CN111083166A - Method and device for setting white list in cloud database and computer storage medium - Google Patents
Method and device for setting white list in cloud database and computer storage medium Download PDFInfo
- Publication number
- CN111083166A CN111083166A CN201911409482.5A CN201911409482A CN111083166A CN 111083166 A CN111083166 A CN 111083166A CN 201911409482 A CN201911409482 A CN 201911409482A CN 111083166 A CN111083166 A CN 111083166A
- Authority
- CN
- China
- Prior art keywords
- request
- database
- firewall
- white list
- cloud database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
A method and a device for setting a white list of a cloud database are provided. The method comprises the steps that in the instantiation process of a database, a database agent receives a request for adding a white list, which is sent by a user, wherein the request comprises an IP address; and adding the IP address received in the request into a firewall rule, and updating the firewall rule. The scheme of the invention utilizes the firewall of the virtual computing environment to control the access and the operation authority of the cloud database, thereby protecting the reliability and the safety of the user data.
Description
Technical Field
The invention belongs to the field of computers, and particularly relates to a method and a device for setting a white list in a cloud database and a computer-readable storage medium.
Background
The MySQL cloud database is a product combining a traditional database and a cloud computing technology, can provide virtualization of data resources, provides database services on the basis of virtualization, and needs a white list to limit access rights of users due to the consideration of user and information security.
The currently commonly used white list is controlled by MySQL rights, and the server accepts a connection only if the Host and User columns recorded by the User table match the client hostname and username and provide the correct password. Another approach is to modify the configuration file my. cnf of MySQL to control permissions. Both of these methods are limited at the level of the MySQL database, or risky, and the user can still destroy the database by connecting it remotely to the virtual computing environment in which the database is located.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, it is an object of the present invention to improve security and reliability of cloud database access.
The embodiment of the invention discloses a method for setting a white list of a cloud database, wherein in the instantiation process of the database, a database agent receives a request for adding the white list, which is sent by a user, wherein the request comprises an IP address; and adding the IP address received in the request into a firewall rule, and updating the firewall rule.
In one possible embodiment, a firewall command line is invoked to add and validate the whitelist in accordance with the request.
In a possible embodiment, before the database proxy agent receives the request for adding the white list sent by the user, the method further includes invoking a firewall command to initialize the firewall rule.
The embodiment of the invention also discloses a device for setting the white list of the cloud database, which comprises a receiving module, a white list adding module and a white list setting module, wherein the receiving module is used for receiving a request for adding the white list sent by a user by a database agent in the instantiation process of the database, and the request comprises an IP address; and the processing module is used for adding the IP address received in the request into the firewall rule and updating the firewall rule.
In one possible embodiment, the processing module is further configured to invoke a firewall command line to add and validate the whitelist according to the request.
In one possible embodiment, the firewall system further comprises an initialization module for calling the firewall command and initializing the firewall rule.
The invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the method for setting the white list of the cloud database is realized.
The invention has the beneficial effects that: the scheme of the invention utilizes the firewall of the virtual computing environment to control the access and the operation authority of the cloud database, thereby protecting the reliability and the safety of the user data.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an apparatus according to an embodiment of the present invention.
Detailed Description
In order to facilitate understanding of those skilled in the art, the present invention will be further described with reference to the following examples and drawings, which are not intended to limit the present invention.
Based on a firewall of a virtual resource environment and based on database service under a linux system, in the process of initializing a database instance, only releasing the SSH authority of a management network to the instance, and after the instance is successfully created, controlling a white list of the instance by matching with an agent in the instance.
Specifically, the embodiment of the invention discloses a method for setting a white list for a cloud database, and as shown in fig. 1, the method includes:
s101, in the process of instantiating the database, the database agent receives a request for adding a white list, which is sent by a user, wherein the request comprises an IP address.
Before the database agent receives the request for adding the white list sent by the user, the method also comprises the steps of calling a firewall command and initializing the firewall rule. Specifically, after receiving the creation request, the database agent first initializes a firewall access white list, such as a network IP address field of the management network, a port number required for a service of the management network, and the like.
S102, adding the IP address received in the request into a firewall rule, and updating the firewall rule.
Specifically, a firewall command line is called according to the request to add the white list and enable the white list to take effect. The command to invoke firewall-cmd in the database proxy program adds a white list, and the following command lines may be used:
(1)firewall-cmd--permanent--add-rich-rule="rule family="ipv4"sourceaddress="192.168.0.2port="3306"accept
(2)firewall-cmd–reload。
after the addition is completed, a restart command of firewall-cmd needs to be called again, namely the restart command can take effect after the reload.
By the scheme, the access and operation authority of the cloud database is controlled by using the firewall of the virtual computing environment, so that the reliability and the safety of user data are protected.
The embodiment of the present invention further discloses a device 10 for setting a white list in a cloud database, as shown in fig. 2, including: the receiving module 101 is configured to receive, by a database agent, a request for adding a white list sent by a user in a database instantiation process, where the request includes an IP address; the processing module 102 is configured to add the IP address received in the request to the firewall rule, and update the firewall rule.
For specific implementation of the apparatus 100, reference may be made to the method embodiment, which is not described in detail herein.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described embodiments are merely illustrative, and for example, a division of a unit is merely a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
While the invention has been described in terms of its preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.
Claims (7)
1. A method for setting a white list of a cloud database is characterized in that in the instantiation process of the database, a database agent receives a request for adding the white list, which is sent by a user, wherein the request comprises an IP address; and adding the IP address received in the request into a firewall rule, and updating the firewall rule.
2. The method of claim 1, wherein invoking a firewall command line according to the request adds and validates the whitelist.
3. The method of claim 1, further comprising, prior to the database agent receiving the request to add a whitelist sent by the user, invoking a firewall command to initialize a firewall rule.
4. The device for setting the white list of the cloud database is characterized by comprising a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a request for adding the white list, which is sent by a user, by a database agent in the instantiation process of the database, and the request comprises an IP address; and the processing module is used for adding the IP address received in the request into the firewall rule and updating the firewall rule.
5. The apparatus of claim 4, wherein the processing module is further to invoke a firewall command line to add and validate the whitelist according to the request.
6. The apparatus of claim 4, further comprising an initialization module to invoke a firewall command to initialize firewall rules.
7. A computer storage medium having stored thereon a computer program which, when executed by a processor, implements the method of white listing a cloud database according to any of the preceding claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911409482.5A CN111083166A (en) | 2019-12-31 | 2019-12-31 | Method and device for setting white list in cloud database and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911409482.5A CN111083166A (en) | 2019-12-31 | 2019-12-31 | Method and device for setting white list in cloud database and computer storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111083166A true CN111083166A (en) | 2020-04-28 |
Family
ID=70320898
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911409482.5A Pending CN111083166A (en) | 2019-12-31 | 2019-12-31 | Method and device for setting white list in cloud database and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111083166A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865915A (en) * | 2020-06-15 | 2020-10-30 | 新浪网技术(中国)有限公司 | IP control method and system for accessing server |
| CN112769777A (en) * | 2020-12-28 | 2021-05-07 | 上海蓝云网络科技有限公司 | Data integration method and device based on cloud platform and electronic equipment |
| CN114205130A (en) * | 2021-12-03 | 2022-03-18 | 紫光云(南京)数字技术有限公司 | Method for realizing firewall object policy rule priority |
| CN115987668A (en) * | 2022-12-29 | 2023-04-18 | 北京深盾科技股份有限公司 | Access control method, system, electronic device and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140245423A1 (en) * | 2013-02-26 | 2014-08-28 | Zentera Systems, Inc. | Peripheral Firewall System for Application Protection in Cloud Computing Environments |
| US20170155669A1 (en) * | 2014-07-07 | 2017-06-01 | Nippon Telegraph And Telephone Corporation | Detection device, detection method, and detection program |
| CN109327469A (en) * | 2018-11-26 | 2019-02-12 | 杨凌汇方农业有限公司 | For managing the method and intelligent gateway of Internet of Things |
| CN109413043A (en) * | 2018-09-25 | 2019-03-01 | 聚好看科技股份有限公司 | Realize method and device, the electronic equipment, storage medium of Database Dynamic configuration |
| CN109660579A (en) * | 2017-10-11 | 2019-04-19 | 阿里巴巴集团控股有限公司 | Data processing method, system and electronic equipment |
| CN110326268A (en) * | 2017-02-22 | 2019-10-11 | 霍尼韦尔国际公司 | Transparent fireproof wall for the equipment that keeps the scene intact |
| US10484334B1 (en) * | 2013-02-26 | 2019-11-19 | Zentera Systems, Inc. | Distributed firewall security system that extends across different cloud computing networks |
-
2019
- 2019-12-31 CN CN201911409482.5A patent/CN111083166A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140245423A1 (en) * | 2013-02-26 | 2014-08-28 | Zentera Systems, Inc. | Peripheral Firewall System for Application Protection in Cloud Computing Environments |
| US10484334B1 (en) * | 2013-02-26 | 2019-11-19 | Zentera Systems, Inc. | Distributed firewall security system that extends across different cloud computing networks |
| US20170155669A1 (en) * | 2014-07-07 | 2017-06-01 | Nippon Telegraph And Telephone Corporation | Detection device, detection method, and detection program |
| CN110326268A (en) * | 2017-02-22 | 2019-10-11 | 霍尼韦尔国际公司 | Transparent fireproof wall for the equipment that keeps the scene intact |
| CN109660579A (en) * | 2017-10-11 | 2019-04-19 | 阿里巴巴集团控股有限公司 | Data processing method, system and electronic equipment |
| CN109413043A (en) * | 2018-09-25 | 2019-03-01 | 聚好看科技股份有限公司 | Realize method and device, the electronic equipment, storage medium of Database Dynamic configuration |
| CN109327469A (en) * | 2018-11-26 | 2019-02-12 | 杨凌汇方农业有限公司 | For managing the method and intelligent gateway of Internet of Things |
Non-Patent Citations (1)
| Title |
|---|
| FELIX_YUJING: "使用firewall-cmd命令配置防火墙", 《HTTPS://BLOG.CSDN.NET/FELIX_YUJING/ARTICLE/DETAILS/72835109》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865915A (en) * | 2020-06-15 | 2020-10-30 | 新浪网技术(中国)有限公司 | IP control method and system for accessing server |
| CN112769777A (en) * | 2020-12-28 | 2021-05-07 | 上海蓝云网络科技有限公司 | Data integration method and device based on cloud platform and electronic equipment |
| CN114205130A (en) * | 2021-12-03 | 2022-03-18 | 紫光云(南京)数字技术有限公司 | Method for realizing firewall object policy rule priority |
| CN115987668A (en) * | 2022-12-29 | 2023-04-18 | 北京深盾科技股份有限公司 | Access control method, system, electronic device and storage medium |
| CN115987668B (en) * | 2022-12-29 | 2024-01-02 | 北京深盾科技股份有限公司 | Access control method, system, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10585705B2 (en) | Remote management of distributed datacenters | |
| TWI526931B (en) | Inherited product activation for virtual machines | |
| US11469964B2 (en) | Extension resource groups of provider network services | |
| US7461144B1 (en) | Virtual private server with enhanced security | |
| US9817675B1 (en) | Methods and systems for attaching an encrypted data partition during the startup of an operating system | |
| US9864754B2 (en) | Virtual desktop infrastructure private cloud | |
| US8849941B2 (en) | Virtual desktop configuration and operation techniques | |
| CN111083166A (en) | Method and device for setting white list in cloud database and computer storage medium | |
| JP2019528005A (en) | Method, apparatus, and system for a virtual machine to access a physical server in a cloud computing system | |
| US9172724B1 (en) | Licensing and authentication with virtual desktop manager | |
| US20130239106A1 (en) | Offline provisioning of virtual machines | |
| EP4018617B1 (en) | Managing permissions to cloud-based resources with session-specific attributes | |
| US8813252B2 (en) | Request based license mode selection | |
| JP2022523522A (en) | High-level page management for secure interface control | |
| US20210274021A1 (en) | Securing internal services in a distributed environment | |
| US9240988B1 (en) | Computer system employing dual-band authentication | |
| US9753762B1 (en) | Implementing a host as a container or virtual machine | |
| JP7212158B2 (en) | Provider network service extension | |
| US11861409B2 (en) | Distributed decomposition of string-automated reasoning using predicates | |
| US10365948B1 (en) | Implementing a host as a container or virtual machine | |
| CN115828249A (en) | Computing node based on cloud technology and instance management method based on cloud technology | |
| CN115840943A (en) | Computing node based on cloud technology and instance management method based on cloud technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200428 |
|
| RJ01 | Rejection of invention patent application after publication |