CN108616502B - Web safe storage method - Google Patents

Web safe storage method Download PDF

Info

Publication number
CN108616502B
CN108616502B CN201810200564.8A CN201810200564A CN108616502B CN 108616502 B CN108616502 B CN 108616502B CN 201810200564 A CN201810200564 A CN 201810200564A CN 108616502 B CN108616502 B CN 108616502B
Authority
CN
China
Prior art keywords
user
storage
file
module
stored
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810200564.8A
Other languages
Chinese (zh)
Other versions
CN108616502A (en
Inventor
何健辉
林家伟
叶梅霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Eflycloud Computing Co Ltd
Original Assignee
Guangdong Eflycloud Computing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Eflycloud Computing Co Ltd filed Critical Guangdong Eflycloud Computing Co Ltd
Priority to CN201810200564.8A priority Critical patent/CN108616502B/en
Publication of CN108616502A publication Critical patent/CN108616502A/en
Application granted granted Critical
Publication of CN108616502B publication Critical patent/CN108616502B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A web safe storage method comprises a user module, a storage module and a safety analysis module, wherein a user initiates a storage request and verifies the identity of the user module and obtains a dynamic token of the user; a user initiates a storage request, and a security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user; the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement; and the storage module receives the file to be stored and stores the file. The invention provides a web safe storage method, which limits a file uploading path of a user by using double verification of user identity and user source, prevents file position errors, limits the user to randomly upload files and deliberately destroy storage service by analyzing user behaviors, and realizes stable storage service.

Description

Web safe storage method
Technical Field
The invention relates to the field of network communication, in particular to a web secure storage method.
Background
Currently, with the continuous development of communication technology, a series of value-added services are continuously developed. The service development system provides a platform for developing and publishing value-added services for service personnel, and can comprise a web server and a web client, and a web storage function is required to be used in the service development process.
The existing web storage has several problems, namely, file position errors between users and between systems are easy to occur; secondly, files are uploaded randomly, so that viruses can easily invade a storage system; third, without analyzing and limiting the source users of the files, it may happen that individual users intentionally destroy the storage service.
Disclosure of Invention
The invention aims to provide a web safe storage method, which limits a file uploading path of a user by using double verification of user identity and user source, prevents file position errors, and limits the user to randomly upload files and intentionally destroy storage service by analyzing user behaviors.
In order to achieve the purpose, the invention adopts the following technical scheme:
a method for web secure storage, comprising a user module, a storage module and a security analysis module, wherein the user module is used for verifying user identity and storing user information, the security analysis module is used for analyzing and detecting storage process, the storage module is used for storing files verified by the user module and the security analysis module, and the method comprises the following steps of:
step A: before a user initiates a storage request, the user module verifies the identity and acquires a dynamic token of the user;
and B: a user initiates a storage request, and the security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user;
and C: the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement;
step D: and the storage module receives the file to be stored and stores the file.
Preferably, the process comprises the steps of analyzing and detecting by the security analysis module:
step C1: the security analysis module acquires the information of the user from the user module through the dynamic token of the user;
step C2: the safety analysis module analyzes the user behavior according to a preset rule, detects whether the user is a dangerous user, and does not allow the user to execute the storage requirement if the user is detected to be a dangerous user;
step C3: if the user is detected not to be a dangerous user, then detecting whether the file to be stored by the user belongs to the file type allowing uploading, if not, not executing the storage requirement and recording the storage requirement to the user module; if the file size meets the requirement, detecting whether the size of the file to be uploaded meets the requirement, if not, not executing the storage requirement and recording the storage requirement to the user module;
step C4: if the size and the type of the file to be uploaded by the user are detected to meet the requirements, then whether the dynamic token of the user is available is detected, if not, the storage requirement is not executed, and the storage requirement is recorded in the user module;
step C5: if the dynamic token of the user is detected to be available, the security analysis module then detects whether the user has uploading authority on the file to be uploaded, and if the user does not have the uploading authority, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C6: if the user is detected to have the uploading authority on the file to be uploaded, the security analysis module detects whether the domain name of the user has the operation authority on the storage path, and if the domain name of the user does not have the operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C7: if the domain name of the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the user has the operation authority on the storage path, and if the user is detected to have no operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C8: if the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the file to be uploaded has the operation authority on the storage path, and if the file to be uploaded is detected to have no operation authority on the storage path, the storage requirement is not executed and the file is recorded to the user module.
Preferably, if the security analysis module detects that the file to be uploaded has an operation right on the storage path, the storage module then detects whether the current storage path has file duplication, if so, the file to be uploaded covers the original file on the current storage path and returns a file exclusive ID, and if not, the file to be uploaded is directly saved in the current storage path and returns the file exclusive ID.
Preferably, the user module is provided with an independent API interface.
Preferably, the security analysis module is provided with an independent API interface.
Preferably, the storage module is provided with an independent API interface.
Drawings
FIG. 1 is a framework diagram of the present invention;
FIG. 2 is a flow diagram of the web-implemented secure store of the present invention;
FIG. 3 is a flow diagram of a security analysis module detection analysis of the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
The method for web secure storage in this embodiment includes a user module, a storage module, and a security analysis module, where the user module is used to verify a user identity and store user information, the security analysis module is used to analyze and detect a storage process, and the storage module is used to store a file verified by the user module and the security analysis module, as shown in fig. 1 and fig. 2, the method includes a process of implementing web secure storage:
step A: before a user initiates a storage request, the user module verifies the identity and acquires a dynamic token of the user;
and B: a user initiates a storage request, and the security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user;
and C: the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement;
step D: and the storage module receives the file to be stored and stores the file.
According to the technical scheme, a file uploading path of a user is limited by utilizing double verification of the user identity and the user source, the identity is firstly verified before a storage request is initiated, so that a dynamic token is obtained, then the user initiates the storage request, a safety analysis module obtains a domain name or an IP address of the user, the dynamic token, a file and the storage path, and the obtained information is detected and analyzed, namely the user source is detected and analyzed, so that double verification of the user identity and the user source is realized, and the phenomenon that the position of the file is disordered can be avoided.
Preferably, as shown in fig. 3, the process includes the steps of analyzing and detecting by the security analysis module:
step C1: the security analysis module acquires the information of the user from the user module through the dynamic token of the user;
step C2: the safety analysis module analyzes the user behavior according to a preset rule, detects whether the user is a dangerous user, and does not allow the user to execute the storage requirement if the user is detected to be a dangerous user;
step C3: if the user is detected not to be a dangerous user, then detecting whether the file to be stored by the user belongs to the file type allowing uploading, if not, not executing the storage requirement and recording the storage requirement to the user module; if the file size meets the requirement, detecting whether the size of the file to be uploaded meets the requirement, if not, not executing the storage requirement and recording the storage requirement to the user module;
step C4: if the size and the type of the file to be uploaded by the user are detected to meet the requirements, then whether the dynamic token of the user is available is detected, if not, the storage requirement is not executed, and the storage requirement is recorded in the user module;
step C5: if the dynamic token of the user is detected to be available, the security analysis module then detects whether the user has uploading authority on the file to be uploaded, and if the user does not have the uploading authority, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C6: if the user is detected to have the uploading authority on the file to be uploaded, the security analysis module detects whether the domain name of the user has the operation authority on the storage path, and if the domain name of the user does not have the operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C7: if the domain name of the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the user has the operation authority on the storage path, and if the user is detected to have no operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C8: if the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the file to be uploaded has the operation authority on the storage path, and if the file to be uploaded is detected to have no operation authority on the storage path, the storage requirement is not executed and the file is recorded to the user module.
According to the technical scheme, multi-level verification of the user identity and the user source is achieved through cooperation between the security analysis module and the user module, the behavior of the user is analyzed firstly, it is ensured that the user is not a dangerous user, it is ensured that the phenomenon that the storage service is damaged intentionally by an individual user does not occur, then the type and the size of the file to be stored are analyzed and detected, it is ensured that the file belongs to the type capable of being uploaded and the size of the file do not exceed the limit, it is ensured that the phenomenon of uploading the file in disorder does not occur, then the usability of the dynamic token is detected, it is ensured that the dynamic token is available, the information of the user can be obtained by using the dynamic token, and finally the authority of uploading the file is ensured, including limitation on the file path, and it is ensured that the file position disorder between users and between systems.
Preferably, if the security analysis module detects that the file to be uploaded has an operation right on the storage path, the storage module then detects whether the current storage path has file duplication, if so, the file to be uploaded covers the original file on the current storage path and returns a file exclusive ID, and if not, the file to be uploaded is directly saved in the current storage path and returns the file exclusive ID.
Preferably, the user module is provided with an independent API interface.
Preferably, the security analysis module is provided with an independent API interface.
Preferably, the storage module is provided with an independent API interface.
The user module, the storage module and the safety analysis module are all provided with independent API interfaces, so that decoupling of services and storage is achieved, the storage system has expandability, the interfaces can be expanded aiming at different service scenes, and development cost is reduced.
The technical principle of the present invention is described above in connection with specific embodiments. The description is made for the purpose of illustrating the principles of the invention and should not be construed in any way as limiting the scope of the invention. Based on the explanations herein, those skilled in the art will be able to conceive of other embodiments of the present invention without inventive effort, which would fall within the scope of the present invention.

Claims (5)

1. A method of web secure storage, characterized by: the system comprises a user module, a storage module and a security analysis module, wherein the user module is used for verifying the identity of a user and storing user information, the security analysis module is used for analyzing, detecting and storing the process, the storage module is used for storing files verified by the user module and the security analysis module, and the process of realizing web security storage comprises the following steps:
step A: before a user initiates a storage request, the user module verifies the identity and acquires a dynamic token of the user;
and B: a user initiates a storage request, and the security analysis module acquires a domain name, a dynamic token, a file to be stored and a path required to be stored of the user;
and C: the security analysis module analyzes and detects the acquired domain name, the dynamic token, the file to be stored and the path required to be stored of the user, checks whether the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement, and sends the file to the storage module if the domain name, the dynamic token, the file to be stored and the path required to be stored meet the storage requirement;
step D: the storage module receives a file to be stored and stores the file;
the method comprises the following steps of analyzing and detecting by a security analysis module:
step C1: the security analysis module acquires the information of the user from the user module through the dynamic token of the user;
step C2: the safety analysis module analyzes the user behavior according to a preset rule, detects whether the user is a dangerous user, and does not allow the user to execute the storage requirement if the user is detected to be a dangerous user;
step C3: if the user is detected not to be a dangerous user, then detecting whether the file to be stored by the user belongs to the file type allowing uploading, if not, not executing the storage requirement and recording the storage requirement to the user module; if the file size meets the requirement, detecting whether the size of the file to be uploaded meets the requirement, if not, not executing the storage requirement and recording the storage requirement to the user module;
step C4: if the size and the type of the file to be uploaded by the user are detected to meet the requirements, then whether the dynamic token of the user is available is detected, if not, the storage requirement is not executed, and the storage requirement is recorded in the user module;
step C5: if the dynamic token of the user is detected to be available, the security analysis module then detects whether the user has uploading authority on the file to be uploaded, and if the user does not have the uploading authority, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C6: if the user is detected to have the uploading authority on the file to be uploaded, the security analysis module detects whether the domain name of the user has the operation authority on the storage path, and if the domain name of the user does not have the operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C7: if the domain name of the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the user has the operation authority on the storage path, and if the user is detected to have no operation authority on the storage path, the security analysis module does not execute the storage requirement and records the storage requirement to the user module;
step C8: if the user is detected to have the operation authority on the storage path, the security analysis module then detects whether the file to be uploaded has the operation authority on the storage path, and if the file to be uploaded is detected to have no operation authority on the storage path, the storage requirement is not executed and the file is recorded to the user module.
2. The method of claim 1, wherein the method comprises:
if the security analysis module detects that the file to be uploaded has operation authority on the storage path, the storage module detects whether the current storage path has file repetition or not, if so, the file to be uploaded covers the original file on the current storage path and returns the exclusive ID of the file, and if not, the file to be uploaded is directly stored in the current storage path and returns the exclusive ID of the file.
3. The method of claim 1, wherein the method comprises: the user module is provided with an independent API interface.
4. The method of claim 1, wherein the method comprises: the safety analysis module is provided with an independent API interface.
5. The method of claim 1, wherein the method comprises: the storage module is provided with an independent API interface.
CN201810200564.8A 2018-03-12 2018-03-12 Web safe storage method Active CN108616502B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810200564.8A CN108616502B (en) 2018-03-12 2018-03-12 Web safe storage method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810200564.8A CN108616502B (en) 2018-03-12 2018-03-12 Web safe storage method

Publications (2)

Publication Number Publication Date
CN108616502A CN108616502A (en) 2018-10-02
CN108616502B true CN108616502B (en) 2020-11-06

Family

ID=63658704

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810200564.8A Active CN108616502B (en) 2018-03-12 2018-03-12 Web safe storage method

Country Status (1)

Country Link
CN (1) CN108616502B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112052135A (en) * 2020-07-30 2020-12-08 许继集团有限公司 Client program user operation record and exception reporting method based on C/S architecture
CN112565358B (en) * 2020-11-25 2023-04-18 武汉联影医疗科技有限公司 File uploading method, device, equipment and storage medium
CN113014665A (en) * 2021-03-15 2021-06-22 深圳市思迪信息技术股份有限公司 Method, system and equipment for safely storing and downloading files in distributed system
CN113595997A (en) * 2021-07-14 2021-11-02 上海淇玥信息技术有限公司 File uploading safety detection method and device and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104967591A (en) * 2014-09-26 2015-10-07 浙江大华技术股份有限公司 Cloud storage data read-write method and device, and read-write control method and device
CN104980401A (en) * 2014-04-09 2015-10-14 北京亿赛通科技发展有限责任公司 Secure data storage system and secure data storage and reading method of NAS server
CN106856475A (en) * 2015-12-08 2017-06-16 佳能株式会社 Authorization server and certification cooperative system
WO2017120076A1 (en) * 2016-01-04 2017-07-13 Microsoft Technology Licensing, Llc Systems and methods for the detection of advanced attackers using client side honeytokens
CN107004094A (en) * 2014-12-09 2017-08-01 佳能株式会社 Information processor, the control method of information processor, information processing system and computer program

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9772787B2 (en) * 2014-03-31 2017-09-26 Amazon Technologies, Inc. File storage using variable stripe sizes
CN104834599B (en) * 2015-04-24 2018-10-12 百度在线网络技术(北京)有限公司 WEB safety detection methods and device
CN106713360B (en) * 2017-02-15 2020-05-08 上海市共进通信技术有限公司 Method for realizing web encryption access and information encryption storage based on gateway equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980401A (en) * 2014-04-09 2015-10-14 北京亿赛通科技发展有限责任公司 Secure data storage system and secure data storage and reading method of NAS server
CN104967591A (en) * 2014-09-26 2015-10-07 浙江大华技术股份有限公司 Cloud storage data read-write method and device, and read-write control method and device
CN107004094A (en) * 2014-12-09 2017-08-01 佳能株式会社 Information processor, the control method of information processor, information processing system and computer program
CN106856475A (en) * 2015-12-08 2017-06-16 佳能株式会社 Authorization server and certification cooperative system
WO2017120076A1 (en) * 2016-01-04 2017-07-13 Microsoft Technology Licensing, Llc Systems and methods for the detection of advanced attackers using client side honeytokens

Also Published As

Publication number Publication date
CN108616502A (en) 2018-10-02

Similar Documents

Publication Publication Date Title
CN108616502B (en) Web safe storage method
KR101740256B1 (en) Apparatus for mobile app integrity assurance and method thereof
CN109922062B (en) Source code leakage monitoring method and related equipment
CN104113549A (en) Platform authorization method, platform server side, application client side and system
CN109561085A (en) A kind of auth method based on EIC equipment identification code, server and medium
US8250138B2 (en) File transfer security system and method
KR101989581B1 (en) Apparatus and method for verifying file to be transmitted to internal network
KR20130134790A (en) Method and system for storing the integrity information of application, method and system for checking the integrity of application
CN110324416B (en) Download path tracking method, device, server, terminal and medium
CN107995179B (en) Unknown threat sensing method, device, equipment and system
CN110222085B (en) Processing method and device for certificate storage data and storage medium
KR20190127124A (en) Method and apparatus for verifying integrity of source code and related data using blockchain
US11870804B2 (en) Automated learning and detection of web bot transactions using deep learning
CN111818025B (en) User terminal detection method and device
US20190052632A1 (en) Authentication system, method and non-transitory computer-readable storage medium
KR20150133370A (en) System and method for web service access control
CN107633173B (en) File processing method and device
Cole et al. ScanMe mobile: a local and cloud hybrid service for analyzing APKs
CN103457968B (en) A kind of method and system disposing cloud service
KR101279792B1 (en) System and method for detecting falsification of files
CN116015824A (en) Unified authentication method, equipment and medium for platform
US9998495B2 (en) Apparatus and method for verifying detection rule
CN112738118B (en) Network threat detection method, device and system, electronic equipment and storage medium
US10484422B2 (en) Prevention of rendezvous generation algorithm (RGA) and domain generation algorithm (DGA) malware over existing internet services
CN113596600A (en) Security management method, device, equipment and storage medium for live broadcast embedded program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant