 佳能株式会社 | Information processor, the control method of information processor, information processing system and computer program |
CN106856475A (en) * | 2015-12-08 | 2017-06-16 | 佳能株式会社 | Authorization server and certification cooperative system |
WO2017120076A1 (en) * | 2016-01-04 | 2017-07-13 | Microsoft Technology Licensing, Llc | Systems and methods for the detection of advanced attackers using client side honeytokens |
Also Published As
Publication number | Publication date |
---|---|
CN108616502A (en) | 2018-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108616502B (en) | Web safe storage method | |
KR101740256B1 (en) | Apparatus for mobile app integrity assurance and method thereof | |
CN109922062B (en) | Source code leakage monitoring method and related equipment | |
CN104113549A (en) | Platform authorization method, platform server side, application client side and system | |
CN109561085A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
US8250138B2 (en) | File transfer security system and method | |
KR101989581B1 (en) | Apparatus and method for verifying file to be transmitted to internal network | |
KR20130134790A (en) | Method and system for storing the integrity information of application, method and system for checking the integrity of application | |
CN110324416B (en) | Download path tracking method, device, server, terminal and medium | |
CN107995179B (en) | Unknown threat sensing method, device, equipment and system | |
CN110222085B (en) | Processing method and device for certificate storage data and storage medium | |
KR20190127124A (en) | Method and apparatus for verifying integrity of source code and related data using blockchain | |
US11870804B2 (en) | Automated learning and detection of web bot transactions using deep learning | |
CN111818025B (en) | User terminal detection method and device | |
US20190052632A1 (en) | Authentication system, method and non-transitory computer-readable storage medium | |
KR20150133370A (en) | System and method for web service access control | |
CN107633173B (en) | File processing method and device | |
Cole et al. | ScanMe mobile: a local and cloud hybrid service for analyzing APKs | |
CN103457968B (en) | A kind of method and system disposing cloud service | |
KR101279792B1 (en) | System and method for detecting falsification of files | |
CN116015824A (en) | Unified authentication method, equipment and medium for platform | |
US9998495B2 (en) | Apparatus and method for verifying detection rule | |
CN112738118B (en) | Network threat detection method, device and system, electronic equipment and storage medium | |
US10484422B2 (en) | Prevention of rendezvous generation algorithm (RGA) and domain generation algorithm (DGA) malware over existing internet services | |
CN113596600A (en) | Security management method, device, equipment and storage medium for live broadcast embedded program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |