CN110245505A - Tables of data access method, device, computer equipment and storage medium - Google Patents

Tables of data access method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN110245505A
CN110245505A CN201910420383.0A CN201910420383A CN110245505A CN 110245505 A CN110245505 A CN 110245505A CN 201910420383 A CN201910420383 A CN 201910420383A CN 110245505 A CN110245505 A CN 110245505A
Authority
CN
China
Prior art keywords
data
tables
desensitization
mark
traversed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910420383.0A
Other languages
Chinese (zh)
Inventor
刘志涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Life Insurance Company of China Ltd
Original Assignee
Ping An Life Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Life Insurance Company of China Ltd filed Critical Ping An Life Insurance Company of China Ltd
Priority to CN201910420383.0A priority Critical patent/CN110245505A/en
Publication of CN110245505A publication Critical patent/CN110245505A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

This application involves a kind of tables of data access method, device, computer equipment and storage mediums.The described method includes: receiving the tables of data access request that terminal is sent;It accesses Authority Verification to the tables of data access request received;After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list;When inquiring tables of data mark in tables of data white list, desensitization tables of data corresponding with the tables of data mark inquired is obtained;The desensitization tables of data that will acquire is back to terminal.Desensitization tables of data corresponding with tables of data mark can be obtained using this method, the desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.

Description

Tables of data access method, device, computer equipment and storage medium
Technical field
This application involves technical field of data processing, set more particularly to a kind of tables of data access method, device, computer Standby and storage medium.
Background technique
With the development of computer technology and Internet technology, there is big data technology, more and more data are all logical Cross the Internet transmission or storage.Many business can directly be handled by internet, require to fill out greatly in transacting business Some sensitive datas are write, by sensitive data storage into corresponding large database concept.
However, traditional technology is all to guarantee database by data access authority control in order to guarantee data security In data safety, the case where avoiding the occurrence of leaking data.But there are the personnel of access authority that can visit sensitive data It asks, to still sensitive data is easy to cause to reveal, causes the situation that Information Security is lower.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide a kind of data table access that can be improved Information Security Method, apparatus, computer equipment and storage medium.
A kind of tables of data access method, which comprises
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list Know;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired Desensitization tables of data;
The desensitization tables of data that will acquire is back to terminal.
A kind of data table accessing device, described device include:
Request receiving module, for receiving the tables of data access request of terminal transmission;
Requests verification module, for accessing Authority Verification to the tables of data access request received;
Enquiry module is identified, for inquiring data table access in tables of data white list after access authority verification passes through Tables of data mark in request;
Tables of data obtains module, for obtaining and looking into when inquiring tables of data mark in tables of data white list The tables of data ask identifies corresponding desensitization tables of data;
Tables of data return module, the desensitization tables of data for will acquire are back to terminal.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing Device performs the steps of when executing the computer program
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list Know;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired Desensitization tables of data;
The desensitization tables of data that will acquire is back to terminal.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor It is performed the steps of when row
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list Know;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired Desensitization tables of data;
The desensitization tables of data that will acquire is back to terminal.
Above-mentioned tables of data access method, device, computer equipment and storage medium, in the data table access sent to terminal When the access authority verification of request passes through, the tables of data mark in tables of data access request is inquired in data white list, is being looked into When asking tables of data mark, indicating that the tables of data inquired identifies includes sensitive data in corresponding source data table.It obtains and looks into The tables of data ask identifies corresponding desensitization tables of data, and the desensitization tables of data that will acquire is back to terminal, avoids sensitive data Leakage, to improve the safety of data.
Detailed description of the invention
Fig. 1 is the application scenario diagram of tables of data access method in one embodiment;
Fig. 2 is the flow diagram of tables of data access method in one embodiment;
Fig. 3 is flow diagram the step of obtaining desensitization tables of data in one embodiment;
Fig. 4 is flow diagram the step of carrying out desensitization process to tables of data in one embodiment;
Fig. 5 is flow diagram the step of carrying out desensitization process according to desensitization process mode in one embodiment;
Fig. 6 is flow diagram the step of exporting tables of data in one embodiment;
Fig. 7 is the structural block diagram of data table accessing device in one embodiment;
Fig. 8 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not For limiting the application.
Tables of data access method provided by the present application, can be applied in application environment as shown in Figure 1.Wherein, terminal 102 are communicated with server 104 by network by network.Wherein, terminal 102 can be, but not limited to be various individual calculus Machine, laptop, smart phone, tablet computer and portable wearable device, server 104 can use independent server The either server cluster of multiple servers composition is realized.
In one embodiment, as shown in Fig. 2, providing a kind of tables of data access method, it is applied in Fig. 1 in this way Server for be illustrated, comprising the following steps:
S202 receives the tables of data access request that terminal is sent.
Specifically, terminal display has tables of data accession page, detects data access button in tables of data accession page When clicking operation, the tables of data mark of the typing in tables of data accession page is obtained, the tables of data mark got is sealed Dress generates tables of data access request by encapsulation, tables of data access request is sent to server.Server receiving terminal is sent Tables of data access request.
S204 accesses Authority Verification to the tables of data access request received.
Specifically, server parses data table access request, passes through solution after receiving tables of data access request User account and tables of data mark in tables of data access request, inquiry access right corresponding with access tables of data mark are extracted in analysis List is limited, Authority Verification is carried out to user account according to the list of access rights inquired.
In one embodiment, user account is inquired in list of access rights, when inquiring user account, determines to use Family account, which identifies corresponding tables of data to tables of data, access authority, i.e. access authority verification passes through;When not inquiring user's account Number when, determine that user account identifies corresponding tables of data to tables of data and do not have access authority, i.e. access authority verification does not pass through.
S206 inquires the data in tables of data access request after access authority verification passes through in tables of data white list Table mark.
Specifically, when authenticating to user account has access authority to the corresponding tables of data of tables of data mark, server is obtained Access is according to vindication list.Tables of data white list recites the mark of tables of data corresponding to the tables of data including sensitive data section.Clothes The tables of data that device extracts in tables of data access request of being engaged in identifies, and the tables of data mark extracted is inquired in tables of data white list. When inquiring the tables of data extracted mark in tables of data white list, indicate that the tables of data extracted identifies corresponding source number According in table include sensitive data;When not inquiring the tables of data extracted mark in tables of data white list, indicate to extract Tables of data to identify in corresponding source data table do not include sensitive data.
In one embodiment, it specifically includes after S206: being identified when not inquiring tables of data in tables of data white list When, source data table corresponding with tables of data mark is inquired, the source data table inquired is back to terminal;When in data vindication name When inquiring tables of data mark in list, S208 is executed.
Specifically, when not inquiring tables of data mark in tables of data white list, indicate that tables of data identifies corresponding number According to table without carrying out desensitization process, source data table corresponding with tables of data mark, the source number that will be inquired are inquired from database Terminal is sent to according to table.Source data table is the tables of data without desensitization data.
S208, when inquiring tables of data mark in tables of data white list, the tables of data mark that obtains and inquire Know corresponding desensitization tables of data.
Specifically, desensitization tables of data is to carry out the tables of data that desensitization process obtains to source data table.Server is in tables of data When white list inquires the tables of data mark extracted, determination is corresponding with the tables of data mark inquired from desensitization tables of data Desensitize tables of data, obtains determining desensitization tables of data.The corresponding different tables of data mark of different desensitization tables of data.It is de- The tables of data of quick tables of data existence anduniquess identifies.
S210, the desensitization tables of data that will acquire are back to terminal.
Specifically, server obtains the terminal iidentification in tables of data access request, will acquire according to terminal iidentification de- Quick tables of data is back to terminal.
In one embodiment, server obtains the user account in tables of data access request, determines that user account logs in Terminal is corresponding and terminal iidentification, terminal is sent to according to the terminal iidentification tables of data that will desensitize.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained, The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
As shown in figure 3, in one embodiment, specifically further including the steps that obtaining desensitization tables of data, the step before S202 Suddenly the following contents is specifically included:
S302, the tables of data in regular ergodic data library.
Specifically, it is provided with multiple databases in server, multiple tables of data are stored in each database.Server is fixed Phase traverses to the tables of data in each database.Server starts timing after obtaining last time traversal, when institute's timing length is equal to When predetermined time period, restart to traverse the database in each database.
S304 is determined in the tables of data traversed according to default sensitive keys word with the presence or absence of sensitive data section.
Specifically, default sensitive keys word is provided in server, default sensitive keys word include name, telephone number and At least one of address.It whether include default sensitive keys in the data segment identification in tables of data that server judgement traverses Word.When determining to include default sensitive keys word in the data segment identification in the tables of data that traverses, then it represents that the data traversed It include sensitive data section in table;When determining not include default sensitive keys word in the data segment identification in the tables of data that traverses, It then indicates not including sensitive data section in the tables of data traversed.
S306, when determining in the tables of data that traverses there are when sensitive data section, to the sensitivity in the tables of data traversed The corresponding data of data segment carry out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
Specifically, quick in the tables of data traversed there are determining when sensitive data section in the tables of data traversed when determining Feel the corresponding sensitive data of data segment, desensitization process is carried out to determining sensitive data, tables of data is time to do that treated in sb. else's name The corresponding desensitization tables of data of the tables of data gone through.
In the present embodiment, periodically the tables of data in database is traversed, is determined and is traversed according to default sensitive keys word To tables of data in whether there is sensitive data section, when determining in the tables of data that traverses there are when sensitive data section, to traversal The tables of data arrived carries out desensitization process, obtains desensitization tables of data, guarantees when accessing to tables of data, returns to desensitization data Table, to improve the safety of sensitive data.
As shown in figure 4, in one embodiment, S306 specifically includes the step of carrying out desensitization process to tables of data, the step Suddenly the following contents is specifically included:
S402, when determining in the tables of data that traverses there are when sensitive data section, according to corresponding to the tables of data traversed Tables of data mark generate desensitization acknowledgement notification.
Specifically, right there are the tables of data institute that traverses when sensitive data section, is obtained in the tables of data that traverses when determining The tables of data mark answered, is packaged the tables of data mark got, generates desensitization acknowledgement notification by encapsulation.Desensitization confirmation Whether notice determines the information that desensitization process is carried out to tables of data for notification list administrator.
Desensitization acknowledgement notification is sent to table administrator's account registration terminal by S404.
Specifically, server inquires table administrator account corresponding with tables of data mark, and acquisition is stepped on table administrator's account Desensitization acknowledgement notification is sent to terminal address according to the terminal address got and corresponded to by terminal address corresponding to the terminal of record Terminal.
S406 receives the confirmation desensitization instruction returned with table administrator's account registration terminal according to desensitization acknowledgement notification.
Specifically, with table administrator's account log in terminal receive desensitization acknowledgement notification after, to desensitization acknowledgement notification into Row parsing obtains tables of data mark by parsing, obtained tables of data mark is shown and confirms the page in desensitization, de- when detecting In the quick confirmation page when clicking operation of confirmation desensitization button, the tables of data mark of displaying is obtained, according to the tables of data got Mark generates confirmation desensitization instruction, and the confirmation desensitization instruction of generation is sent to server.Server receiving terminal is according to desensitization The confirmation that acknowledgement notification returns, which is desensitized, to be instructed.
S408 carries out desensitization process, the tables of data traversed to the tables of data traversed according to confirmation desensitization instruction Corresponding desensitization tables of data.
Specifically, server extracts the tables of data mark in confirmation desensitization instruction, and verifying the tables of data mark extracted is It is no consistent with the mark of tables of data corresponding to the tables of data traversed, when verifying consistent, the tables of data traversed is taken off Quick processing, the corresponding desensitization tables of data of the tables of data traversed.
In the present embodiment, when in the tables of data traversed there are when sensitive data section, it is right according to the tables of data institute traversed The tables of data mark answered generates desensitization acknowledgement notification, and the acknowledgement notification that will desensitize is sent to the terminal logged in table administrator's account, It needs to desensitize to tables of data with notification list administrator.Confirmed with table administrator's account registration terminal according to desensitization receiving After the confirmation desensitization instruction that notice returns, desensitization process is carried out to the tables of data traversed, to avoid to without carrying out at desensitization The tables of data of reason desensitizes, to improve the desensitization accuracy of tables of data.
As described in Figure 5, in one embodiment, S408 specifically includes the step that desensitization process is carried out according to desensitization process mode Suddenly, which specifically includes the following contents:
S502 extracts tables of data mark and data segment identification in confirmation desensitization instruction.
Specifically, server parses confirmation desensitization instruction, extracts data from confirmation desensitization instruction by parsing Table mark and data segment identification.Data segment is identified as the mark of each data segment in mark data table.For example, data segment identification can be with Including at least one of name, telephone number and home address.
S504 is identified in corresponding tables of data in tables of data, and identification data segment identifies corresponding data type.
Specifically, server is after extracting tables of data mark and data segment identification in confirmation desensitization instruction, from database It is middle to inquire tables of data corresponding with the tables of data mark extracted, it is corresponding that data segment identification is inquired in the tables of data inquired Data segment obtains the data type mark of data segment, obtains the corresponding data of data segment identification according to data type mark identification Type.Data type includes associated data and dereferenced data, and associated data is tables of data for being closed with other tables of data The data of connection.
S506 determines the corresponding desensitization process mode of data type recognized.
Specifically, it is provided in server and the corresponding desensitization process mode of each data type, desensitization process side Formula includes at least one of sensitive character replacement, sensitive data encryption and sensitive data deletion.Server is recognizing data When type, desensitization process mode corresponding with the data type recognized is inquired, to inquire in a manner of desensitization process as identification The corresponding desensitization process mode of the data type arrived.
S508 carries out desensitization process to the corresponding data of data segment identification according to determining desensitization process mode, obtains time The corresponding desensitization tables of data of the tables of data gone through.
Specifically, when desensitization process mode is that sensitive data encrypts, server obtains preset key, according to preset It is encrypted in data key table with the sensitive data in data segment identification corresponding data section, is made with the tables of data by encryption For the tables of data that desensitizes.
In one embodiment, when desensitization process mode is sensitive character replacement, server determines data in tables of data The sensitive character for including in section, replaces my designated symbols for sensitive character.For example, phone number is carried out desensitization process, obtain Data of the 189****6789 after desensitization process.
In one embodiment, server identifies in corresponding tables of data in tables of data, determines that data segment identification is corresponding Sensitive data, determining deeply grateful data are deleted, the desensitization tables of data after obtaining desensitization process.
In the present embodiment, by identifying the data type of sensitive data, inquire corresponding with the data type recognized de- Quick processing mode carries out desensitization process to tables of data according to the desensitization process mode inquired, to realize according to different data Type carries out desensitization process using different desensitization process modes, to further improve the safety of desensitization tables of data.
As shown in fig. 6, in one embodiment, specifically further including the steps that exporting tables of data, step tool after S210 Body includes the following contents:
S602 receives the table that terminal is sent and exports request.
Specifically, terminal shows desensitization tables of data in tables of data when receiving the desensitization tables of data of server return Accession page obtains desensitization tables of data when detecting the clicking operation of the tables of data export button in tables of data accession page Table export request is sent to service according to the tables of data mark generation table export request got by corresponding tables of data mark Device.The table that server receiving terminal is sent exports request.
S604, acquisition table export request in tables of data identify it is corresponding desensitization tables of data in desensitization data.
Specifically, server parses table export request, extracts table by parsing after receiving table export request Tables of data mark in export request, inquires desensitization tables of data corresponding with the tables of data mark extracted, and obtains desensitization data Data in table are as desensitization data.
S606, the desensitization data that will acquire are added to temporary data table, generate export tables of data.
Specifically, server reads the format information in desensitization tables of data, creates temporary data table according to format information, will The desensitization data got are added to temporary data table, using be added to desensitization data temporary data table as export tables of data.
Export tables of data is sent to terminal by S608.
Specifically, server extracts the terminal address in table export request, and export tables of data is sent to terminal address pair The terminal answered.
In the present embodiment, after receiving table export request, the tables of data mark in table export request, inquiry and number are extracted Corresponding desensitization tables of data is identified according to table, export tables of data is generated according to the desensitization data in desensitization tables of data, data will be exported Table is sent to terminal, avoids being exported without the tables of data of desensitization process, reduces the risk of leaking data, improve data Table safety.
It should be understood that although each step in the flow chart of Fig. 2-6 is successively shown according to the instruction of arrow, These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps Execution there is no stringent sequences to limit, these steps can execute in other order.Moreover, at least one in Fig. 2-6 Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps Completion is executed, but can be executed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively It carries out, but can be at least part of the sub-step or stage of other steps or other steps in turn or alternately It executes.
In one embodiment, as shown in fig. 7, providing a kind of data table accessing device 700, comprising: request receives mould Block 702, requests verification module 704, mark enquiry module 706, tables of data obtain module 708 and tables of data return module 710, Wherein:
Request receiving module 702, for receiving the tables of data access request of terminal transmission.
Requests verification module 704, for accessing Authority Verification to the tables of data access request received.
Enquiry module 706 is identified, for tables of data being inquired in tables of data white list and being visited after access authority verification passes through Ask the tables of data mark in request.
Tables of data obtain module 708, for when inquired in tables of data white list the tables of data mark when, obtain with The tables of data inquired identifies corresponding desensitization tables of data.
Tables of data return module 710, the desensitization tables of data for will acquire are back to terminal.
In one embodiment, data table accessing device 700 further include: data desensitization module.
Data desensitization module, for the tables of data in regular ergodic data library;It is determined and is traversed according to default sensitive keys word To tables of data in whether there is sensitive data section;When determining in the tables of data that traverses there are when sensitive data section, to traversal To tables of data in the corresponding data of sensitive data section carry out desensitization process, the corresponding desensitization number of the tables of data traversed According to table.
In one embodiment, data desensitization module is also used to when there are sensitive data sections in the determining tables of data traversed When, it is identified according to tables of data corresponding to the tables of data traversed and generates desensitization acknowledgement notification;Desensitization acknowledgement notification is sent to With table administrator's account registration terminal;It is de- to receive the confirmation returned with table administrator's account registration terminal according to desensitization acknowledgement notification Quick instruction;Desensitization process is carried out to the tables of data traversed according to confirmation desensitization instruction, the tables of data traversed is corresponding Desensitize tables of data.
In one embodiment, data desensitization module is also used to extract tables of data mark and data in confirmation desensitization instruction Segment identification;It is identified in corresponding tables of data in tables of data, identification data segment identifies corresponding data type;Determine the number recognized According to the corresponding desensitization process mode of type;It desensitizes according to determining desensitization process mode to the corresponding data of data segment identification Processing, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, tables of data acquisition module 708, which is also used to work as, does not inquire data in tables of data white list When table identifies, source data table corresponding with tables of data mark is inquired, the source data table inquired is back to terminal;When in data When inquiring tables of data mark in vindication list, desensitization tables of data corresponding with the access tables of data mark inquired is obtained.
In one embodiment, data table accessing device 700 further include: table export module.
Table export module, for receiving the table export request of terminal transmission;Obtain tables of data mark pair in table export request The desensitization data in desensitization tables of data answered;The desensitization data that will acquire are added to temporary data table, generate export tables of data; Export tables of data is sent to terminal.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained, The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
Specific about data table accessing device limits the restriction that may refer to above for tables of data access method, This is repeated no more.Modules in above-mentioned data table accessing device can come fully or partially through software, hardware and combinations thereof It realizes.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with software Form is stored in the memory in computer equipment, executes the corresponding operation of the above modules in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction Composition can be as shown in Figure 8.The computer equipment include by system bus connect processor, memory, network interface and Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating The database of machine equipment table for storing data.The network interface of the computer equipment is used to connect with external terminal by network Connect letter.To realize a kind of tables of data access method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 8, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, which is stored with Computer program, which performs the steps of when executing computer program receives the tables of data access request that terminal is sent; It accesses Authority Verification to the tables of data access request received;After access authority verification passes through, in tables of data white list Tables of data mark in middle inquiry tables of data access request;When inquiring tables of data mark in tables of data white list, Obtain desensitization tables of data corresponding with the tables of data mark inquired;The desensitization tables of data that will acquire is back to terminal.
In one embodiment, before receiving the tables of data access request that terminal is sent, processor executes computer program When also perform the steps of tables of data in regular ergodic data library;The data traversed are determined according to default sensitive keys word It whether there is sensitive data section in table;When determining in the tables of data that traverses there are when sensitive data section, to the data traversed The corresponding data of sensitive data section in table carry out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, when determining in the tables of data that traverses there are when sensitive data section, to the data traversed The corresponding data of sensitive data section in table carry out desensitization process, the corresponding desensitization tables of data packet of the tables of data traversed It includes: when determining in the tables of data that traverses there are when sensitive data section, according to tables of data mark corresponding to the tables of data traversed Know and generates desensitization acknowledgement notification;Desensitization acknowledgement notification is sent to table administrator's account registration terminal;It receives with table administrator Account registration terminal desensitizes according to the confirmation that desensitization acknowledgement notification returns and instructs;According to confirmation desensitization instruction to the data traversed Table carries out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, desensitization process is carried out to the tables of data traversed according to confirmation desensitization instruction, is traversed To tables of data it is corresponding desensitization tables of data include: extract confirmation desensitization instruction in tables of data mark and data segment identification;? Tables of data identifies in corresponding tables of data, and identification data segment identifies corresponding data type;Determine the data type pair recognized The desensitization process mode answered;Desensitization process is carried out to the corresponding data of data segment identification according to determining desensitization process mode, is obtained To the corresponding desensitization tables of data of tables of data traversed.
In one embodiment, after access authority verification passes through, data table access is inquired in tables of data white list and is asked After the tables of data mark asked, processor is also performed the steps of when executing computer program in tables of data white list When not inquiring tables of data mark, source data table corresponding with tables of data mark is inquired, the source data table inquired is back to Terminal;When inquiring tables of data mark in tables of data white list, the access tables of data mark pair for obtaining with inquiring is executed The step of desensitization tables of data answered.
In one embodiment, the desensitization tables of data that will acquire is back to after terminal, and processor executes computer journey It is also performed the steps of when sequence and receives the table export request that terminal is sent;It is corresponding to obtain tables of data mark in table export request Desensitization data in the tables of data that desensitizes;The desensitization data that will acquire are added to temporary data table, generate export tables of data;It will lead Tables of data is sent to terminal out.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained, The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated Machine program performs the steps of when being executed by processor receives the tables of data access request that terminal is sent;To the data received The Authority Verification that accesses is requested in table access;After access authority verification passes through, tables of data is inquired in tables of data white list and is visited Ask the tables of data mark in request;When inquiring tables of data mark in tables of data white list, obtains and inquire Tables of data identifies corresponding desensitization tables of data;The desensitization tables of data that will acquire is back to terminal.
In one embodiment, before receiving the tables of data access request that terminal is sent, computer program is held by processor The tables of data in regular ergodic data library is also performed the steps of when row;The number traversed is determined according to default sensitive keys word According in table whether there is sensitive data section;When determining in the tables of data that traverses there are when sensitive data section, to the number traversed Desensitization process, the corresponding desensitization tables of data of the tables of data traversed are carried out according to the corresponding data of sensitive data section in table.
In one embodiment, when determining in the tables of data that traverses there are when sensitive data section, to the data traversed The corresponding data of sensitive data section in table carry out desensitization process, the corresponding desensitization tables of data packet of the tables of data traversed It includes: when determining in the tables of data that traverses there are when sensitive data section, according to tables of data mark corresponding to the tables of data traversed Know and generates desensitization acknowledgement notification;Desensitization acknowledgement notification is sent to table administrator's account registration terminal;It receives with table administrator Account registration terminal desensitizes according to the confirmation that desensitization acknowledgement notification returns and instructs;According to confirmation desensitization instruction to the data traversed Table carries out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, desensitization process is carried out to the tables of data traversed according to confirmation desensitization instruction, is traversed To tables of data it is corresponding desensitization tables of data include: extract confirmation desensitization instruction in tables of data mark and data segment identification;? Tables of data identifies in corresponding tables of data, and identification data segment identifies corresponding data type;Determine the data type pair recognized The desensitization process mode answered;Desensitization process is carried out to the corresponding data of data segment identification according to determining desensitization process mode, is obtained To the corresponding desensitization tables of data of tables of data traversed.
In one embodiment, after access authority verification passes through, data table access is inquired in tables of data white list and is asked After the tables of data mark asked, also perform the steps of when computer program is executed by processor when in tables of data white list In when not inquiring tables of data mark, corresponding with tables of data mark source data table is inquired, by the source data table inquired return To terminal;When inquiring tables of data mark in tables of data white list, the access tables of data mark for obtaining with inquiring is executed The step of corresponding desensitization tables of data.
In one embodiment, the desensitization tables of data that will acquire is back to after terminal, and computer program is by processor It is also performed the steps of when execution and receives the table export request that terminal is sent;Tables of data mark in table export request is obtained to correspond to Desensitization tables of data in desensitization data;The desensitization data that will acquire are added to temporary data table, generate export tables of data;It will Export tables of data is sent to terminal.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained, The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, To any reference of memory, storage, database or other media used in each embodiment provided herein, Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms, Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.

Claims (10)

1. a kind of tables of data access method, which comprises
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired de- Quick tables of data;
The desensitization tables of data that will acquire is back to terminal.
2. the method according to claim 1, wherein it is described receive terminal send tables of data access request it Before, further includes:
Tables of data in regular ergodic data library;
It is determined in the tables of data traversed according to default sensitive keys word with the presence or absence of sensitive data section;
There are when sensitive data section in the tables of data traversed described in the determination, to the sensitive number in the tables of data traversed Desensitization process is carried out according to the corresponding data of section, obtains the corresponding desensitization tables of data of tables of data traversed.
3. according to the method described in claim 2, it is characterized in that, there are quick in the tables of data that traverses described in determine When feeling data segment, desensitization process is carried out to the corresponding data of sensitive data section in the tables of data traversed, is obtained described The corresponding desensitization tables of data of the tables of data traversed includes:
There are when sensitive data section in the tables of data traversed described in the determination, according to data corresponding to the tables of data traversed Table mark generates desensitization acknowledgement notification;
The desensitization acknowledgement notification is sent to table administrator's account registration terminal;
Receive the confirmation desensitization instruction returned with table administrator's account registration terminal according to the desensitization acknowledgement notification;
Desensitization process is carried out to the tables of data traversed according to the confirmation desensitization instruction, obtains the data traversed The corresponding desensitization tables of data of table.
4. according to the method described in claim 3, it is characterized in that, described traverse according to confirmation desensitization instruction to described Tables of data carry out desensitization process, obtaining the corresponding desensitization tables of data of tables of data traversed includes:
Extract the tables of data mark and data segment identification in the confirmation desensitization instruction;
It is identified in corresponding tables of data in the tables of data, identifies the corresponding data type of the data segment identification;
Determine the corresponding desensitization process mode of data type recognized;
Desensitization process is carried out to the corresponding data of the data segment identification according to determining desensitization process mode, obtains the traversal The corresponding desensitization tables of data of the tables of data arrived.
5. being explained in data the method according to claim 1, wherein described after access authority verification passes through It is inquired in list after the tables of data mark in tables of data access request, further includes:
When not inquiring tables of data mark in tables of data white list, source number corresponding with tables of data mark is inquired According to table, the source data table inquired is back to the terminal.
6. the method according to claim 1, wherein the desensitization tables of data that will acquire be back to terminal it Afterwards, further includes:
Receive the table export request that the terminal is sent;
It obtains tables of data in table export request and identifies desensitization data in corresponding desensitization tables of data;
The desensitization data that will acquire are added to temporary data table, generate export tables of data;
The export tables of data is sent to the terminal.
7. a kind of data table accessing device, which is characterized in that described device includes:
Request receiving module, for receiving the tables of data access request of terminal transmission;
Requests verification module, for accessing Authority Verification to the tables of data access request received;
Enquiry module is identified, for inquiring tables of data access request in tables of data white list after access authority verification passes through In tables of data mark;
Tables of data obtains module, for obtaining and inquiring when inquiring tables of data mark in tables of data white list Tables of data identify corresponding desensitization tables of data;
Tables of data return module, the desensitization tables of data for will acquire are back to terminal.
8. device according to claim 7, which is characterized in that the data table accessing device further include:
Data desensitization module, for the tables of data in regular ergodic data library;It is traversed according to the determination of default sensitive keys word It whether there is sensitive data section in tables of data;There are when sensitive data section in the tables of data traversed described in the determination, to described The corresponding data of sensitive data section in the tables of data traversed carry out desensitization process, and it is corresponding to obtain the tables of data traversed Desensitization tables of data.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists In the step of processor realizes any one of claims 1 to 6 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of method described in any one of claims 1 to 6 is realized when being executed by processor.
CN201910420383.0A 2019-05-20 2019-05-20 Tables of data access method, device, computer equipment and storage medium Pending CN110245505A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910420383.0A CN110245505A (en) 2019-05-20 2019-05-20 Tables of data access method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910420383.0A CN110245505A (en) 2019-05-20 2019-05-20 Tables of data access method, device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN110245505A true CN110245505A (en) 2019-09-17

Family

ID=67884595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910420383.0A Pending CN110245505A (en) 2019-05-20 2019-05-20 Tables of data access method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110245505A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110598451A (en) * 2019-09-19 2019-12-20 中国银行股份有限公司 Data desensitization method and device
CN112749408A (en) * 2020-12-29 2021-05-04 拉卡拉支付股份有限公司 Data acquisition method, data acquisition device, electronic equipment, storage medium and program product
CN112948877A (en) * 2021-03-03 2021-06-11 北京中安星云软件技术有限公司 Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy
CN113221177A (en) * 2021-05-28 2021-08-06 中国工商银行股份有限公司 Data access method, device and system in distributed system
CN113806373A (en) * 2021-09-29 2021-12-17 中国平安人寿保险股份有限公司 Data processing method and device, electronic equipment and storage medium
CN114040404A (en) * 2021-11-08 2022-02-11 中国电信股份有限公司 Data distribution method, system, device and storage medium
CN114679317A (en) * 2019-12-26 2022-06-28 支付宝(杭州)信息技术有限公司 Data viewing method and device
CN114880702A (en) * 2022-04-25 2022-08-09 北京科杰科技有限公司 Request processing method and device based on rank-level authority, electronic equipment and medium
CN115795538A (en) * 2022-11-30 2023-03-14 湖南长银五八消费金融股份有限公司 Desensitization document anti-desensitization method, apparatus, computer device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080270370A1 (en) * 2007-04-30 2008-10-30 Castellanos Maria G Desensitizing database information
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device
CN108289095A (en) * 2018-01-02 2018-07-17 诚壹泰合(北京)科技有限公司 A kind of sensitive data storage method, apparatus and system
CN109325326A (en) * 2018-08-16 2019-02-12 深圳云安宝科技有限公司 Data desensitization method, device, equipment and medium when unstructured data accesses

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080270370A1 (en) * 2007-04-30 2008-10-30 Castellanos Maria G Desensitizing database information
CN106295388A (en) * 2015-06-04 2017-01-04 中国移动通信集团山东有限公司 A kind of data desensitization method and device
CN108289095A (en) * 2018-01-02 2018-07-17 诚壹泰合(北京)科技有限公司 A kind of sensitive data storage method, apparatus and system
CN109325326A (en) * 2018-08-16 2019-02-12 深圳云安宝科技有限公司 Data desensitization method, device, equipment and medium when unstructured data accesses

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110598451A (en) * 2019-09-19 2019-12-20 中国银行股份有限公司 Data desensitization method and device
CN110598451B (en) * 2019-09-19 2022-02-25 中国银行股份有限公司 Data desensitization method and device
CN114679317A (en) * 2019-12-26 2022-06-28 支付宝(杭州)信息技术有限公司 Data viewing method and device
CN112749408A (en) * 2020-12-29 2021-05-04 拉卡拉支付股份有限公司 Data acquisition method, data acquisition device, electronic equipment, storage medium and program product
CN112948877A (en) * 2021-03-03 2021-06-11 北京中安星云软件技术有限公司 Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy
CN113221177A (en) * 2021-05-28 2021-08-06 中国工商银行股份有限公司 Data access method, device and system in distributed system
CN113806373A (en) * 2021-09-29 2021-12-17 中国平安人寿保险股份有限公司 Data processing method and device, electronic equipment and storage medium
CN114040404A (en) * 2021-11-08 2022-02-11 中国电信股份有限公司 Data distribution method, system, device and storage medium
CN114040404B (en) * 2021-11-08 2024-06-07 中国电信股份有限公司 Data distribution method, system, equipment and storage medium
CN114880702A (en) * 2022-04-25 2022-08-09 北京科杰科技有限公司 Request processing method and device based on rank-level authority, electronic equipment and medium
CN115795538A (en) * 2022-11-30 2023-03-14 湖南长银五八消费金融股份有限公司 Desensitization document anti-desensitization method, apparatus, computer device and storage medium
CN115795538B (en) * 2022-11-30 2023-08-18 湖南长银五八消费金融股份有限公司 Anti-desensitization method, device, computer equipment and storage medium for desensitizing document

Similar Documents

Publication Publication Date Title
CN110245505A (en) Tables of data access method, device, computer equipment and storage medium
CN110365670B (en) Blacklist sharing method and device, computer equipment and storage medium
CN109474578B (en) Message checking method, device, computer equipment and storage medium
CN110290212B (en) Service call recording method, device, computer equipment and storage medium
CN110008118A (en) Page data test method, device, computer equipment and storage medium
CN109474619B (en) Data encryption reporting method and device and data decryption method and device
CN106790156B (en) Intelligent device binding method and device
CN110224996A (en) Network Access Method, device, computer equipment and the storage medium of application program
CN110008117A (en) Page test method, device, computer equipment and storage medium
CN108268375A (en) Applied program testing method, device, computer equipment and storage medium
CN108777709A (en) Website access method, device, computer equipment and storage medium
CN108829789A (en) Log processing method, device, computer equipment and storage medium
CN108959384B (en) Webpage data acquisition method and device, computer equipment and storage medium
CN110908778B (en) Task deployment method, system and storage medium
CN108259514A (en) Leak detection method, device, computer equipment and storage medium
CN109447780A (en) Information push method, device, computer equipment and storage medium
CN110489393A (en) Promise breaking information query method, device, computer equipment and storage medium
CN109857479A (en) Interface data processing method, device, computer equipment and storage medium
CN112131564A (en) Encrypted data communication method, apparatus, device, and medium
CN109582583B (en) Software testing method, device, computer equipment and storage medium
CN110245125A (en) Data migration method, device, computer equipment and storage medium
CN109697370A (en) Database data encipher-decipher method, device, computer equipment and storage medium
CN112528201A (en) Method and device for calling third-party platform, computer equipment and storage medium
CN110071926B (en) Data processing method and device
CN112016122A (en) Webpage data processing method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination