CN111339552A - Database access method and device - Google Patents

Database access method and device Download PDF

Info

Publication number
CN111339552A
CN111339552A CN202010088001.1A CN202010088001A CN111339552A CN 111339552 A CN111339552 A CN 111339552A CN 202010088001 A CN202010088001 A CN 202010088001A CN 111339552 A CN111339552 A CN 111339552A
Authority
CN
China
Prior art keywords
proxy server
connection
proxy
factory
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010088001.1A
Other languages
Chinese (zh)
Other versions
CN111339552B (en
Inventor
陈金辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Wangsu Co Ltd
Original Assignee
Xiamen Wangsu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Wangsu Co Ltd filed Critical Xiamen Wangsu Co Ltd
Priority to CN202010088001.1A priority Critical patent/CN111339552B/en
Publication of CN111339552A publication Critical patent/CN111339552A/en
Application granted granted Critical
Publication of CN111339552B publication Critical patent/CN111339552B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Abstract

The application provides a database access method and a database access device, in particular to the field of communication, wherein the method comprises the following steps: when the relational database management system MySQL drive interface is connected with the proxy server, determining a self-defined connection parameter; calling a custom agent factory corresponding to the custom connection parameter according to the custom connection parameter; and establishing encrypted connection with the proxy server according to the user-defined proxy factory and the connection parameters aiming at the proxy server, and communicating with the MySQL server through the proxy server after establishing the encrypted connection. When the forward proxy accesses the MySQL server, the user-defined connection parameters are obtained, the user-defined proxy factory corresponding to the user-defined parameters is used for encrypted connection, the MySQL driving interface does not need to be modified, and the method is convenient to apply to various implementation scenes, wide in application range, simple and easy to implement.

Description

Database access method and device
Technical Field
The embodiment of the invention relates to the field of communication, in particular to a database access method and a database access device.
Background
A regular project production environment often only has the DBA (database administrator) read and write rights to the mysql database, while developers generally only have read-only rights. When the operator and the financial staff need to check the data, the DBA needs to lead out all the data in the mysql database, and then the developer leads the data into the local database, so that the target data is inquired out through the sql statement and the excel table is exported to be provided for the operator and the financial staff.
With the continuous development of database technology and network technology, database application systems based on networks and databases are more and more widely applied. These database systems are tasked with storing and managing information, and the leakage or destruction of such information can cause significant losses to businesses and countries. Therefore, the security problem of the database system is more and more emphasized by people.
In order to secure a database system, a target database is usually accessed by an agent in the prior art, but in the prior art, although the target database can be accessed by a forward agent mode, a user name and a password used for authentication are directly stored in a common environment global variable for use, so that the problem of mutual pollution and influence of the user name and the password occurs when a plurality of agents are required to be connected at the same time.
Disclosure of Invention
The embodiment of the application provides a database access method and device, which can perform encrypted connection when connecting each agent, and ensure the security of a user name and a password.
In one aspect, an embodiment of the present application provides a database access method, including:
when the relational database management system MySQL drive interface is connected with the proxy server, determining a self-defined connection parameter;
calling a custom agent factory corresponding to the custom connection parameter according to the custom connection parameter;
and establishing encrypted connection with the proxy server according to the user-defined proxy factory and the connection parameters aiming at the proxy server, and communicating with the MySQL server through the proxy server after establishing the encrypted connection.
Optionally, before determining the customized connection parameter, the method further includes:
and reducing the priority of the native connection parameters of the MySQL driving interface so as to enable the priority of the native connection parameters to be lower than that of the self-defined connection parameters.
Optionally, the performing an encrypted connection with the proxy server according to the customized proxy factory and the connection parameter for the proxy server includes:
performing handshake protocol authentication with the proxy server according to the custom proxy factory;
and after the handshake protocol authentication is passed, carrying out encryption connection with the proxy server according to the connection parameters aiming at the proxy server.
Optionally, the connection parameter for the proxy server includes an address of the proxy server and a port of the proxy server;
carrying out encrypted connection with the proxy server according to the connection parameters aiming at the proxy server, and comprising the following steps:
and binding the address of the proxy server, the port of the proxy server and the proxy server, and determining that the encryption connection with the proxy server is successful after the binding is successful.
Optionally, the connection parameter for the proxy server includes a user name and a corresponding authentication password for the proxy server;
the performing handshake protocol authentication with the proxy server according to the custom agent factory includes:
performing handshake protocol authentication with the proxy server according to the user-defined proxy factory, the user name of the proxy server and the corresponding authentication password;
and after the user name of the proxy server and the corresponding authentication password of the proxy server are confirmed to pass verification, the handshake protocol is confirmed to pass authentication.
Optionally, after the handshake protocol authentication is passed, before performing encrypted connection with the proxy server according to the connection parameter for the proxy server, the method further includes:
determining, by the custom proxy factory, communication rules with the proxy server;
after the encrypted connection is performed with the proxy server according to the connection parameter for the proxy server, the method further includes:
and carrying out encrypted communication transmission with the proxy server according to the communication rule.
In one aspect, an embodiment of the present application provides a database access apparatus, including:
the user-defined parameter acquisition unit is used for determining user-defined connection parameters when the relational database management system MySQL driving interface is connected with the proxy server;
the agent factory determining unit is used for calling a user-defined agent factory corresponding to the user-defined connection parameter according to the user-defined connection parameter;
and the database access unit is used for establishing encrypted connection with the proxy server according to the user-defined proxy factory and the connection parameters aiming at the proxy server, and communicating with the MySQL server through the proxy server after establishing the encrypted connection.
Optionally, the custom connection parameter determining unit is further configured to:
and reducing the priority of the native connection parameters of the MySQL driving interface so as to enable the priority of the native connection parameters to be lower than that of the self-defined connection parameters.
Optionally, the database access unit is specifically configured to:
performing handshake protocol authentication with the proxy server according to the custom proxy factory;
and after the handshake protocol authentication is passed, carrying out encryption connection with the proxy server according to the connection parameters aiming at the proxy server.
Optionally, the connection parameter for the proxy server includes an address of the proxy server and a port of the proxy server;
the database access unit is specifically configured to:
and binding the address of the proxy server, the port of the proxy server and the proxy server, and determining that the encryption connection with the proxy server is successful after the binding is successful.
Optionally, the connection parameter for the proxy server includes a user name and a corresponding authentication password for the proxy server;
the database access unit is specifically configured to:
performing handshake protocol authentication with the proxy server according to the user-defined proxy factory, the user name of the proxy server and the corresponding authentication password;
and after the user name of the proxy server and the corresponding authentication password of the proxy server are confirmed to pass verification, the handshake protocol is confirmed to pass authentication.
Optionally, the database access unit is further configured to:
determining, by the custom proxy factory, communication rules with the proxy server;
and carrying out encrypted communication transmission with the proxy server according to the communication rule.
In one aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any one of the database access methods when executing the computer program.
In one aspect, embodiments of the present application provide a computer-readable storage medium storing a computer program executable by a computer device, where the program is executed by the computer device, and causes the computer device to execute the steps of any one of the above-mentioned database access methods.
In the database access method provided by the embodiment of the application, when the forward proxy accesses the MySQL server, the user-defined connection parameters are obtained, and the user-defined proxy factory corresponding to the user-defined parameters is used for encrypted connection. Since the user name and the password of the forward proxy need to be authenticated when the forward proxy accesses the MySQL server, in the prior art, a fixed user name and a fixed password variable are obtained from a global environment variable, but when a plurality of MySQL servers of different forward proxies are connected, a plurality of user names and password variables need to be obtained, and the user name and password variables are placed in the global environment variable, so that mutual pollution occurs, and the forward proxy fails to authenticate. The database access method in the embodiment of the application can be used for connecting different definition parameters and different user-defined agent factories when different MySQL drive interfaces are connected, so that different user names and passwords cannot be polluted when the database access method is connected with different MySQL drive interfaces, and the security of database access is ensured.
Furthermore, in the embodiment of the application, the flow logic connected with the MySQL driving interface is not changed, only different connection parameters are used, and the MySQL driving interface does not need to be modified, so that the application in various implementation scenes is facilitated, and the application range is wide, and the application is simple and feasible.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic diagram of an application scenario architecture of a database access method provided in the prior art;
fig. 2 is a schematic flowchart of a database access method according to an embodiment of the present application;
fig. 3 is a schematic view illustrating an interaction flow between a terminal device and a proxy server according to an embodiment of the present application;
fig. 4 is a schematic flowchart of a database access method according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a database access device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
For convenience of understanding, terms referred to in the embodiments of the present application are explained below:
database (Database): is a repository that organizes, stores, and manages data according to a data structure. Each database has one or more different APIs for creating, accessing, managing, searching, and copying the stored data. We can also store data in files, but the speed of reading and writing data in a file is relatively slow. Therefore, we now use a relational database management system (RDBMS) to store and manage large amounts of data. The relational database is a database based on a relational model, and data in the database is processed by using mathematical concepts and methods such as set algebra.
MySQL: the so-called "Relational" is a Relational Database (Relational Database Management System), and is understood as the concept of "table", and a Relational Database is composed of one or several tables.
Forward proxy: meaning a server located between the client and the origin server (origin server), in order to retrieve content from the origin server, the client sends a request to the proxy and specifies the target (origin server), and the proxy forwards the request to the origin server and returns the retrieved content to the client. The client can use the forward proxy. In the forward proxy process, a server located between a client and an origin server (origin server) acts as a proxy server.
Driving: generally referred to as a Device Driver, is a special program that enables a computer and a Device to communicate with each other. The operating system can only control the hardware equipment to work through the interface, and if the driver of some equipment is not installed correctly, the equipment cannot work normally.
And (3) SOCKS: the firewall security session transfer Protocol (Socks) Socks provides a framework for client/server applications in both TCP and UDP domains to more conveniently and securely use the services provided by network firewalls.
In a specific practical process, the inventor of the present application finds that, in the prior art, if one client is connected with multiple MySQL drive interfaces, a process of verifying a user and a password with each MySQL drive interface is required, but in the prior art, multiple users and passwords are stored in a common environment global variable for use, so that a problem of mutual pollution and influence of the user name and the password occurs when multiple agents need to be connected simultaneously.
Based on the above drawbacks of the prior art, the inventor of the present application has conceived a database access method, and the inventor wishes to follow the logic of the original MySQL driver interface, without modifying the driver interface, but change the connection parameters, and connect the corresponding custom agent factory through the connection parameters, instead of the native agent factory corresponding to the native connection parameters, so that the custom agent factory can establish different encrypted connections for each pair of user name and password. Therefore, in the embodiment of the application, the user-defined connection parameters are determined firstly, the corresponding user-defined agent factory is called through the user-defined connection parameters, the encrypted connection is established through the user-defined agent factory, and the MySQL server is accessed after the encrypted connection.
After introducing the design concept of the embodiment of the present application, some brief descriptions are made below on the architecture of the technical solution of the embodiment of the present application, and it should be noted that the architecture described below is only used for illustrating the embodiment of the present application and is not limited. In specific implementation, the technical scheme provided by the embodiment of the application can be flexibly applied according to actual needs.
To further illustrate the technical solutions provided by the embodiments of the present application, the following detailed description is made with reference to the accompanying drawings and the detailed description. Although the embodiments of the present application provide the method operation steps as shown in the following embodiments or figures, more or less operation steps may be included in the method based on the conventional or non-inventive labor. In steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by the embodiments of the present application.
Reference is made to fig. 1, which is an application architecture diagram of a database access method provided by an embodiment of the present application. The framework at least includes a plurality of terminal devices 101, a plurality of proxy servers 102, and a plurality of MySQL servers 103, for example, as shown in fig. 1, the framework includes M terminal devices 101, which are terminal devices 101-1 to terminal devices 101-M shown in fig. 1, where M is a positive integer, and a value of M is not limited in the embodiment of the present invention.
Each terminal device 101 is capable of communicating with at least one proxy server 102, accessing the MySQL server 103 via the at least one proxy server 102. In the embodiment of the present application, one proxy server 102 may be connected to one MySQL server 103, or may be connected to a plurality of MySQL servers 103. Each proxy server 102 has a MySQL driven interface, and each terminal device 101 communicates with the proxy server 102 through the MySQL driven interface.
In the embodiment of the present application, the terminal device 101 may be a terminal device such as a mobile phone, a Personal Computer (PC), a tablet computer (PAD), a Personal Digital Assistant (PDA), a notebook computer, or an intelligent wearable device (e.g., an intelligent watch and an intelligent bracelet).
The terminal device 101 may include one or more processors 1011, memory 1012, I/O interface 1013 interacting with the proxy server 102, and display panel 1014, among other things.
The proxy server 102 may be a background server including an application installed in the terminal device 101, or an application running in the terminal device 101 or an application website. The server 102 may include one or more processors 1021, memory 1022, and an I/O interface 1023 to interact with the terminal device 101, among other things. In addition, the proxy server 102 may also configure the database 1024.
The proxy server 102 may be a cluster of servers or may be a single server. Meanwhile, the server 102 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like.
The proxy server 102 may be a cloud computing module, which is a computing model that distributes computing tasks across a large number of computer-based resource pools, enabling various application systems to obtain computing power, storage space, and information services as needed. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand.
The database 1024 may also be a cloud database, which refers to a storage system that integrates a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through application software or an application interface to cooperatively work by using functions such as cluster application, a grid technology, and a distributed storage file system, and that provides data storage and service access functions to the outside. In the embodiment of the present application, each server 202 accesses the cloud database through the access structure of the cloud database.
The terminal device 101 and the proxy server 102 may be communicatively coupled via one or more networks 104. The network 104 may be a wired network or a Wireless network, for example, the Wireless network may be a mobile cellular network, or may be a Wireless-Fidelity (WIFI) network, or may also be other possible networks, which is not limited in this embodiment of the present invention.
Likewise, MySQL server 103 may, among other things, have one or more processors 1031, memory 1032, and I/O interface 1033 to interact with proxy server 102. The MySQL server 103 may also configure the database 1034. There is a MySQL database in the MySQL server 103.
The MySQL server 103 may be a server cluster or may be a single server. Meanwhile, the MySQL server 103 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like.
The MySQL server 103 may be a cloud computing module, which is a computing model that distributes computing tasks over a resource pool of a large number of computers, enabling various application systems to obtain computing power, storage space, and information services as needed. The network that provides the resources is referred to as the "cloud". Resources in the "cloud" appear to the user as being infinitely expandable and available at any time, available on demand, expandable at any time, and paid for on-demand.
The database 1034 may also be a cloud database, which refers to a storage system that integrates a large number of storage devices (storage devices are also referred to as storage nodes) of different types in a network through application software or an application interface to cooperatively work through functions such as cluster application, a grid technology, and a distributed storage file system, and that provides data storage and service access functions to the outside. In the embodiment of the present application, each server 202 accesses the cloud database through the access structure of the cloud database.
The proxy server 102 and MySQL server 103 may be communicatively connected via one or more networks 105. The network 105 may be a wired network or a Wireless network, for example, the Wireless network may be a mobile cellular network, or may be a Wireless-Fidelity (WIFI) network, or may also be other possible networks, which is not limited in this embodiment of the present invention.
Of course, the architecture provided by the embodiment of the present application is not limited to the structure shown in fig. 1, and the embodiment of the present application is not limited thereto. To further illustrate the technical solutions provided by the embodiments of the present application, the following detailed description is made with reference to the accompanying drawings and the detailed description. Although the embodiments of the present application provide the method operation steps as shown in the following embodiments or figures, more or less operation steps may be included in the method based on the conventional or non-inventive labor. In steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by the embodiments of the present application.
The following describes a technical solution provided by the embodiment of the present application with reference to an application scenario architecture shown in fig. 1.
Fig. 2 is a schematic flowchart of a database access method according to an embodiment of the present invention, which may be applied to the scenario shown in fig. 1, for example, and the flow of the method is described as follows.
Step S201, when the relational database management system MySQL drive interface is connected with the proxy server, the user-defined connection parameters are determined.
In the embodiment of the application, in the process of forward proxy, the proxy server needs to be connected through the MySQL driving interface, and in the connection process, the native connection parameters are not used, but the self-defined connection parameters are used. The important reason is that the MySQL driver interface cannot be well expanded, and if the MySQL driver interface is connected to the native connection parameters in the MySQL driver interface, the connection is performed according to the native connection process, and the connection process in the embodiment of the present application cannot be realized.
In the embodiment of the application, the customized connection parameters may be added to the MySQL driving interface through a modification instruction, or the customized connection parameters may be specified when the connection parameters are called.
In the embodiment of the present application, it is desired to use the logic of the MySQL driver interface, the native logic of the MySQL driver interface needs to connect the native connection parameters, specifically, the MySQL driver interface may include a plurality of connection parameters, the native connection parameter is one of the parameters, and in the prior art, the priority of the native connection parameter is higher than the priority of the other connection parameters, so in an optional embodiment, the use of the custom connection parameter is not specified in the connection process, but the priority of the custom connection parameter is set to be higher than the priority of the native connection parameter, and then in the connection process, the connection parameters are determined in order from high priority to low priority, and then the custom connection parameter may be determined.
In an alternative embodiment, since the client/server application of socket in the TCP and UDP domains can more conveniently and safely use the service provided by the network firewall, in the embodiment of the present application, the socket protocol is required to be used, so in the embodiment of the present application, the custom connection parameter may be a socket factory parameter.
In another alternative embodiment, there may be a plurality of the customized connection parameters, which are divided into different priorities, and each priority is higher than the priority of the original connection parameter, and when establishing connection, different terminals connect to different proxy servers, and different customized connection parameters are invoked.
Step S202, calling a custom agent factory corresponding to the custom connection parameter according to the custom connection parameter.
In the embodiment of the application, the custom connection parameter and the custom agent factory have a corresponding relationship, the agent factory refers to a processing method, and the agent factory is a processing method in a factory model.
Factory Pattern (Factory Pattern) is one of the most common design patterns in Java. This type of design schema belongs to the creation type schema, which provides an optimal way to create objects. In factory mode, the creation logic is not exposed to the client when creating the object and is directed to the newly created object by using a common interface.
It will be appreciated that different agent factories use different processing methods to perform the process of creating objects, etc.
In the embodiment of the present application, the native connection parameters correspond to a native agent factory, and the customized connection parameters correspond to a customized agent factory.
Since the native connection parameters are discarded, in the embodiment of the present application, the connection to the MySQL driven interface is created by a custom agent factory.
In this embodiment of the present application, the custom agent factory can establish a connection mode different from that of the native agent factory in the prior art, and this mode may be configured by an instruction, or is added to the connection logic process of the MySQL driven interface by an instruction, which is not limited herein.
And step S203, establishing encrypted connection with the proxy server according to the user-defined proxy factory and the connection parameters aiming at the proxy server, and communicating with the MySQL server through the proxy server after establishing the encrypted connection.
Specifically, in the embodiment of the application, the custom agent factory can implement encrypted connection, and communicates with the MySQL server after encrypted connection, that is, completes the forward agent process, and can acquire the data content in the MySQL server.
In the embodiment of the application, the customized proxy factory performs encrypted connection according to the connection parameters for different proxy servers, that is, different customized proxy factories may exist for the connection parameters of different proxy servers, and different encrypted connections also exist, that is, when one terminal device is connected with a plurality of proxy servers, authentication user names and passwords between the terminal device and the plurality of proxy servers are isolated from each other, so that the connection security is ensured.
Specifically, in the embodiment of the present application, in order to enable encrypted connection, handshake protocol authentication needs to be performed first, that is, handshake protocol authentication is performed between a user-defined proxy factory and a proxy server, and after the handshake protocol authentication passes, encrypted connection is performed between the proxy server and the proxy server according to connection parameters for the proxy server.
In the embodiment of the application, the handshake protocol authentication process can be a three-way handshake process, which is explained by the handshake protocol authentication process of the user-defined agent factory A and the agent server B, firstly, the A sends a syn synchronous request to the B, the B replies a syn ack message to the A after receiving the syn request, and the A sends a reply message ack to the B again to finish the handshake authentication.
Optionally, in this embodiment of the present application, the connection parameter for the proxy server includes an address of the proxy server and a port of the proxy server, and in the process of performing the encrypted connection, the address of the proxy server and the port of the proxy server are bound to the proxy server, for example, the IP address 1 and the port 1 of the proxy server are specified as an address and a port of the terminal device connected to the proxy server, and certainly, other addresses and ports are specified by other terminal devices, and the specified connection process between the terminal device and the proxy server is implemented by binding the address of the proxy server and the port of the proxy server to the proxy server.
In an alternative embodiment, the established encrypted connection is a SOCKS connection, so the connection parameters include sockspuryhostex and sockspuryport, where sockspuryhostex refers to an address of the proxy server, and sockspuryport refers to a port of the proxy server.
Further, in the embodiment of the present application, the process of performing handshake protocol authentication between the custom agent factory and the proxy server further includes authenticating a user name and a password of a terminal device corresponding to the custom agent factory, and in the handshake protocol authentication process, if the proxy server determines that the user name and the password are correct, a syn ack message is sent, and if the proxy server determines that the user name and the password are wrong, the syn ack message is not sent.
Optionally, in this embodiment of the application, the user name and the password of the terminal device may be characterized by sockspurexer nameex and sockspurypassword ex, that is, if a SOCKS connection is created, the sockspurexer nameex and the sockspurypassword ex characterize the password.
Optionally, in this embodiment of the present application, during the connection establishment process, a communication rule may also be determined, that is, after the handshake authentication process passes, a communication rule with the proxy server is determined, and communication is performed through the communication rule.
The terminal device a communicates with the proxy server B through the first communication rule, the proxy server B converts the communication content from the first communication rule into the second communication rule, acquires data from the MySQL server, and after receiving the data of the second communication rule sent by the MySQL server, converts the data of the second communication rule into the data of the first communication rule and sends the data to the terminal device a.
Optionally, in this embodiment of the application, the communication rule may be an encryption manner, that is, an encryption manner approved by both parties, where the encryption manner may be an encryption manner disclosed in the prior art, for example, an encryption manner such as hash value encryption, or an encryption manner agreed between the terminal device and the proxy server, where the encryption manner is an encryption manner newly established by both parties.
By the method of the embodiment, the encryption connection with the proxy server through the MySQL drive interface can be realized, and the communication with the MySQL server through the proxy server can be realized.
To explain the process of establishing an encrypted connection with the proxy server according to the custom proxy factory and the connection parameters for the proxy server, the connection parameters for the proxy server include the address of the proxy server, the port of the proxy server, the user name and the corresponding authentication password, and the communication rule, as exemplified herein.
As shown in fig. 3, the process of establishing an encrypted connection with a proxy server is schematically shown, and specifically includes:
step S301, a terminal device A sends a syn message to a proxy server B through a user-defined proxy factory, wherein the message carries a user name, a corresponding authentication password, an address of the proxy server and a port of the proxy server;
step S302, the proxy server B determines whether the user name and the corresponding authentication password are correct, and if so, the step S303 is executed; otherwise, executing step S304;
step S303, the proxy server B binds the terminal equipment A with the address of the proxy server and the port of the proxy server, and executes step S305;
step S304, the proxy server B refuses to communicate with the terminal device A;
step S305, the proxy server B sends a syn ack message to the terminal device A;
step S306, the terminal device A sends an ack message to the proxy server B;
step S307, the terminal device A sends a communication rule to the proxy server B;
step S308, the proxy server B binds the communication rule with the terminal equipment A;
in step S309, the proxy server B sends a communication rule establishment success message to the terminal device a.
For better explaining the embodiment of the present application, a database access method provided by the embodiment of the present application is described below with reference to a specific implementation scenario, and specifically as shown in fig. 4, the method includes:
step S401, when the terminal device is connected through the MySQL drive interface, determining whether a native connection parameter exists, if so, executing step S402, otherwise, executing step S403;
step S402, determining whether the priority of the current native connection parameter is lower than the priority of the custom connection parameter, if so, executing step S404, otherwise, executing step S403;
step S403, if the encrypted connection can not be carried out, the connection is carried out through the primary agent factory;
step S404, connecting with the user-defined connection parameters, and calling the corresponding user-defined agent factory;
step S405, carrying out encrypted connection through a user-defined agent factory, a user name, a corresponding authentication password, an address of the agent server and a connection parameter of a port of the agent server, and establishing an agreed encrypted communication rule;
step S406, receiving an instruction for acquiring MySQL server data message sent by an encryption communication rule;
step S407, decrypting the command and sending a command for acquiring the data message to the MySQL server;
step S408, receiving a data message sent by the MySQL server;
and step S409, sending the data message to the terminal equipment according to the agreed encryption communication rule.
Based on the same technical concept, an embodiment of the present application provides a database access apparatus 500, as shown in fig. 5, including:
a custom parameter obtaining unit 501, configured to determine a custom connection parameter when connecting with the proxy server through a relational database management system MySQL driving interface;
an agent factory determining unit 502, configured to invoke a custom agent factory corresponding to the custom connection parameter according to the custom connection parameter;
and the database access unit 503 is configured to establish an encrypted connection with the proxy server according to the custom proxy factory and the connection parameters for the proxy server, and communicate with the MySQL server through the proxy server after establishing the encrypted connection.
Optionally, the custom connection parameter obtaining unit 501 is further configured to:
and reducing the priority of the native connection parameters of the MySQL driving interface so as to enable the priority of the native connection parameters to be lower than that of the self-defined connection parameters.
Optionally, the database access unit 503 is specifically configured to:
performing handshake protocol authentication with the proxy server according to the custom proxy factory;
and after the handshake protocol authentication is passed, carrying out encryption connection with the proxy server according to the connection parameters aiming at the proxy server.
Optionally, the connection parameter for the proxy server includes an address of the proxy server and a port of the proxy server;
the database access unit 503 is specifically configured to:
and binding the address of the proxy server, the port of the proxy server and the proxy server, and determining that the encryption connection with the proxy server is successful after the binding is successful.
Optionally, the connection parameter for the proxy server includes a user name and a corresponding authentication password for the proxy server;
the database access unit 503 is specifically configured to:
performing handshake protocol authentication with the proxy server according to the user-defined proxy factory, the user name of the proxy server and the corresponding authentication password;
and after the user name of the proxy server and the corresponding authentication password of the proxy server are confirmed to pass verification, the handshake protocol is confirmed to pass authentication.
Optionally, the database access unit 503 is further configured to:
determining, by the custom proxy factory, communication rules with the proxy server;
and carrying out encrypted communication transmission with the proxy server according to the communication rule.
Based on the same technical concept, the embodiment of the present application provides a computer device, as shown in fig. 6, including at least one processor 601 and a memory 602 connected to the at least one processor, where a specific connection medium between the processor 601 and the memory 602 is not limited in the embodiment of the present application, and the processor 601 and the memory 602 are connected through a bus in fig. 6 as an example. The bus may be divided into an address bus, a data bus, a control bus, etc.
In the embodiment of the present application, the memory 602 stores instructions executable by the at least one processor 601, and the at least one processor 601 may execute the steps included in the foregoing database access method by executing the instructions stored in the memory 602.
The processor 601 is a control center of the computer device, and may connect various parts of the terminal device by using various interfaces and lines, and obtain the client address by executing or executing the instructions stored in the memory 602 and calling the data stored in the memory 602. Optionally, the processor 601 may include one or more processing units, and the processor 601 may integrate an application processor and a modem processor, wherein the application processor mainly handles an operating system, a user interface, an application program, and the like, and the modem processor mainly handles wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 601. In some embodiments, the processor 601 and the memory 602 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
The processor 601 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof, configured to implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present Application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.
The memory 602, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 602 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 602 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 602 in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.
Based on the same technical concept, embodiments of the present application provide a computer-readable storage medium storing a computer program executable by a computer device, the program causing the computer device to perform the steps of the database access method when the program runs on the computer device.
The computer-readable storage medium may be any available medium or data storage device that can be accessed by a computer, including but not limited to magnetic memory (e.g., floppy disks, hard disks, magnetic tape, magneto-optical disks (MOs), etc.), optical memory (e.g., CDs, DVDs, BDs, HVDs, etc.), and semiconductor memory (e.g., ROMs, EPROMs, EEPROMs, nonvolatile memories (NANDFLASHs), Solid State Disks (SSDs)), etc.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.

Claims (14)

1. A database access method, the method comprising:
when the relational database management system MySQL drive interface is connected with the proxy server, determining a self-defined connection parameter;
calling a custom agent factory corresponding to the custom connection parameter according to the custom connection parameter;
and establishing encrypted connection with the proxy server according to the user-defined proxy factory and the connection parameters aiming at the proxy server, and communicating with the MySQL server through the proxy server after establishing the encrypted connection.
2. The method of claim 1, wherein before determining the customized connection parameters, further comprising:
and reducing the priority of the native connection parameters of the MySQL driving interface so as to enable the priority of the native connection parameters to be lower than that of the self-defined connection parameters.
3. The method of claim 1, wherein the cryptographically connecting to the proxy server according to the custom proxy factory and connection parameters for the proxy server comprises:
performing handshake protocol authentication with the proxy server according to the custom proxy factory;
and after the handshake protocol authentication is passed, carrying out encryption connection with the proxy server according to the connection parameters aiming at the proxy server.
4. The method of claim 3, wherein the connection parameters for the proxy server include an address of the proxy server, a port of the proxy server;
carrying out encrypted connection with the proxy server according to the connection parameters aiming at the proxy server, and comprising the following steps:
and binding the address of the proxy server, the port of the proxy server and the proxy server, and determining that the encryption connection with the proxy server is successful after the binding is successful.
5. The method of claim 3, wherein the connection parameters for the proxy server include a username for the proxy server and a corresponding authentication password;
the performing handshake protocol authentication with the proxy server according to the custom agent factory includes:
performing handshake protocol authentication with the proxy server according to the user-defined proxy factory, the user name of the proxy server and the corresponding authentication password;
and after the user name of the proxy server and the corresponding authentication password of the proxy server are confirmed to pass verification, the handshake protocol is confirmed to pass authentication.
6. The method of claim 3, wherein after the handshake protocol authentication is passed and before performing an encrypted connection with the proxy server according to the connection parameters for the proxy server, the method further comprises:
determining, by the custom proxy factory, communication rules with the proxy server;
after the encrypted connection is performed with the proxy server according to the connection parameter for the proxy server, the method further includes:
and carrying out encrypted communication transmission with the proxy server according to the communication rule.
7. A database access apparatus, comprising:
the user-defined parameter acquisition unit is used for determining user-defined connection parameters when the relational database management system MySQL driving interface is connected with the proxy server;
the agent factory determining unit is used for calling a user-defined agent factory corresponding to the user-defined connection parameter according to the user-defined connection parameter;
and the database access unit is used for establishing encrypted connection with the proxy server according to the user-defined proxy factory and the connection parameters aiming at the proxy server, and communicating with the MySQL server through the proxy server after establishing the encrypted connection.
8. The apparatus of claim 7, wherein the custom connection parameter determining unit is further configured to:
and reducing the priority of the native connection parameters of the MySQL driving interface so as to enable the priority of the native connection parameters to be lower than that of the self-defined connection parameters.
9. The apparatus according to claim 7, wherein the database access unit is specifically configured to:
performing handshake protocol authentication with the proxy server according to the custom proxy factory;
and after the handshake protocol authentication is passed, carrying out encryption connection with the proxy server according to the connection parameters aiming at the proxy server.
10. The apparatus of claim 9, wherein the connection parameters for the proxy server comprise an address of the proxy server, a port of the proxy server;
the database access unit is specifically configured to:
and binding the address of the proxy server, the port of the proxy server and the proxy server, and determining that the encryption connection with the proxy server is successful after the binding is successful.
11. The apparatus of claim 9, wherein the connection parameters for the proxy server include a username for the proxy server and a corresponding authentication password;
the database access unit is specifically configured to:
performing handshake protocol authentication with the proxy server according to the user-defined proxy factory, the user name of the proxy server and the corresponding authentication password;
and after the user name of the proxy server and the corresponding authentication password of the proxy server are confirmed to pass verification, the handshake protocol is confirmed to pass authentication.
12. The apparatus of claim 9, wherein the database access unit is further configured to:
determining, by the custom proxy factory, communication rules with the proxy server;
and carrying out encrypted communication transmission with the proxy server according to the communication rule.
13. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any one of claims 1 to 6 are performed by the processor when the program is executed.
14. A computer-readable storage medium, in which a computer program is stored which is executable by a computer device, and which, when run on the computer device, causes the computer device to carry out the steps of the method as claimed in any one of claims 1 to 6.
CN202010088001.1A 2020-02-12 2020-02-12 Database access method and device Expired - Fee Related CN111339552B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010088001.1A CN111339552B (en) 2020-02-12 2020-02-12 Database access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010088001.1A CN111339552B (en) 2020-02-12 2020-02-12 Database access method and device

Publications (2)

Publication Number Publication Date
CN111339552A true CN111339552A (en) 2020-06-26
CN111339552B CN111339552B (en) 2022-05-17

Family

ID=71185131

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010088001.1A Expired - Fee Related CN111339552B (en) 2020-02-12 2020-02-12 Database access method and device

Country Status (1)

Country Link
CN (1) CN111339552B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114157501A (en) * 2021-12-08 2022-03-08 北京天融信网络安全技术有限公司 Parameter analysis method and device based on Tianri database

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025722A (en) * 2010-10-19 2011-04-20 深圳市拜特科技股份有限公司 Method for C/S architecture client to safely acquire database server link information
US20110093937A1 (en) * 2008-05-30 2011-04-21 Irdeto Canada Corporation Authenticated database connectivity for unattended applications
CN105009138A (en) * 2013-03-11 2015-10-28 国际商业机器公司 Session attribute propagation through secure database server tiers
CN105100107A (en) * 2015-08-17 2015-11-25 深圳市深信服电子科技有限公司 Method and device for authenticating proxy client account
CN110413676A (en) * 2019-07-25 2019-11-05 中国工商银行股份有限公司 The access method and its device of database, electronic equipment and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110093937A1 (en) * 2008-05-30 2011-04-21 Irdeto Canada Corporation Authenticated database connectivity for unattended applications
CN102025722A (en) * 2010-10-19 2011-04-20 深圳市拜特科技股份有限公司 Method for C/S architecture client to safely acquire database server link information
CN105009138A (en) * 2013-03-11 2015-10-28 国际商业机器公司 Session attribute propagation through secure database server tiers
CN105100107A (en) * 2015-08-17 2015-11-25 深圳市深信服电子科技有限公司 Method and device for authenticating proxy client account
CN110413676A (en) * 2019-07-25 2019-11-05 中国工商银行股份有限公司 The access method and its device of database, electronic equipment and medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MARIUSZ TRZASKA 等: "Smart proxy: Generic cloud middleware framework for improving database performance", 《2018 IEEE 3RD INTERNATIONAL CONFERENCE ON CLOUD COMPUTING AND BIG DATA ANALYSIS (ICCCBDA)》 *
黄琳倩 等: "基于DCOM的Web与数据库集成系统的体系结构", 《计算机科学》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114157501A (en) * 2021-12-08 2022-03-08 北京天融信网络安全技术有限公司 Parameter analysis method and device based on Tianri database
CN114157501B (en) * 2021-12-08 2024-01-23 北京天融信网络安全技术有限公司 Parameter analysis method and device based on TianRui database

Also Published As

Publication number Publication date
CN111339552B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
US10735472B2 (en) Container authorization policies for network trust
US11379834B2 (en) Secure management of data files using a blockchain
CN111541785B (en) Block chain data processing method and device based on cloud computing
WO2020207233A1 (en) Permission control method and apparatus for blockchain
US20220407713A1 (en) Secure token refresh
EP3657377A1 (en) Techniques to secure computation data in a computing environment
US10938924B1 (en) Systems and methods related to executing transactions in a hybrid cloud environment
CN112035215B (en) Node autonomous method, system and device of node cluster and electronic equipment
US20200403809A1 (en) Service request authentication utilizing permissions associated with digital certificates
EP3694175B1 (en) System and method for delegating authority through coupled devices
US10762193B2 (en) Dynamically generating and injecting trusted root certificates
CN112632164B (en) Universal cross-chain programming interface method for realizing trusted authority access
CN104954463A (en) Method, equipment and system for user information management of application
US20210081527A1 (en) Service API Invoking Method and Related Apparatus
US20230106581A1 (en) Confidential computing environment including devices connected to a network interface device
CN116192483A (en) Authentication method, device, equipment and medium
US11151551B2 (en) Systems and methods related to executing transactions in a hybrid cloud environment
CN111339552B (en) Database access method and device
CN111541717A (en) Service processing method, device, equipment and service system
CN111400760A (en) Method, device, server and storage medium for web application to access database
CN112417403B (en) Automatic system authentication and authorization processing method based on GitLab API
WO2021203817A1 (en) Open interface management method, electronic device, and storage medium
CN116671060A (en) Distributed broadcast encryption and key generation facility
US20230403138A1 (en) Agentless single sign-on techniques
WO2021226805A1 (en) Switching method and apparatus, and cloud platform and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220517

CF01 Termination of patent right due to non-payment of annual fee