CN108734033B - Method and device for realizing safety interaction between systems - Google Patents
Method and device for realizing safety interaction between systems Download PDFInfo
- Publication number
- CN108734033B CN108734033B CN201710244629.4A CN201710244629A CN108734033B CN 108734033 B CN108734033 B CN 108734033B CN 201710244629 A CN201710244629 A CN 201710244629A CN 108734033 B CN108734033 B CN 108734033B
- Authority
- CN
- China
- Prior art keywords
- debugging
- address
- time sequence
- request
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method and a device for realizing safety interaction between systems. After the debugging system sends a debugging request to the debuggee system, the method comprises the debuggee system executing the following steps: receiving a debugging request sent by a debugging system, wherein the debugging request comprises verification information and debugging information of the debugging system; and executing a check logic on the check information of the debugging system, and executing a debugging task on the debugged system according to a check result, wherein if the check information is successfully checked, the debugged system executes the debugging task according to the debugging information and returns the debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to be executed. The invention solves the safety problem of the debugging interface between the debugging system and the debugged system in the prior art. In addition, the dynamic expansion of the checking mode can be realized, so that the expansibility of a system debugging interface is improved on the premise of ensuring the system safety and the data safety of the service system.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for realizing safety interaction between systems.
Background
The existing internet system is generally divided into a test environment, a production environment and the like, and the production environment is an environment accessed by a user, so that the production environment cannot be changed or modified freely by developers. Many companies will strictly control the online process to ensure the system service stability of the production environment. However, some abnormal situations still occur in the system of the production environment, and since the abnormal situations cannot be reproduced in the test environment, the abnormal situations are difficult to be discovered by developers. When an abnormal condition occurs, the abnormal processing time is inevitably prolonged, and further, the access of the user is influenced.
Aiming at the situation, a user can input information such as debugging codes, parameters and the like on line through a page and transmit the information to the debugging system, so that the debugging codes are dynamically executed, and whether the operating environment of the debugging system is normal or not is further checked. Fig. 1 is a schematic diagram illustrating debugging of a system in the prior art. A user inputs debugging parameters (debugging codes, parameters and the like) through a browser page and submits a debugging request containing the debugging parameters to a debugging system, the debugging system forwards the debugging request to the debugged system through an interface of the debugged system after receiving the debugging request, and the debugged system triggers a code debugging process in the debugged system.
However, the debugged system can receive the debugging request only by leaking the debugging interface to the storm, but the debugging mode seriously lacks a security wind control coping mechanism, so that a serious security risk exists, namely, a malicious user can carry out malicious attack on the debugged system by requesting the debugging interface, and further can inquire data or even modify data by writing various debugging codes. Meanwhile, after the debugging interface is on line, the upgrading process of the debugging interface is troublesome, the debugging interface is mostly developed for a service system, if an attack method occurs, in order to ensure the safe operation of the system, the debugging interface needs to be upgraded and modified correspondingly, so that a lot of extra workload is caused, and the maintenance cost is undoubtedly increased for enterprises.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for implementing inter-system security interaction, so as to solve the security problem of a debug interface between a debug system and a debugged system in the prior art, and improve the extensibility of the system debug interface on the premise of ensuring the system security and data security of a service system.
To achieve the above object, according to one aspect of the present invention, a method for implementing secure interaction between systems is provided. After a debugging system sends a debugging request to a debuggee system, the method includes the debuggee system executing the following steps:
receiving the debugging request sent by the debugging system, wherein the debugging request comprises verification information and debugging information of the debugging system;
executing a check logic on the check information of the debugging system, and executing a debugging task on the debugged system according to a check result, wherein the check logic is used for checking the check information of the debugging system, and the debugging task is executed on the debugged system
And if the verification of the verification information is successful, the debugged system executes a debugging task according to the debugging information and returns a debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to execute.
Optionally, the verification information includes but is not limited to: the Token value of the debugged system, the IP address of the debugging system and the debugging time sequence number for initiating the debugging request for one time;
the debugging information includes but is not limited to: and executing the operation instruction of the debugging task corresponding to the debugging request.
Optionally, the method further comprises: before the debugging system sends the debugging request to the debugged system, acquiring the checking information, and setting the checking information into a request header of the debugging request, wherein the request header is a Key-Value form data set.
Optionally, the executing the check logic on the check information of the debugging system includes:
acquiring an IP address of the debugging system;
judging whether the IP address exists in a preset IP address data table or not, if the IP address does not exist in the preset IP address data table, setting the data type of the IP address as a blacklist type, and informing the debugging system that the debugging task is failed to be executed;
if the IP address exists in a preset IP address data table, judging whether the data type of the IP address is a white list type, if so, informing the debugging system that the verification is successful, otherwise, setting the data type of the IP address as a black list type, and informing the debugging system that the debugging task is failed to be executed.
Optionally, the executing the check logic on the check information of the debugging system further includes:
receiving the debugging time sequence number when the debugging system initiates any debugging request;
and judging whether the debugging time sequence number exists in a time sequence database, if so, confirming that the debugging time sequence number is valid, otherwise, confirming that the debugging time sequence number is invalid.
According to another aspect of the present invention, there is also provided an apparatus for implementing secure interaction between systems, the apparatus including:
the data receiving module is used for receiving the debugging request sent by the debugging system, and the debugging request comprises the verification information and the debugging information of the debugging system;
a data processing module for executing a check logic to the check information of the debugging system and executing a debugging task to the debugged system according to the check result, wherein the data processing module is used for executing a check logic to the check information of the debugging system and executing a debugging task to the debugged system according to the check result
And if the verification of the verification information is successful, the debugged system executes a debugging task according to the debugging information and returns a debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to execute.
Optionally, the verification information includes but is not limited to: the Token value of the debugged system, the IP address of the debugging system and the debugging time sequence number for initiating the debugging request for one time;
the debugging information includes but is not limited to: and executing the operation instruction of the debugging task corresponding to the debugging request.
Optionally, the apparatus further comprises: and the data acquisition module is used for acquiring the check information and setting the check information into a request header of the debugging request, wherein the request header is a Key-Value form data set.
Optionally, the data processing module includes:
the first acquisition module is used for acquiring the IP address of the debugging system;
the first execution module is used for judging whether the IP address exists in a preset IP address data table or not, setting the data type of the IP address as a blacklist type if the IP address does not exist in the preset IP address data table, and informing the debugging system that the debugging task fails to be executed;
and the second execution module is used for judging whether the data type of the IP address is a white list type or not if the IP address exists in a preset IP address data table, informing the debugging system of successful verification if the data type of the IP address is the white list type, otherwise, setting the data type of the IP address as a black list type, and informing the debugging system of failure in executing the debugging task.
Optionally, the data processing module further includes:
the second acquisition module is used for receiving the debugging time sequence number when the debugging system initiates any debugging request;
and the third execution module is used for judging whether the debugging time sequence number exists in the time sequence database, if the debugging time sequence number exists and the generation time of the debugging time sequence number is less than a preset threshold value, the debugging time sequence number is confirmed to be valid, otherwise, the debugging time sequence number is confirmed to be invalid.
According to another aspect of the present invention, there is also provided an electronic device including: one or more processors; and the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors realize the method for realizing the secure interaction between the systems.
According to another aspect of the present invention, there is also provided a computer readable medium, on which a computer program is stored, which when executed by a processor implements the method for implementing inter-system secure interaction provided by the present invention.
By adopting the verification logic executed on the debugging system, the safety problem of the debugging interface between the debugging system and the debugged system in the prior art is solved. In addition, the dynamic expansion of the verification mode can be carried out, particularly the technical means of dynamically expanding the request parameters, the change request parameter values and the verification logic is adopted, so that the expansibility of a system debugging interface is improved on the premise of ensuring the system safety and the data safety of a service system.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts. In the drawings:
FIG. 1 is a schematic diagram of a prior art system running debug;
FIG. 2 is a flow diagram of a method of implementing secure interactions between systems, according to an embodiment of the invention;
FIG. 3 is a schematic structural diagram of an apparatus for implementing secure interaction between systems according to an embodiment of the present invention;
FIG. 4 is a block diagram of a computer system suitable for implementing a terminal device for secure interaction between systems according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 2 is a flow chart of a method for implementing secure interaction between systems according to an embodiment of the present invention. After a debugging system sends a debugging request to a debuggee system, the method includes the debuggee system executing the following steps:
step S101: receiving the debugging request sent by the debugging system, wherein the debugging request comprises verification information and debugging information of the debugging system;
step S102: executing a check logic on the check information of the debugging system, and executing a debugging task on the debugged system according to a check result, wherein the check logic is used for checking the check information of the debugging system, and the debugging task is executed on the debugged system
And if the verification of the verification information is successful, the debugged system executes a debugging task according to the debugging information and returns a debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to execute.
Optionally, the verification information includes but is not limited to: the Token value of the debugged system, the IP address of the debugging system and the debugging time sequence number for initiating the debugging request for one time;
the debugging information includes but is not limited to: and executing the operation code of the debugging task corresponding to the debugging request.
Optionally, the method further comprises: before the debugging system sends the debugging request to the debugged system, acquiring the checking information, and setting the checking information into a request header of the debugging request, wherein the request header is a Key-Value form data set.
Optionally, the executing the check logic on the check information of the debugging system includes:
acquiring an IP address of the debugging system;
judging whether the IP address exists in a preset IP address data table or not, if the IP address does not exist in the preset IP address data table, setting the data type of the IP address as a blacklist type, and informing the debugging system that the debugging task is failed to be executed;
if the IP address exists in a preset IP address data table, judging whether the data type of the IP address is a white list type, if so, informing the debugging system that the verification is successful, otherwise, setting the data type of the IP address as a black list type, and informing the debugging system that the debugging task is failed to be executed.
Optionally, the executing the check logic on the check information of the debugging system further includes:
receiving the debugging time sequence number when the debugging system initiates any debugging request;
and judging whether the debugging time sequence number exists in a time sequence database, if so, confirming that the debugging time sequence number is valid, otherwise, confirming that the debugging time sequence number is invalid.
Examples
The present invention will be described in detail with reference to a specific embodiment, but it should be noted that the specific embodiment is only for better describing the present invention and should not be construed as limiting the present invention.
Step S201: a user initiates a debugging request, and a debugging system receives the debugging request of the user;
step S202: the debugging system acquires the Token value of the debugged system from the local cache, and if the Token value does not exist in the local cache, the step S203 is executed; if so, executing step S204;
step S203: the monitoring system obtains a Token value list of the debugged system, finds out the Token value of the current called system, stores the Token value into a local cache, and then executes the step S204;
step S204: and setting the acquired Token value of the debugged system into a set of < key, value > in the request header of the debugging request, and then sending the debugging request to the debugged system.
Step S205: after receiving the debugging request, the debugged system acquires the IP address of the debugging system, then acquires a blacklist list of preset IP addresses from a local cache, and judges whether the current IP address exists in the blacklist; if not, go to step S206; if yes, go to step S207;
step S206: the monitoring system acquires a blacklist list of preset IP addresses, stores the blacklist list in a local cache, and executes the step S207;
step S207: the debugging system checks the current IP address, judges whether the current IP address exists in a blacklist, and if so, executes the step S210; otherwise, go to step S208;
step S208: requesting the monitoring system to verify the current IP address, if the verification is not passed, informing the debugging system that the verification is not passed, and executing the step S210 by the debugging system; otherwise, the debugging system is informed that the verification is passed, and step S209 is executed;
step S209: and the debugged system executes the subsequent debugging task and returns the debugging result to the debugging system, and the debugging system displays the debugging result to the user in a page display mode.
Step S210: a debug failure is returned to the debug system.
In an embodiment of the present invention, the monitoring system performs the following check logic steps on the check information of the debug system, and the check logic may be modified correspondingly according to different specific services. The method comprises the following specific steps:
step S301: the monitoring system receives a verification request sent by a debugged system, acquires an IP address of the debugged system from a verification parameter contained in a request header of the verification request, queries whether a relevant record of the IP address exists in a database or not by using the IP address, and if the record does not exist, executes step S302, and if the record exists, executes step S303;
step S302: storing the IP address into a database, setting the data type of the IP address as a blacklist type, and executing the step S304;
step S303: judging whether the data type of the IP address is a white list type or not, and if so, returning verification success; if not, namely the blacklist, executing the step S304;
step S304: and returning the check failure.
In addition, in an embodiment of the present invention, when a user initiates a debug request to a debug system each time, after the debug system receives the debug request, the debug system inserts a debug record into a database, where the debug record includes: the name of the debugged system, the IP address, the operating instruction for the debugged system and a debugging time sequence number.
Specifically, when the debugging system sends the debugging request to the debugged system, the debugging system sends the debugging time sequence number to the debugged system together, and the debugged system sends the debugging time sequence number together with other verification parameters to the monitoring system for verification. After receiving the check parameter, the monitoring system determines whether the debugging time sequence number exists in the time sequence database, and if the debugging time sequence number exists and the generation time of the debugging time sequence number is less than a specific time (for example, 60 seconds), the monitoring system determines that the debugging time sequence number is valid, otherwise, the monitoring system determines that the debugging time sequence number is invalid.
It should be noted that the present invention can also perform function extension on the monitoring system, that is, can modify the debugging system and the monitoring system. Developers can modify the monitoring system or initiate SQL change, so that the conditions of modification, abnormal debugging and the like of online data by users can be found in time. By the invention, developers can not only debug the data repair amount through the debugging system, namely debug one piece of data each time, namely modify one piece of data, but also frequently carry out debugging requests through independently developed programs, thereby realizing debugging and modifying of a large amount of data. Specifically, the invention can limit the debugging times of the user in a certain time period by setting the debugging system and the monitoring system so as to ensure the safety and normal service of the debugged system.
Firstly, a user account is put into a parameter set of a request header of a debugging request sent to a debugged system by the debugging system each time. Then, the monitoring system obtains the user account from the parameter set of the received debugging request so as to perform statistical judgment and analysis. By judging whether the user exceeds a threshold value within a certain time or after analyzing the debugging records of the user, the malicious and abnormal debugging requests are rejected for debugging, namely the verification is failed, and further control operations such as current limiting and the like are executed for the users, for example, the user or the debugging system is set to only initiate the debugging requests for 50 times within 1 day. For example, if a user initiates a debugging request to a debugged system 10 times within a certain time range (e.g., within 1 second) through the debugging system, a normal user cannot initiate the debugging request with such a high frequency, and therefore the monitoring system confirms that the debugging system is a debugging request initiated in a non-human manner, so as to verify that the debugging is not rejected.
The method for realizing the safe interaction between the systems provided by the embodiment of the invention can effectively improve the interaction safety between the debugging system and the interface of the debugged system. Meanwhile, when the embodiment of the invention is implemented, the safety level of the verification logic and the verification parameters can be flexibly set and improved according to the specific practical application scene, so that malicious attacks under different conditions can be effectively met, and the safety of the system and the data can be practically ensured.
Fig. 3 is a schematic structural diagram of an apparatus for implementing secure interaction between systems according to an embodiment of the present invention. Wherein the device 3 comprises:
a data receiving module 31, configured to receive the debug request sent by the debug system, where the debug request includes check information and debug information of the debug system;
a data processing module 32, configured to execute a check logic on the check information of the debug system, and execute a debug task on the debugged system according to a check result, where the check result is obtained by the data processing module
And if the verification of the verification information is successful, the debugged system executes a debugging task according to the debugging information and returns a debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to execute.
Optionally, the verification information includes but is not limited to: the Token value of the debugged system, the IP address of the debugging system and the debugging time sequence number for initiating the debugging request for one time;
the debugging information includes but is not limited to: and executing the operation instruction of the debugging task corresponding to the debugging request.
Optionally, the apparatus 3 further comprises: and a data obtaining module 33, configured to obtain the check information, and set the check information into a request header of the debug request, where the request header is a Key-Value form data set.
Optionally, the data processing module 32 includes:
a first obtaining module 321, configured to obtain an IP address of the debugging system;
a first executing module 322, configured to determine whether the IP address exists in a preset IP address data table, set a data type of the IP address as a blacklist type if the IP address does not exist in the preset IP address data table, and notify the debugging system that the debugging task fails to be executed;
the second executing module 323 determines whether the data type of the IP address is a white list type if the IP address exists in a preset IP address data table, and informs the debugging system that the verification is successful if the data type of the IP address is the white list type, otherwise, sets the data type of the IP address as a black list type, and informs the debugging system that the execution of the debugging task is failed.
Optionally, the data processing module 32 further includes:
a second obtaining module 324, configured to receive the debugging time sequence number when the debugging system initiates any of the debugging requests;
a third executing module 325, configured to determine whether the debugging time sequence number exists in the time sequence database, and if the debugging time sequence number exists and the generation time of the debugging time sequence number is smaller than a preset threshold, determine that the debugging time sequence number is valid, otherwise, determine that the debugging time sequence number is invalid.
The device for realizing the secure interaction between the systems provided by the invention is a device corresponding to the method, and therefore, the details are not described herein.
Referring now to FIG. 4, a block diagram of a computer system 400 suitable for use with a terminal device implementing an embodiment of the invention is shown. The terminal device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 4, the computer system 400 includes a Central Processing Unit (CPU)401 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the system 400 are also stored. The CPU 401, ROM 402, and RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a keyboard, a mouse, and the like; an output section 407 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 408 including a hard disk and the like; and a communication section 409 including a network interface card such as a LAN card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. A driver 410 is also connected to the I/O interface 405 as needed. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 410 as necessary, so that a computer program read out therefrom is mounted into the storage section 408 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in FIG. 2. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 409, and/or installed from the removable medium 411. The above-described functions defined in the system of the present application are executed when the computer program is executed by a Central Processing Unit (CPU) 401.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a data receiving module 31 and a data processing module 32. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, an embodiment of the present invention further provides a computer-readable medium, which may be included in the apparatus described in the above embodiment; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise:
step S101: receiving the debugging request sent by the debugging system, wherein the debugging request comprises verification information and debugging information of the debugging system;
step S102: and executing a check logic on the check information of the debugging system, and executing a debugging task on the debugged system according to a check result, wherein if the check information is successfully checked, the debugged system executes the debugging task according to the debugging information and returns the debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to be executed.
According to the technical scheme of the embodiment of the invention, the safety problem of the debugging interface between the debugging system and the debugged system in the prior art is solved by adopting the verification logic executed on the debugging system. In addition, the dynamic expansion of the verification mode can be carried out, particularly the technical means of dynamically expanding the request parameters, the change request parameter values and the verification logic is adopted, so that the expansibility of a system debugging interface is improved on the premise of ensuring the system safety and the data safety of a service system.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (12)
1. A method for realizing secure interaction between systems is characterized in that after a debugging system sends a debugging request to a debuggee system, the method comprises the debuggee system executing the following steps:
receiving the debugging request sent by the debugging system, wherein the debugging request comprises verification information and debugging information of the debugging system;
executing a check logic on the check information of the debugging system, and executing a debugging task on the debugged system according to a check result; the verification information includes but is not limited to: the Token value of the debugged system, the IP address of the debugging system and the debugging time sequence number for initiating the debugging request for one time; when the check logic is executed on the check information of the debugging system, judging whether the debugging time sequence number exists in a time sequence database, if so, confirming that the debugging time sequence number is valid, otherwise, confirming that the debugging time sequence number is invalid;
and if the verification of the verification information is successful, the debugged system executes a debugging task according to the debugging information and returns a debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to execute.
2. The method of claim 1,
the debugging information includes but is not limited to: and executing the operation instruction of the debugging task corresponding to the debugging request.
3. The method of claim 1, further comprising:
before the debugging system sends the debugging request to the debugged system, acquiring the checking information, and setting the checking information into a request header of the debugging request, wherein the request header is a Key-Value form data set.
4. The method of claim 1, wherein performing check logic on the check information of the debug system comprises:
acquiring an IP address of the debugging system;
judging whether the IP address exists in a preset IP address data table or not, if the IP address does not exist in the preset IP address data table, setting the data type of the IP address as a blacklist type, and informing the debugging system that the debugging task is failed to be executed;
if the IP address exists in a preset IP address data table, judging whether the data type of the IP address is a white list type, if so, informing the debugging system that the verification is successful, otherwise, setting the data type of the IP address as a black list type, and informing the debugging system that the debugging task is failed to be executed.
5. The method of claim 1, wherein performing check logic on the check information of the debug system further comprises:
receiving the debugging time sequence number when the debugging system initiates any debugging request;
and judging whether the debugging time sequence number exists in a time sequence database, if so, confirming that the debugging time sequence number is valid, otherwise, confirming that the debugging time sequence number is invalid.
6. An apparatus for enabling secure interaction between systems, the apparatus comprising:
the debugging system comprises a data receiving module, a debugging module and a debugging module, wherein the data receiving module is used for receiving a debugging request sent by a debugging system, and the debugging request comprises verification information and debugging information of the debugging system;
the data processing module is configured to execute a check logic on the check information of the debug system, and execute a debug task on the debugged system according to a check result, where the check information includes but is not limited to: the Token value of the debugged system, the IP address of the debugging system and the debugging time sequence number for initiating the debugging request for one time; when the check logic is executed on the check information of the debugging system, judging whether the debugging time sequence number exists in a time sequence database, if so, confirming that the debugging time sequence number is valid, otherwise, confirming that the debugging time sequence number is invalid;
and if the verification of the verification information is successful, the debugged system executes a debugging task according to the debugging information and returns a debugging result to the debugging system, otherwise, the debugging system is informed that the debugging task is failed to execute.
7. The apparatus of claim 6,
the debugging information includes but is not limited to: and executing the operation code of the debugging task corresponding to the debugging request.
8. The apparatus of claim 6, further comprising:
and the data acquisition module is used for acquiring the check information and setting the check information into a request header of the debugging request, wherein the request header is a Key-Value form data set.
9. The apparatus of claim 6, wherein the data processing module comprises:
the first acquisition module is used for acquiring the IP address of the debugging system;
the first execution module is used for judging whether the IP address exists in a preset IP address data table or not, setting the data type of the IP address as a blacklist type if the IP address does not exist in the preset IP address data table, and informing the debugging system that the debugging task fails to be executed;
and the second execution module is used for judging whether the data type of the IP address is a white list type or not if the IP address exists in a preset IP address data table, informing the debugging system of successful verification if the data type of the IP address is the white list type, otherwise, setting the data type of the IP address as a black list type, and informing the debugging system of failure in executing the debugging task.
10. The apparatus of claim 6, wherein the data processing module further comprises:
the second acquisition module is used for receiving the debugging time sequence number when the debugging system initiates any debugging request;
and the third execution module is used for judging whether the debugging time sequence number exists in the time sequence database, if the debugging time sequence number exists and the generation time of the debugging time sequence number is less than a preset threshold value, the debugging time sequence number is confirmed to be valid, otherwise, the debugging time sequence number is confirmed to be invalid.
11. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5.
12. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710244629.4A CN108734033B (en) | 2017-04-14 | 2017-04-14 | Method and device for realizing safety interaction between systems |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710244629.4A CN108734033B (en) | 2017-04-14 | 2017-04-14 | Method and device for realizing safety interaction between systems |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108734033A CN108734033A (en) | 2018-11-02 |
| CN108734033B true CN108734033B (en) | 2020-12-22 |
Family
ID=63925049
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710244629.4A Active CN108734033B (en) | 2017-04-14 | 2017-04-14 | Method and device for realizing safety interaction between systems |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108734033B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111506497B (en) * | 2020-03-12 | 2023-06-16 | 平安科技(深圳)有限公司 | Business logic debugging method, device, equipment and computer readable storage medium |
| CN113722204A (en) * | 2020-05-26 | 2021-11-30 | 华为技术有限公司 | Application debugging method, system, device and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882858A (en) * | 2012-09-13 | 2013-01-16 | 江苏乐买到网络科技有限公司 | External data transmission method for cloud computing system |
| CN104935568A (en) * | 2015-04-20 | 2015-09-23 | 成都康赛信息技术有限公司 | Interface authentication signature method facing cloud platform |
| CN105933163A (en) * | 2016-06-24 | 2016-09-07 | 微梦创科网络科技(中国)有限公司 | Real-time distributed debugging tracking method and system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8762947B2 (en) * | 2010-04-01 | 2014-06-24 | Salesforce.Com, Inc. | System, method and computer program product for debugging an assertion |
| CN103684899B (en) * | 2012-09-17 | 2019-01-08 | 腾讯科技(深圳)有限公司 | remote debugging method and device |
| JP5943861B2 (en) * | 2013-02-28 | 2016-07-05 | 京セラドキュメントソリューションズ株式会社 | Remote debugging system |
| CN103440467B (en) * | 2013-08-30 | 2016-06-15 | 广东欧珀移动通信有限公司 | ADB is utilized to connect the method controlling mobile terminal |
| CN105141776A (en) * | 2015-09-14 | 2015-12-09 | 康佳集团股份有限公司 | Remote control debugging method and system based on Android equipment |
| CN106254436B (en) * | 2016-07-28 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Remote debugging method, related equipment and system |
-
2017
- 2017-04-14 CN CN201710244629.4A patent/CN108734033B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102882858A (en) * | 2012-09-13 | 2013-01-16 | 江苏乐买到网络科技有限公司 | External data transmission method for cloud computing system |
| CN104935568A (en) * | 2015-04-20 | 2015-09-23 | 成都康赛信息技术有限公司 | Interface authentication signature method facing cloud platform |
| CN105933163A (en) * | 2016-06-24 | 2016-09-07 | 微梦创科网络科技(中国)有限公司 | Real-time distributed debugging tracking method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108734033A (en) | 2018-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111416811A (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| CN112187799B (en) | Resource access policy generation method and device, storage medium and electronic equipment | |
| CN111435393A (en) | Object vulnerability detection method, device, medium and electronic equipment | |
| CN108734033B (en) | Method and device for realizing safety interaction between systems | |
| CN107741891B (en) | Object reconstruction method, medium, device and computing equipment | |
| CN109818972B (en) | Information security management method and device for industrial control system and electronic equipment | |
| CN114186206A (en) | Login method and device based on small program, electronic equipment and storage medium | |
| CN110177096B (en) | Client authentication method, device, medium and computing equipment | |
| CN113535568B (en) | Verification method, device, equipment and medium for application deployment version | |
| CN111737129B (en) | Service control method, device, computer readable medium and electronic equipment | |
| CN111191249B (en) | Safeguarding method for a safeguarding device, safeguarding device and readable storage medium | |
| CN111199003B (en) | Multi-webpage window management method, management device and terminal equipment | |
| CN109714371B (en) | Industrial control network safety detection system | |
| CN109933990B (en) | Multi-mode matching-based security vulnerability discovery method and device and electronic equipment | |
| CN108288135B (en) | System compatibility method and device, computer readable storage medium and electronic equipment | |
| CN109634868B (en) | Processing method and device for automatic test result of financial data analysis system | |
| CN111177726A (en) | System vulnerability detection method, device, equipment and medium | |
| US20180089439A1 (en) | Detection of ipc-based mobile vulnerabilities due to insufficient caller permissions | |
| CN115314258B (en) | Method and device for detecting weak password, electronic equipment and storage medium | |
| CN109614255B (en) | Transaction request processing method, device, medium and electronic equipment | |
| CN115396277B (en) | Login state management method, device, equipment and storage medium | |
| CN116527284B (en) | Data storage security determination method, device, equipment and storage medium | |
| CN115794165A (en) | Application upgrading method and device, EPS and medium | |
| CN109901935B (en) | Method and equipment for communicating with USB Key | |
| CN113238946A (en) | Method and device for detecting hook frame and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |