CN110245505A - Tables of data access method, device, computer equipment and storage medium - Google Patents
Tables of data access method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN110245505A CN110245505A CN201910420383.0A CN201910420383A CN110245505A CN 110245505 A CN110245505 A CN 110245505A CN 201910420383 A CN201910420383 A CN 201910420383A CN 110245505 A CN110245505 A CN 110245505A
- Authority
- CN
- China
- Prior art keywords
- data
- tables
- desensitization
- mark
- traversed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Storage Device Security (AREA)
Abstract
This application involves a kind of tables of data access method, device, computer equipment and storage mediums.The described method includes: receiving the tables of data access request that terminal is sent;It accesses Authority Verification to the tables of data access request received;After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list;When inquiring tables of data mark in tables of data white list, desensitization tables of data corresponding with the tables of data mark inquired is obtained;The desensitization tables of data that will acquire is back to terminal.Desensitization tables of data corresponding with tables of data mark can be obtained using this method, the desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
Description
Technical field
This application involves technical field of data processing, set more particularly to a kind of tables of data access method, device, computer
Standby and storage medium.
Background technique
With the development of computer technology and Internet technology, there is big data technology, more and more data are all logical
Cross the Internet transmission or storage.Many business can directly be handled by internet, require to fill out greatly in transacting business
Some sensitive datas are write, by sensitive data storage into corresponding large database concept.
However, traditional technology is all to guarantee database by data access authority control in order to guarantee data security
In data safety, the case where avoiding the occurrence of leaking data.But there are the personnel of access authority that can visit sensitive data
It asks, to still sensitive data is easy to cause to reveal, causes the situation that Information Security is lower.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide a kind of data table access that can be improved Information Security
Method, apparatus, computer equipment and storage medium.
A kind of tables of data access method, which comprises
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list
Know;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired
Desensitization tables of data;
The desensitization tables of data that will acquire is back to terminal.
A kind of data table accessing device, described device include:
Request receiving module, for receiving the tables of data access request of terminal transmission;
Requests verification module, for accessing Authority Verification to the tables of data access request received;
Enquiry module is identified, for inquiring data table access in tables of data white list after access authority verification passes through
Tables of data mark in request;
Tables of data obtains module, for obtaining and looking into when inquiring tables of data mark in tables of data white list
The tables of data ask identifies corresponding desensitization tables of data;
Tables of data return module, the desensitization tables of data for will acquire are back to terminal.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processing
Device performs the steps of when executing the computer program
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list
Know;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired
Desensitization tables of data;
The desensitization tables of data that will acquire is back to terminal.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor
It is performed the steps of when row
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list
Know;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired
Desensitization tables of data;
The desensitization tables of data that will acquire is back to terminal.
Above-mentioned tables of data access method, device, computer equipment and storage medium, in the data table access sent to terminal
When the access authority verification of request passes through, the tables of data mark in tables of data access request is inquired in data white list, is being looked into
When asking tables of data mark, indicating that the tables of data inquired identifies includes sensitive data in corresponding source data table.It obtains and looks into
The tables of data ask identifies corresponding desensitization tables of data, and the desensitization tables of data that will acquire is back to terminal, avoids sensitive data
Leakage, to improve the safety of data.
Detailed description of the invention
Fig. 1 is the application scenario diagram of tables of data access method in one embodiment;
Fig. 2 is the flow diagram of tables of data access method in one embodiment;
Fig. 3 is flow diagram the step of obtaining desensitization tables of data in one embodiment;
Fig. 4 is flow diagram the step of carrying out desensitization process to tables of data in one embodiment;
Fig. 5 is flow diagram the step of carrying out desensitization process according to desensitization process mode in one embodiment;
Fig. 6 is flow diagram the step of exporting tables of data in one embodiment;
Fig. 7 is the structural block diagram of data table accessing device in one embodiment;
Fig. 8 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
Tables of data access method provided by the present application, can be applied in application environment as shown in Figure 1.Wherein, terminal
102 are communicated with server 104 by network by network.Wherein, terminal 102 can be, but not limited to be various individual calculus
Machine, laptop, smart phone, tablet computer and portable wearable device, server 104 can use independent server
The either server cluster of multiple servers composition is realized.
In one embodiment, as shown in Fig. 2, providing a kind of tables of data access method, it is applied in Fig. 1 in this way
Server for be illustrated, comprising the following steps:
S202 receives the tables of data access request that terminal is sent.
Specifically, terminal display has tables of data accession page, detects data access button in tables of data accession page
When clicking operation, the tables of data mark of the typing in tables of data accession page is obtained, the tables of data mark got is sealed
Dress generates tables of data access request by encapsulation, tables of data access request is sent to server.Server receiving terminal is sent
Tables of data access request.
S204 accesses Authority Verification to the tables of data access request received.
Specifically, server parses data table access request, passes through solution after receiving tables of data access request
User account and tables of data mark in tables of data access request, inquiry access right corresponding with access tables of data mark are extracted in analysis
List is limited, Authority Verification is carried out to user account according to the list of access rights inquired.
In one embodiment, user account is inquired in list of access rights, when inquiring user account, determines to use
Family account, which identifies corresponding tables of data to tables of data, access authority, i.e. access authority verification passes through;When not inquiring user's account
Number when, determine that user account identifies corresponding tables of data to tables of data and do not have access authority, i.e. access authority verification does not pass through.
S206 inquires the data in tables of data access request after access authority verification passes through in tables of data white list
Table mark.
Specifically, when authenticating to user account has access authority to the corresponding tables of data of tables of data mark, server is obtained
Access is according to vindication list.Tables of data white list recites the mark of tables of data corresponding to the tables of data including sensitive data section.Clothes
The tables of data that device extracts in tables of data access request of being engaged in identifies, and the tables of data mark extracted is inquired in tables of data white list.
When inquiring the tables of data extracted mark in tables of data white list, indicate that the tables of data extracted identifies corresponding source number
According in table include sensitive data;When not inquiring the tables of data extracted mark in tables of data white list, indicate to extract
Tables of data to identify in corresponding source data table do not include sensitive data.
In one embodiment, it specifically includes after S206: being identified when not inquiring tables of data in tables of data white list
When, source data table corresponding with tables of data mark is inquired, the source data table inquired is back to terminal;When in data vindication name
When inquiring tables of data mark in list, S208 is executed.
Specifically, when not inquiring tables of data mark in tables of data white list, indicate that tables of data identifies corresponding number
According to table without carrying out desensitization process, source data table corresponding with tables of data mark, the source number that will be inquired are inquired from database
Terminal is sent to according to table.Source data table is the tables of data without desensitization data.
S208, when inquiring tables of data mark in tables of data white list, the tables of data mark that obtains and inquire
Know corresponding desensitization tables of data.
Specifically, desensitization tables of data is to carry out the tables of data that desensitization process obtains to source data table.Server is in tables of data
When white list inquires the tables of data mark extracted, determination is corresponding with the tables of data mark inquired from desensitization tables of data
Desensitize tables of data, obtains determining desensitization tables of data.The corresponding different tables of data mark of different desensitization tables of data.It is de-
The tables of data of quick tables of data existence anduniquess identifies.
S210, the desensitization tables of data that will acquire are back to terminal.
Specifically, server obtains the terminal iidentification in tables of data access request, will acquire according to terminal iidentification de-
Quick tables of data is back to terminal.
In one embodiment, server obtains the user account in tables of data access request, determines that user account logs in
Terminal is corresponding and terminal iidentification, terminal is sent to according to the terminal iidentification tables of data that will desensitize.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment
The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark
It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained,
The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
As shown in figure 3, in one embodiment, specifically further including the steps that obtaining desensitization tables of data, the step before S202
Suddenly the following contents is specifically included:
S302, the tables of data in regular ergodic data library.
Specifically, it is provided with multiple databases in server, multiple tables of data are stored in each database.Server is fixed
Phase traverses to the tables of data in each database.Server starts timing after obtaining last time traversal, when institute's timing length is equal to
When predetermined time period, restart to traverse the database in each database.
S304 is determined in the tables of data traversed according to default sensitive keys word with the presence or absence of sensitive data section.
Specifically, default sensitive keys word is provided in server, default sensitive keys word include name, telephone number and
At least one of address.It whether include default sensitive keys in the data segment identification in tables of data that server judgement traverses
Word.When determining to include default sensitive keys word in the data segment identification in the tables of data that traverses, then it represents that the data traversed
It include sensitive data section in table;When determining not include default sensitive keys word in the data segment identification in the tables of data that traverses,
It then indicates not including sensitive data section in the tables of data traversed.
S306, when determining in the tables of data that traverses there are when sensitive data section, to the sensitivity in the tables of data traversed
The corresponding data of data segment carry out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
Specifically, quick in the tables of data traversed there are determining when sensitive data section in the tables of data traversed when determining
Feel the corresponding sensitive data of data segment, desensitization process is carried out to determining sensitive data, tables of data is time to do that treated in sb. else's name
The corresponding desensitization tables of data of the tables of data gone through.
In the present embodiment, periodically the tables of data in database is traversed, is determined and is traversed according to default sensitive keys word
To tables of data in whether there is sensitive data section, when determining in the tables of data that traverses there are when sensitive data section, to traversal
The tables of data arrived carries out desensitization process, obtains desensitization tables of data, guarantees when accessing to tables of data, returns to desensitization data
Table, to improve the safety of sensitive data.
As shown in figure 4, in one embodiment, S306 specifically includes the step of carrying out desensitization process to tables of data, the step
Suddenly the following contents is specifically included:
S402, when determining in the tables of data that traverses there are when sensitive data section, according to corresponding to the tables of data traversed
Tables of data mark generate desensitization acknowledgement notification.
Specifically, right there are the tables of data institute that traverses when sensitive data section, is obtained in the tables of data that traverses when determining
The tables of data mark answered, is packaged the tables of data mark got, generates desensitization acknowledgement notification by encapsulation.Desensitization confirmation
Whether notice determines the information that desensitization process is carried out to tables of data for notification list administrator.
Desensitization acknowledgement notification is sent to table administrator's account registration terminal by S404.
Specifically, server inquires table administrator account corresponding with tables of data mark, and acquisition is stepped on table administrator's account
Desensitization acknowledgement notification is sent to terminal address according to the terminal address got and corresponded to by terminal address corresponding to the terminal of record
Terminal.
S406 receives the confirmation desensitization instruction returned with table administrator's account registration terminal according to desensitization acknowledgement notification.
Specifically, with table administrator's account log in terminal receive desensitization acknowledgement notification after, to desensitization acknowledgement notification into
Row parsing obtains tables of data mark by parsing, obtained tables of data mark is shown and confirms the page in desensitization, de- when detecting
In the quick confirmation page when clicking operation of confirmation desensitization button, the tables of data mark of displaying is obtained, according to the tables of data got
Mark generates confirmation desensitization instruction, and the confirmation desensitization instruction of generation is sent to server.Server receiving terminal is according to desensitization
The confirmation that acknowledgement notification returns, which is desensitized, to be instructed.
S408 carries out desensitization process, the tables of data traversed to the tables of data traversed according to confirmation desensitization instruction
Corresponding desensitization tables of data.
Specifically, server extracts the tables of data mark in confirmation desensitization instruction, and verifying the tables of data mark extracted is
It is no consistent with the mark of tables of data corresponding to the tables of data traversed, when verifying consistent, the tables of data traversed is taken off
Quick processing, the corresponding desensitization tables of data of the tables of data traversed.
In the present embodiment, when in the tables of data traversed there are when sensitive data section, it is right according to the tables of data institute traversed
The tables of data mark answered generates desensitization acknowledgement notification, and the acknowledgement notification that will desensitize is sent to the terminal logged in table administrator's account,
It needs to desensitize to tables of data with notification list administrator.Confirmed with table administrator's account registration terminal according to desensitization receiving
After the confirmation desensitization instruction that notice returns, desensitization process is carried out to the tables of data traversed, to avoid to without carrying out at desensitization
The tables of data of reason desensitizes, to improve the desensitization accuracy of tables of data.
As described in Figure 5, in one embodiment, S408 specifically includes the step that desensitization process is carried out according to desensitization process mode
Suddenly, which specifically includes the following contents:
S502 extracts tables of data mark and data segment identification in confirmation desensitization instruction.
Specifically, server parses confirmation desensitization instruction, extracts data from confirmation desensitization instruction by parsing
Table mark and data segment identification.Data segment is identified as the mark of each data segment in mark data table.For example, data segment identification can be with
Including at least one of name, telephone number and home address.
S504 is identified in corresponding tables of data in tables of data, and identification data segment identifies corresponding data type.
Specifically, server is after extracting tables of data mark and data segment identification in confirmation desensitization instruction, from database
It is middle to inquire tables of data corresponding with the tables of data mark extracted, it is corresponding that data segment identification is inquired in the tables of data inquired
Data segment obtains the data type mark of data segment, obtains the corresponding data of data segment identification according to data type mark identification
Type.Data type includes associated data and dereferenced data, and associated data is tables of data for being closed with other tables of data
The data of connection.
S506 determines the corresponding desensitization process mode of data type recognized.
Specifically, it is provided in server and the corresponding desensitization process mode of each data type, desensitization process side
Formula includes at least one of sensitive character replacement, sensitive data encryption and sensitive data deletion.Server is recognizing data
When type, desensitization process mode corresponding with the data type recognized is inquired, to inquire in a manner of desensitization process as identification
The corresponding desensitization process mode of the data type arrived.
S508 carries out desensitization process to the corresponding data of data segment identification according to determining desensitization process mode, obtains time
The corresponding desensitization tables of data of the tables of data gone through.
Specifically, when desensitization process mode is that sensitive data encrypts, server obtains preset key, according to preset
It is encrypted in data key table with the sensitive data in data segment identification corresponding data section, is made with the tables of data by encryption
For the tables of data that desensitizes.
In one embodiment, when desensitization process mode is sensitive character replacement, server determines data in tables of data
The sensitive character for including in section, replaces my designated symbols for sensitive character.For example, phone number is carried out desensitization process, obtain
Data of the 189****6789 after desensitization process.
In one embodiment, server identifies in corresponding tables of data in tables of data, determines that data segment identification is corresponding
Sensitive data, determining deeply grateful data are deleted, the desensitization tables of data after obtaining desensitization process.
In the present embodiment, by identifying the data type of sensitive data, inquire corresponding with the data type recognized de-
Quick processing mode carries out desensitization process to tables of data according to the desensitization process mode inquired, to realize according to different data
Type carries out desensitization process using different desensitization process modes, to further improve the safety of desensitization tables of data.
As shown in fig. 6, in one embodiment, specifically further including the steps that exporting tables of data, step tool after S210
Body includes the following contents:
S602 receives the table that terminal is sent and exports request.
Specifically, terminal shows desensitization tables of data in tables of data when receiving the desensitization tables of data of server return
Accession page obtains desensitization tables of data when detecting the clicking operation of the tables of data export button in tables of data accession page
Table export request is sent to service according to the tables of data mark generation table export request got by corresponding tables of data mark
Device.The table that server receiving terminal is sent exports request.
S604, acquisition table export request in tables of data identify it is corresponding desensitization tables of data in desensitization data.
Specifically, server parses table export request, extracts table by parsing after receiving table export request
Tables of data mark in export request, inquires desensitization tables of data corresponding with the tables of data mark extracted, and obtains desensitization data
Data in table are as desensitization data.
S606, the desensitization data that will acquire are added to temporary data table, generate export tables of data.
Specifically, server reads the format information in desensitization tables of data, creates temporary data table according to format information, will
The desensitization data got are added to temporary data table, using be added to desensitization data temporary data table as export tables of data.
Export tables of data is sent to terminal by S608.
Specifically, server extracts the terminal address in table export request, and export tables of data is sent to terminal address pair
The terminal answered.
In the present embodiment, after receiving table export request, the tables of data mark in table export request, inquiry and number are extracted
Corresponding desensitization tables of data is identified according to table, export tables of data is generated according to the desensitization data in desensitization tables of data, data will be exported
Table is sent to terminal, avoids being exported without the tables of data of desensitization process, reduces the risk of leaking data, improve data
Table safety.
It should be understood that although each step in the flow chart of Fig. 2-6 is successively shown according to the instruction of arrow,
These steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly stating otherwise herein, these steps
Execution there is no stringent sequences to limit, these steps can execute in other order.Moreover, at least one in Fig. 2-6
Part steps may include that perhaps these sub-steps of multiple stages or stage are not necessarily in synchronization to multiple sub-steps
Completion is executed, but can be executed at different times, the execution sequence in these sub-steps or stage is also not necessarily successively
It carries out, but can be at least part of the sub-step or stage of other steps or other steps in turn or alternately
It executes.
In one embodiment, as shown in fig. 7, providing a kind of data table accessing device 700, comprising: request receives mould
Block 702, requests verification module 704, mark enquiry module 706, tables of data obtain module 708 and tables of data return module 710,
Wherein:
Request receiving module 702, for receiving the tables of data access request of terminal transmission.
Requests verification module 704, for accessing Authority Verification to the tables of data access request received.
Enquiry module 706 is identified, for tables of data being inquired in tables of data white list and being visited after access authority verification passes through
Ask the tables of data mark in request.
Tables of data obtain module 708, for when inquired in tables of data white list the tables of data mark when, obtain with
The tables of data inquired identifies corresponding desensitization tables of data.
Tables of data return module 710, the desensitization tables of data for will acquire are back to terminal.
In one embodiment, data table accessing device 700 further include: data desensitization module.
Data desensitization module, for the tables of data in regular ergodic data library;It is determined and is traversed according to default sensitive keys word
To tables of data in whether there is sensitive data section;When determining in the tables of data that traverses there are when sensitive data section, to traversal
To tables of data in the corresponding data of sensitive data section carry out desensitization process, the corresponding desensitization number of the tables of data traversed
According to table.
In one embodiment, data desensitization module is also used to when there are sensitive data sections in the determining tables of data traversed
When, it is identified according to tables of data corresponding to the tables of data traversed and generates desensitization acknowledgement notification;Desensitization acknowledgement notification is sent to
With table administrator's account registration terminal;It is de- to receive the confirmation returned with table administrator's account registration terminal according to desensitization acknowledgement notification
Quick instruction;Desensitization process is carried out to the tables of data traversed according to confirmation desensitization instruction, the tables of data traversed is corresponding
Desensitize tables of data.
In one embodiment, data desensitization module is also used to extract tables of data mark and data in confirmation desensitization instruction
Segment identification;It is identified in corresponding tables of data in tables of data, identification data segment identifies corresponding data type;Determine the number recognized
According to the corresponding desensitization process mode of type;It desensitizes according to determining desensitization process mode to the corresponding data of data segment identification
Processing, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, tables of data acquisition module 708, which is also used to work as, does not inquire data in tables of data white list
When table identifies, source data table corresponding with tables of data mark is inquired, the source data table inquired is back to terminal;When in data
When inquiring tables of data mark in vindication list, desensitization tables of data corresponding with the access tables of data mark inquired is obtained.
In one embodiment, data table accessing device 700 further include: table export module.
Table export module, for receiving the table export request of terminal transmission;Obtain tables of data mark pair in table export request
The desensitization data in desensitization tables of data answered;The desensitization data that will acquire are added to temporary data table, generate export tables of data;
Export tables of data is sent to terminal.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment
The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark
It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained,
The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
Specific about data table accessing device limits the restriction that may refer to above for tables of data access method,
This is repeated no more.Modules in above-mentioned data table accessing device can come fully or partially through software, hardware and combinations thereof
It realizes.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with software
Form is stored in the memory in computer equipment, executes the corresponding operation of the above modules in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction
Composition can be as shown in Figure 8.The computer equipment include by system bus connect processor, memory, network interface and
Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment
Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data
Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The database of machine equipment table for storing data.The network interface of the computer equipment is used to connect with external terminal by network
Connect letter.To realize a kind of tables of data access method when the computer program is executed by processor.
It will be understood by those skilled in the art that structure shown in Fig. 8, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, which is stored with
Computer program, which performs the steps of when executing computer program receives the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;After access authority verification passes through, in tables of data white list
Tables of data mark in middle inquiry tables of data access request;When inquiring tables of data mark in tables of data white list,
Obtain desensitization tables of data corresponding with the tables of data mark inquired;The desensitization tables of data that will acquire is back to terminal.
In one embodiment, before receiving the tables of data access request that terminal is sent, processor executes computer program
When also perform the steps of tables of data in regular ergodic data library;The data traversed are determined according to default sensitive keys word
It whether there is sensitive data section in table;When determining in the tables of data that traverses there are when sensitive data section, to the data traversed
The corresponding data of sensitive data section in table carry out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, when determining in the tables of data that traverses there are when sensitive data section, to the data traversed
The corresponding data of sensitive data section in table carry out desensitization process, the corresponding desensitization tables of data packet of the tables of data traversed
It includes: when determining in the tables of data that traverses there are when sensitive data section, according to tables of data mark corresponding to the tables of data traversed
Know and generates desensitization acknowledgement notification;Desensitization acknowledgement notification is sent to table administrator's account registration terminal;It receives with table administrator
Account registration terminal desensitizes according to the confirmation that desensitization acknowledgement notification returns and instructs;According to confirmation desensitization instruction to the data traversed
Table carries out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, desensitization process is carried out to the tables of data traversed according to confirmation desensitization instruction, is traversed
To tables of data it is corresponding desensitization tables of data include: extract confirmation desensitization instruction in tables of data mark and data segment identification;?
Tables of data identifies in corresponding tables of data, and identification data segment identifies corresponding data type;Determine the data type pair recognized
The desensitization process mode answered;Desensitization process is carried out to the corresponding data of data segment identification according to determining desensitization process mode, is obtained
To the corresponding desensitization tables of data of tables of data traversed.
In one embodiment, after access authority verification passes through, data table access is inquired in tables of data white list and is asked
After the tables of data mark asked, processor is also performed the steps of when executing computer program in tables of data white list
When not inquiring tables of data mark, source data table corresponding with tables of data mark is inquired, the source data table inquired is back to
Terminal;When inquiring tables of data mark in tables of data white list, the access tables of data mark pair for obtaining with inquiring is executed
The step of desensitization tables of data answered.
In one embodiment, the desensitization tables of data that will acquire is back to after terminal, and processor executes computer journey
It is also performed the steps of when sequence and receives the table export request that terminal is sent;It is corresponding to obtain tables of data mark in table export request
Desensitization data in the tables of data that desensitizes;The desensitization data that will acquire are added to temporary data table, generate export tables of data;It will lead
Tables of data is sent to terminal out.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment
The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark
It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained,
The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor receives the tables of data access request that terminal is sent;To the data received
The Authority Verification that accesses is requested in table access;After access authority verification passes through, tables of data is inquired in tables of data white list and is visited
Ask the tables of data mark in request;When inquiring tables of data mark in tables of data white list, obtains and inquire
Tables of data identifies corresponding desensitization tables of data;The desensitization tables of data that will acquire is back to terminal.
In one embodiment, before receiving the tables of data access request that terminal is sent, computer program is held by processor
The tables of data in regular ergodic data library is also performed the steps of when row;The number traversed is determined according to default sensitive keys word
According in table whether there is sensitive data section;When determining in the tables of data that traverses there are when sensitive data section, to the number traversed
Desensitization process, the corresponding desensitization tables of data of the tables of data traversed are carried out according to the corresponding data of sensitive data section in table.
In one embodiment, when determining in the tables of data that traverses there are when sensitive data section, to the data traversed
The corresponding data of sensitive data section in table carry out desensitization process, the corresponding desensitization tables of data packet of the tables of data traversed
It includes: when determining in the tables of data that traverses there are when sensitive data section, according to tables of data mark corresponding to the tables of data traversed
Know and generates desensitization acknowledgement notification;Desensitization acknowledgement notification is sent to table administrator's account registration terminal;It receives with table administrator
Account registration terminal desensitizes according to the confirmation that desensitization acknowledgement notification returns and instructs;According to confirmation desensitization instruction to the data traversed
Table carries out desensitization process, the corresponding desensitization tables of data of the tables of data traversed.
In one embodiment, desensitization process is carried out to the tables of data traversed according to confirmation desensitization instruction, is traversed
To tables of data it is corresponding desensitization tables of data include: extract confirmation desensitization instruction in tables of data mark and data segment identification;?
Tables of data identifies in corresponding tables of data, and identification data segment identifies corresponding data type;Determine the data type pair recognized
The desensitization process mode answered;Desensitization process is carried out to the corresponding data of data segment identification according to determining desensitization process mode, is obtained
To the corresponding desensitization tables of data of tables of data traversed.
In one embodiment, after access authority verification passes through, data table access is inquired in tables of data white list and is asked
After the tables of data mark asked, also perform the steps of when computer program is executed by processor when in tables of data white list
In when not inquiring tables of data mark, corresponding with tables of data mark source data table is inquired, by the source data table inquired return
To terminal;When inquiring tables of data mark in tables of data white list, the access tables of data mark for obtaining with inquiring is executed
The step of corresponding desensitization tables of data.
In one embodiment, the desensitization tables of data that will acquire is back to after terminal, and computer program is by processor
It is also performed the steps of when execution and receives the table export request that terminal is sent;Tables of data mark in table export request is obtained to correspond to
Desensitization tables of data in desensitization data;The desensitization data that will acquire are added to temporary data table, generate export tables of data;It will
Export tables of data is sent to terminal.
It is white in data when the access authority verification of the tables of data access request sent to terminal passes through in the present embodiment
The tables of data mark inquired in tables of data access request in list indicates the data inquired when inquiring tables of data mark
It includes sensitive data in corresponding source data table that table, which identifies,.Desensitization tables of data corresponding with the tables of data mark inquired is obtained,
The desensitization tables of data that will acquire is back to terminal, avoids the leakage of sensitive data, to improve the safety of data.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of tables of data access method, which comprises
Receive the tables of data access request that terminal is sent;
It accesses Authority Verification to the tables of data access request received;
After access authority verification passes through, the tables of data mark in tables of data access request is inquired in tables of data white list;
When inquiring tables of data mark in tables of data white list, obtain corresponding with the tables of data mark inquired de-
Quick tables of data;
The desensitization tables of data that will acquire is back to terminal.
2. the method according to claim 1, wherein it is described receive terminal send tables of data access request it
Before, further includes:
Tables of data in regular ergodic data library;
It is determined in the tables of data traversed according to default sensitive keys word with the presence or absence of sensitive data section;
There are when sensitive data section in the tables of data traversed described in the determination, to the sensitive number in the tables of data traversed
Desensitization process is carried out according to the corresponding data of section, obtains the corresponding desensitization tables of data of tables of data traversed.
3. according to the method described in claim 2, it is characterized in that, there are quick in the tables of data that traverses described in determine
When feeling data segment, desensitization process is carried out to the corresponding data of sensitive data section in the tables of data traversed, is obtained described
The corresponding desensitization tables of data of the tables of data traversed includes:
There are when sensitive data section in the tables of data traversed described in the determination, according to data corresponding to the tables of data traversed
Table mark generates desensitization acknowledgement notification;
The desensitization acknowledgement notification is sent to table administrator's account registration terminal;
Receive the confirmation desensitization instruction returned with table administrator's account registration terminal according to the desensitization acknowledgement notification;
Desensitization process is carried out to the tables of data traversed according to the confirmation desensitization instruction, obtains the data traversed
The corresponding desensitization tables of data of table.
4. according to the method described in claim 3, it is characterized in that, described traverse according to confirmation desensitization instruction to described
Tables of data carry out desensitization process, obtaining the corresponding desensitization tables of data of tables of data traversed includes:
Extract the tables of data mark and data segment identification in the confirmation desensitization instruction;
It is identified in corresponding tables of data in the tables of data, identifies the corresponding data type of the data segment identification;
Determine the corresponding desensitization process mode of data type recognized;
Desensitization process is carried out to the corresponding data of the data segment identification according to determining desensitization process mode, obtains the traversal
The corresponding desensitization tables of data of the tables of data arrived.
5. being explained in data the method according to claim 1, wherein described after access authority verification passes through
It is inquired in list after the tables of data mark in tables of data access request, further includes:
When not inquiring tables of data mark in tables of data white list, source number corresponding with tables of data mark is inquired
According to table, the source data table inquired is back to the terminal.
6. the method according to claim 1, wherein the desensitization tables of data that will acquire be back to terminal it
Afterwards, further includes:
Receive the table export request that the terminal is sent;
It obtains tables of data in table export request and identifies desensitization data in corresponding desensitization tables of data;
The desensitization data that will acquire are added to temporary data table, generate export tables of data;
The export tables of data is sent to the terminal.
7. a kind of data table accessing device, which is characterized in that described device includes:
Request receiving module, for receiving the tables of data access request of terminal transmission;
Requests verification module, for accessing Authority Verification to the tables of data access request received;
Enquiry module is identified, for inquiring tables of data access request in tables of data white list after access authority verification passes through
In tables of data mark;
Tables of data obtains module, for obtaining and inquiring when inquiring tables of data mark in tables of data white list
Tables of data identify corresponding desensitization tables of data;
Tables of data return module, the desensitization tables of data for will acquire are back to terminal.
8. device according to claim 7, which is characterized in that the data table accessing device further include:
Data desensitization module, for the tables of data in regular ergodic data library;It is traversed according to the determination of default sensitive keys word
It whether there is sensitive data section in tables of data;There are when sensitive data section in the tables of data traversed described in the determination, to described
The corresponding data of sensitive data section in the tables of data traversed carry out desensitization process, and it is corresponding to obtain the tables of data traversed
Desensitization tables of data.
9. a kind of computer equipment, including memory and processor, the memory are stored with computer program, feature exists
In the step of processor realizes any one of claims 1 to 6 the method when executing the computer program.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The step of method described in any one of claims 1 to 6 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910420383.0A CN110245505A (en) | 2019-05-20 | 2019-05-20 | Tables of data access method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910420383.0A CN110245505A (en) | 2019-05-20 | 2019-05-20 | Tables of data access method, device, computer equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110245505A true CN110245505A (en) | 2019-09-17 |
Family
ID=67884595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910420383.0A Pending CN110245505A (en) | 2019-05-20 | 2019-05-20 | Tables of data access method, device, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110245505A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110598451A (en) * | 2019-09-19 | 2019-12-20 | 中国银行股份有限公司 | Data desensitization method and device |
CN112749408A (en) * | 2020-12-29 | 2021-05-04 | 拉卡拉支付股份有限公司 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
CN112948877A (en) * | 2021-03-03 | 2021-06-11 | 北京中安星云软件技术有限公司 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
CN113221177A (en) * | 2021-05-28 | 2021-08-06 | 中国工商银行股份有限公司 | Data access method, device and system in distributed system |
CN113806373A (en) * | 2021-09-29 | 2021-12-17 | 中国平安人寿保险股份有限公司 | Data processing method and device, electronic equipment and storage medium |
CN114040404A (en) * | 2021-11-08 | 2022-02-11 | 中国电信股份有限公司 | Data distribution method, system, device and storage medium |
CN114679317A (en) * | 2019-12-26 | 2022-06-28 | 支付宝(杭州)信息技术有限公司 | Data viewing method and device |
CN114880702A (en) * | 2022-04-25 | 2022-08-09 | 北京科杰科技有限公司 | Request processing method and device based on rank-level authority, electronic equipment and medium |
CN115795538A (en) * | 2022-11-30 | 2023-03-14 | 湖南长银五八消费金融股份有限公司 | Desensitization document anti-desensitization method, apparatus, computer device and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080270370A1 (en) * | 2007-04-30 | 2008-10-30 | Castellanos Maria G | Desensitizing database information |
CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
CN108289095A (en) * | 2018-01-02 | 2018-07-17 | 诚壹泰合(北京)科技有限公司 | A kind of sensitive data storage method, apparatus and system |
CN109325326A (en) * | 2018-08-16 | 2019-02-12 | 深圳云安宝科技有限公司 | Data desensitization method, device, equipment and medium when unstructured data accesses |
-
2019
- 2019-05-20 CN CN201910420383.0A patent/CN110245505A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080270370A1 (en) * | 2007-04-30 | 2008-10-30 | Castellanos Maria G | Desensitizing database information |
CN106295388A (en) * | 2015-06-04 | 2017-01-04 | 中国移动通信集团山东有限公司 | A kind of data desensitization method and device |
CN108289095A (en) * | 2018-01-02 | 2018-07-17 | 诚壹泰合(北京)科技有限公司 | A kind of sensitive data storage method, apparatus and system |
CN109325326A (en) * | 2018-08-16 | 2019-02-12 | 深圳云安宝科技有限公司 | Data desensitization method, device, equipment and medium when unstructured data accesses |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110598451A (en) * | 2019-09-19 | 2019-12-20 | 中国银行股份有限公司 | Data desensitization method and device |
CN110598451B (en) * | 2019-09-19 | 2022-02-25 | 中国银行股份有限公司 | Data desensitization method and device |
CN114679317A (en) * | 2019-12-26 | 2022-06-28 | 支付宝(杭州)信息技术有限公司 | Data viewing method and device |
CN112749408A (en) * | 2020-12-29 | 2021-05-04 | 拉卡拉支付股份有限公司 | Data acquisition method, data acquisition device, electronic equipment, storage medium and program product |
CN112948877A (en) * | 2021-03-03 | 2021-06-11 | 北京中安星云软件技术有限公司 | Dynamic database desensitization method and system based on TCP (Transmission control protocol) proxy |
CN113221177A (en) * | 2021-05-28 | 2021-08-06 | 中国工商银行股份有限公司 | Data access method, device and system in distributed system |
CN113806373A (en) * | 2021-09-29 | 2021-12-17 | 中国平安人寿保险股份有限公司 | Data processing method and device, electronic equipment and storage medium |
CN114040404A (en) * | 2021-11-08 | 2022-02-11 | 中国电信股份有限公司 | Data distribution method, system, device and storage medium |
CN114040404B (en) * | 2021-11-08 | 2024-06-07 | 中国电信股份有限公司 | Data distribution method, system, equipment and storage medium |
CN114880702A (en) * | 2022-04-25 | 2022-08-09 | 北京科杰科技有限公司 | Request processing method and device based on rank-level authority, electronic equipment and medium |
CN115795538A (en) * | 2022-11-30 | 2023-03-14 | 湖南长银五八消费金融股份有限公司 | Desensitization document anti-desensitization method, apparatus, computer device and storage medium |
CN115795538B (en) * | 2022-11-30 | 2023-08-18 | 湖南长银五八消费金融股份有限公司 | Anti-desensitization method, device, computer equipment and storage medium for desensitizing document |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110245505A (en) | Tables of data access method, device, computer equipment and storage medium | |
CN110365670B (en) | Blacklist sharing method and device, computer equipment and storage medium | |
CN109474578B (en) | Message checking method, device, computer equipment and storage medium | |
CN110290212B (en) | Service call recording method, device, computer equipment and storage medium | |
CN110008118A (en) | Page data test method, device, computer equipment and storage medium | |
CN109474619B (en) | Data encryption reporting method and device and data decryption method and device | |
CN106790156B (en) | Intelligent device binding method and device | |
CN110224996A (en) | Network Access Method, device, computer equipment and the storage medium of application program | |
CN110008117A (en) | Page test method, device, computer equipment and storage medium | |
CN108268375A (en) | Applied program testing method, device, computer equipment and storage medium | |
CN108777709A (en) | Website access method, device, computer equipment and storage medium | |
CN108829789A (en) | Log processing method, device, computer equipment and storage medium | |
CN108959384B (en) | Webpage data acquisition method and device, computer equipment and storage medium | |
CN110908778B (en) | Task deployment method, system and storage medium | |
CN108259514A (en) | Leak detection method, device, computer equipment and storage medium | |
CN109447780A (en) | Information push method, device, computer equipment and storage medium | |
CN110489393A (en) | Promise breaking information query method, device, computer equipment and storage medium | |
CN109857479A (en) | Interface data processing method, device, computer equipment and storage medium | |
CN112131564A (en) | Encrypted data communication method, apparatus, device, and medium | |
CN109582583B (en) | Software testing method, device, computer equipment and storage medium | |
CN110245125A (en) | Data migration method, device, computer equipment and storage medium | |
CN109697370A (en) | Database data encipher-decipher method, device, computer equipment and storage medium | |
CN112528201A (en) | Method and device for calling third-party platform, computer equipment and storage medium | |
CN110071926B (en) | Data processing method and device | |
CN112016122A (en) | Webpage data processing method and device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |