CN111683067A - A jdbc-based decoration mode and request screening method, system and readable storage medium - Google Patents

A jdbc-based decoration mode and request screening method, system and readable storage medium Download PDF

Info

Publication number
CN111683067A
CN111683067A CN202010464795.7A CN202010464795A CN111683067A CN 111683067 A CN111683067 A CN 111683067A CN 202010464795 A CN202010464795 A CN 202010464795A CN 111683067 A CN111683067 A CN 111683067A
Authority
CN
China
Prior art keywords
access
information
server
database
jdbc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010464795.7A
Other languages
Chinese (zh)
Inventor
王勇
肖付寒
王伟
华建峰
王平
陈玉敏
高建峰
王睿昕
张晨玥
胡梦琦
张丽萍
张云鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Luneng Software Technology Co Ltd
Original Assignee
Shandong Luneng Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Luneng Software Technology Co Ltd filed Critical Shandong Luneng Software Technology Co Ltd
Priority to CN202010464795.7A priority Critical patent/CN111683067A/en
Publication of CN111683067A publication Critical patent/CN111683067A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明提供一种基于jdbc装饰模式与请求筛选方法,系统及可读存储介质,事先提取访问信息并加入判断进程队列;通过Jdbc端口将所述访问信息导入服务器;服务器判断当前访问信息是否合规;如果不合规则断开访问端与数据库的通信连接。无需获取交换机权限,安全可靠。可随时监控sql执行,并可及时阻断非法操作。可精准监控sql执行的上下文,定位sql执行的用户、程序、行数。

Figure 202010464795

The invention provides a jdbc-based decoration mode and request screening method, a system and a readable storage medium. Access information is extracted in advance and added to a judgment process queue; the access information is imported into a server through a Jdbc port; the server judges whether the current access information is compliant ; If it does not meet the rules, disconnect the communication connection between the access terminal and the database. No need to obtain switch permissions, safe and reliable. It can monitor sql execution at any time and block illegal operations in time. It can accurately monitor the context of SQL execution, and locate the user, program, and number of rows executed by SQL.

Figure 202010464795

Description

一种基于jdbc装饰模式与请求筛选方法,系统及可读存储 介质A jdbc-based decoration mode and request screening method, system and readable storage medium

技术领域technical field

本发明涉及网络通信传输技术领域,尤其涉及一种基于jdbc装饰模式与请求筛选方法,系统,设备及可读存储介质。The present invention relates to the technical field of network communication transmission, in particular to a method, system, device and readable storage medium based on a jdbc decoration mode and request screening method.

背景技术Background technique

基于网络报文的sql监控,系统通过交换机抓取数据包,通过网络传输报文,分析数据库sql的执行情况,再结合发送至被监测中间件的http数据包情况分析,其关联性达到监控数据的功能。Based on SQL monitoring of network packets, the system captures data packets through switches, transmits packets through the network, analyzes the execution of database SQL, and analyzes the HTTP packets sent to the monitored middleware. The correlation reaches the monitoring data. function.

这种监控的方式无需侵入被监测中间件的程序。基于网络数据包中间件无法作弊。但是也存在一定的缺点,如部署复杂需要取得交换机权限,对网络安全性有一定的影响。不同类型数据库报文结构不同,只能支持有限集中数据库。由于网络传输数据复杂,监控精确性有待提高。This monitoring method does not require intrusion into the program of the monitored middleware. There is no way to cheat based on network packet middleware. However, there are also certain shortcomings, such as the need to obtain switch permissions for complex deployment, which has a certain impact on network security. Different types of databases have different message structures and can only support limited centralized databases. Due to the complexity of network transmission data, the monitoring accuracy needs to be improved.

发明内容SUMMARY OF THE INVENTION

为了克服上述现有技术中的不足,本发明提供一种基于jdbc装饰模式与请求筛选方法,方法包括:In order to overcome the deficiencies in the above-mentioned prior art, the present invention provides a jdbc-based decoration mode and a request screening method, the method comprising:

提取访问信息并加入判断进程队列;Extract access information and join the judgment process queue;

通过Jdbc端口将所述访问信息导入服务器;Import the access information into the server through the Jdbc port;

服务器判断当前访问信息是否合规;The server determines whether the current access information is compliant;

如果不合规则断开访问端与数据库的通信连接。If it does not meet the rules, disconnect the communication connection between the access terminal and the database.

进一步需要说明的是,步骤提取访问信息并加入判断进程队列还包括:It should be further noted that the steps of extracting access information and adding it to the judgment process queue also include:

访问端在连接数据库之前,通过Jdbc端口向服务器发送请求访问的数据库地址端口以及身份信息;Before connecting to the database, the access terminal sends the requested database address port and identity information to the server through the Jdbc port;

服务器对访问端的身份信息进行验证;The server verifies the identity information of the access terminal;

对访问端的身份信息与被请求访问的数据库进行匹配,是否满足访问权限。The identity information of the access terminal is matched with the database requested to be accessed, and whether the access rights are satisfied.

进一步需要说明的是,步骤服务器判断当前访问信息是否合规还包括:It should be further noted that the step server judging whether the current access information is compliant also includes:

获取访问信息中的用户信息、sql信息、访问时间信息以及数据库操作函数信息;Obtain user information, sql information, access time information and database operation function information in the access information;

抽取访问信息中的访问时间信息;Extract the access time information in the access information;

判断所述访问时间信息是否满足访问时间段要求;Judging whether the access time information meets the access time period requirement;

如满足访问时间段要求,再判断用户信息是否满足访问权限信息。If the access time period requirement is met, it is then judged whether the user information meets the access authority information.

进一步需要说明的是,如满足权限信息,将权限信息与数据库操作函数信息进行匹配,判断数据库操作函数信息是否满足访问权限。It should be further noted that, if the permission information is satisfied, the permission information and the database operation function information are matched to determine whether the database operation function information satisfies the access permission.

进一步需要说明的是,步骤如果不合规则断开访问端与数据库的通信连接还包括:It should be further noted that, if the steps do not conform to the rules, the communication connection between the access terminal and the database is disconnected, and further includes:

获取当前访问端的地址和用户信息,并更新黑名单中的地址和用户信息。Get the address and user information of the current access terminal, and update the address and user information in the blacklist.

本发明还提供一种基于jdbc装饰模式与请求筛选系统,包括:服务器和数据库;The present invention also provides a jdbc-based decoration mode and request screening system, including: a server and a database;

服务器配置有判断进程队列;通过Jdbc端口接收访问端的访问信息,并配置到判断进程队列;按照预设次序从判断进程队列调取访问信息判断当前访问信息是否合规;The server is configured with a judgment process queue; the access information of the access terminal is received through the Jdbc port, and configured to the judgment process queue; the access information is called from the judgment process queue according to the preset order to judge whether the current access information is compliant;

如果合规将访问端与数据库建立通信连接。If it is compliant, establish a communication connection between the access end and the database.

进一步需要说明的是,服务器还用于配置数据库的访问时间段以及配置用户的不同访问权限配置不同的访问时间段。It should be further noted that the server is also used to configure the access time period of the database and configure different access time periods for different access rights of users.

进一步需要说明的是,服务器还用于匹配访问端与访问权限规则;It should be further noted that the server is also used to match the access terminal and access permission rules;

过滤访问信息中的SQL访问指令,将SQL访问指令与访问权限规则相匹配,以执行与访问权限规则相匹配的SQL访问指令。Filter the SQL access instructions in the access information, and match the SQL access instructions with the access authority rules to execute the SQL access instructions matched with the access authority rules.

进一步需要说明的是,服务器配置黑名单,并将不合规则访问端的地址信息配置到黑名单中。It should be further noted that the server is configured with a blacklist, and the address information of the illegal access terminal is configured into the blacklist.

本发明还提供一种具有基于jdbc装饰模式与请求筛选方法的可读存储介质,可读存储介质上存储有计算机程序,所述计算机程序被处理器执行以实现基于jdbc装饰模式与请求筛选方法的步骤。The present invention also provides a readable storage medium with a jdbc-based decoration mode and a request screening method, wherein the readable storage medium stores a computer program, the computer program is executed by a processor to realize the jdbc-based decoration mode and the request screening method. step.

从以上技术方案可以看出,本发明具有以下优点:As can be seen from the above technical solutions, the present invention has the following advantages:

本发明事先提取访问信息并加入判断进程队列;通过Jdbc端口将所述访问信息导入服务器;服务器判断当前访问信息是否合规;如果不合规则断开访问端与数据库的通信连接。无需获取交换机权限,安全可靠。可随时监控sql执行,并可及时阻断非法操作。可精准监控sql执行的上下文,定位sql执行的用户、程序、行数。The present invention extracts the access information in advance and joins the judgment process queue; imports the access information into the server through the Jdbc port; the server judges whether the current access information is compliant; No need to obtain switch permissions, safe and reliable. It can monitor sql execution at any time and block illegal operations in time. It can accurately monitor the context of SQL execution, and locate the user, program, and number of rows executed by SQL.

附图说明Description of drawings

为了更清楚地说明本发明的技术方案,下面将对描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions of the present invention more clearly, the accompanying drawings required in the description will be briefly introduced below. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention, which are not relevant to ordinary skills in the art. As far as personnel are concerned, other drawings can also be obtained from these drawings on the premise of no creative work.

图1为基于jdbc装饰模式与请求筛选方法流程图;Figure 1 is a flowchart of the jdbc-based decoration mode and request screening method;

图2为基于jdbc装饰模式与请求筛选系统示意图。Figure 2 is a schematic diagram of a jdbc-based decoration mode and a request screening system.

具体实施方式Detailed ways

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those of ordinary skill in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two. Interchangeability, the above description has generally described the components and steps of each example in terms of function. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of the present invention.

附图中所示的方框图仅仅是功能实体,不一定必须与物理上独立的实体相对应。即,可以采用软件形式来实现这些功能实体,或在一个或多个硬件模块或集成电路中实现这些功能实体,或在不同网络和/或处理器装置和/或微控制器装置中实现这些功能实体。The block diagrams shown in the figures are merely functional entities and do not necessarily necessarily correspond to physically separate entities. That is, these functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices entity.

本发明中SQL是结构化查询语言(Structured Query Language),是一种特殊目的的编程语言,是一种数据库查询和程序设计语言,用于存取数据以及查询、更新和管理关系数据库系统。In the present invention, SQL is a structured query language (Structured Query Language), a special purpose programming language, a database query and programming language, used for accessing data and querying, updating and managing relational database systems.

Java数据库连接,(Java Database Connectivity,简称JDBC)是Java语言中用来规范客户端程序如何来访问数据库的应用程序接口,提供了诸如查询和更新数据库中数据的方法。Java Database Connectivity, (Java Database Connectivity, JDBC for short) is an application program interface in the Java language used to standardize how client programs access the database, providing methods such as querying and updating data in the database.

本发明具体涉及一种基于jdbc装饰模式与请求筛选方法,如图1所示,方法包括:The present invention specifically relates to a jdbc-based decoration mode and a request screening method, as shown in FIG. 1 , the method includes:

本发明的方法中,服务器过滤用户信息。可截获用户访问页面、session(包含登录数据)等信息。In the method of the present invention, the server filters user information. It can intercept user access page, session (including login data) and other information.

S101,提取访问信息并加入判断进程队列;S101, extract the access information and join the judgment process queue;

本步骤中,访问端在连接数据库之前,通过Jdbc端口向服务器发送请求访问的数据库地址端口以及身份信息;服务器对访问端的身份信息进行验证;对访问端的身份信息与被请求访问的数据库进行匹配,是否满足访问权限。In this step, before connecting to the database, the access terminal sends the database address port and identity information of the requested access to the server through the Jdbc port; the server verifies the identity information of the access terminal; matches the identity information of the access terminal with the database requested to be accessed, Whether the access rights are satisfied.

S102,通过Jdbc端口将所述访问信息导入服务器;S102, import the access information into the server through the Jdbc port;

S103,服务器判断当前访问信息是否合规;S103, the server judges whether the current access information is compliant;

具体的讲,获取访问信息中的用户信息、sql信息、访问时间信息以及数据库操作函数信息;抽取访问信息中的访问时间信息;判断所述访问时间信息是否满足访问时间段要求;Specifically, obtaining user information, sql information, access time information and database operation function information in the access information; extracting the access time information in the access information; judging whether the access time information meets the access time period requirement;

如满足访问时间段要求,再判断用户信息是否满足访问权限信息。If the access time period requirement is met, it is then judged whether the user information meets the access authority information.

如满足权限信息,将权限信息与数据库操作函数信息进行匹配,判断数据库操作函数信息是否满足访问权限。If the permission information is satisfied, the permission information is matched with the database operation function information to determine whether the database operation function information satisfies the access permission.

S104,如果不合规则断开访问端与数据库的通信连接。S104, if the rules are not met, the communication connection between the access terminal and the database is disconnected.

获取当前访问端的地址和用户信息,并更新黑名单中的地址和用户信息。Get the address and user information of the current access terminal, and update the address and user information in the blacklist.

基于上述方法本发明还提供一种基于jdbc装饰模式与请求筛选系统,如图2所示,包括:服务器1和数据库2;Based on the above method, the present invention also provides a jdbc-based decoration mode and request screening system, as shown in FIG. 2 , including: a server 1 and a database 2;

服务器配置有判断进程队列;通过Jdbc端口接收访问端3的访问信息,并配置到判断进程队列;按照预设次序从判断进程队列调取访问信息判断当前访问信息是否合规;如果合规将访问端与数据库建立通信连接。The server is configured with a judgment process queue; the access information of the access terminal 3 is received through the Jdbc port, and configured to the judgment process queue; the access information is called from the judgment process queue according to the preset order to judge whether the current access information is compliant; The terminal establishes a communication connection with the database.

服务器通过装饰模式,编写新的jdbc程序包装原生jdbc。主要装饰了Driver、Connection、PreparedStatement、Statement等主要类方法。在sql调用前后联系服务器将用户信息、sql信息、函数调用信息传送至监控服务器,也可打断非法操作,起到控制的作用。The server uses the decoration mode to write a new jdbc program to wrap the native jdbc. It mainly decorates the main class methods such as Driver, Connection, PreparedStatement, and Statement. Contact the server before and after the sql call to transmit user information, sql information, and function call information to the monitoring server, which can also interrupt illegal operations and play a control role.

其中,服务器还用于配置数据库的访问时间段以及配置用户的不同访问权限配置不同的访问时间段。The server is also used to configure the access time period of the database and configure different access time periods for different access rights of users.

匹配访问端与访问权限规则;过滤访问信息中的SQL访问指令,将SQL访问指令与访问权限规则相匹配,以执行与访问权限规则相匹配的SQL访问指令。Match the access terminal and the access authority rules; filter the SQL access instructions in the access information, and match the SQL access instructions with the access authority rules to execute the SQL access instructions that match the access authority rules.

服务器配置黑名单,并将不合规则访问端的地址信息配置到黑名单中。The server configures a blacklist, and configures the address information of the illegal access terminals into the blacklist.

其中服务器还可以基于Jdbc探针访问服务器判断当前应用是否可用。The server can also access the server based on the Jdbc probe to determine whether the current application is available.

进一步的301首次注册dirve时,被监控系统向服务器请求真实数据库地址端口。Further 301 When the dirve is registered for the first time, the monitored system requests the real database address port from the server.

302当调用drive时装饰后的drive拦截connect方法向服务器询问被监控系统是否可执行sql302 When calling drive, the decorated drive intercepts the connect method and asks the server whether the monitored system can execute sql

302服务器进行应答返回被监控系统信息302 The server responds and returns the monitored system information

303如果服务器禁用了被监控链接则直接抛出异常结束执行303 If the server disables the monitored link, it directly throws an exception to end the execution

jdbc探针在原生jdbc执行sql之前组合sql信息与用户信息发送至服务器保存。The jdbc probe combines SQL information and user information before native jdbc executes SQL and sends it to the server for storage.

服务器判断当前sql是否合规The server judges whether the current SQL is compliant

如果不合规则直接抛出异常打断操作If it does not conform to the rules, throw an exception directly to interrupt the operation

如果合规将sql信息交于原生驱动执行。If it is compliant, submit the SQL information to the native driver for execution.

这里无需获取交换机权限,安全可靠。可随时监控sql执行,并可及时阻断非法操作。可精准监控sql执行的上下文,定位sql执行的用户、程序、行数There is no need to obtain switch permissions here, which is safe and reliable. It can monitor sql execution at any time and block illegal operations in time. It can accurately monitor the context of sql execution, locate the user, program, and number of lines executed by sql

基于上述方法及系统本发明还提供一种具有基于jdbc装饰模式与请求筛选方法的可读存储介质,可读存储介质上存储有计算机程序,所述计算机程序被处理器执行以实现基于jdbc装饰模式与请求筛选方法的步骤。Based on the above method and system, the present invention also provides a readable storage medium with a jdbc-based decoration mode and a request screening method. The readable storage medium stores a computer program, and the computer program is executed by a processor to realize the jdbc-based decoration mode. Steps with request filter method.

具有基于jdbc装饰模式与请求筛选方法的可读存储介质可以采用一个或多个可读介质的任意组合。可读介质可以是可读信号介质或者可读存储介质。可读存储介质例如可以为但不限于电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The readable storage medium with the jdbc-based decoration mode and the request filtering method may adopt any combination of one or more readable mediums. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device, or a combination of any of the above. More specific examples (non-exhaustive list) of readable storage media include: electrical connections with one or more wires, portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.

对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本发明。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本发明的精神或范围的情况下,在其它实施例中实现。因此,本发明将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments enables any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1.一种基于jdbc装饰模式与请求筛选方法,其特征在于,方法包括:1. a method based on jdbc decoration pattern and request screening, is characterized in that, method comprises: 提取访问信息并加入判断进程队列;Extract access information and join the judgment process queue; 通过Jdbc端口将所述访问信息导入服务器;Import the access information into the server through the Jdbc port; 服务器判断当前访问信息是否合规;The server determines whether the current access information is compliant; 如果不合规则断开访问端与数据库的通信连接。If it does not meet the rules, disconnect the communication connection between the access terminal and the database. 2.根据权利要求1所述的方法,其特征在于,2. The method according to claim 1, wherein 步骤提取访问信息并加入判断进程队列还包括:The steps of extracting access information and adding it to the judgment process queue also include: 访问端在连接数据库之前,通过Jdbc端口向服务器发送请求访问的数据库地址端口以及身份信息;Before connecting to the database, the access terminal sends the requested database address port and identity information to the server through the Jdbc port; 服务器对访问端的身份信息进行验证;The server verifies the identity information of the access terminal; 对访问端的身份信息与被请求访问的数据库进行匹配,是否满足访问权限。The identity information of the access terminal is matched with the database requested to be accessed, and whether the access rights are satisfied. 3.根据权利要求1所述的方法,其特征在于,3. The method according to claim 1, wherein 步骤服务器判断当前访问信息是否合规还包括:Step The server determines whether the current access information is compliant and includes: 获取访问信息中的用户信息、sql信息、访问时间信息以及数据库操作函数信息;Obtain user information, sql information, access time information and database operation function information in the access information; 抽取访问信息中的访问时间信息;Extract the access time information in the access information; 判断所述访问时间信息是否满足访问时间段要求;Judging whether the access time information meets the access time period requirement; 如满足访问时间段要求,再判断用户信息是否满足访问权限信息。If the access time period requirement is met, it is then judged whether the user information meets the access authority information. 4.根据权利要求3所述的方法,其特征在于,4. The method of claim 3, wherein 如满足权限信息,将权限信息与数据库操作函数信息进行匹配,判断数据库操作函数信息是否满足访问权限。If the permission information is satisfied, the permission information is matched with the database operation function information to determine whether the database operation function information satisfies the access permission. 5.根据权利要求3所述的方法,其特征在于,5. The method of claim 3, wherein 步骤如果不合规则断开访问端与数据库的通信连接还包括:The steps of disconnecting the communication connection between the access terminal and the database if it does not conform to the rules also include: 获取当前访问端的地址和用户信息,并更新黑名单中的地址和用户信息。Get the address and user information of the current access terminal, and update the address and user information in the blacklist. 6.一种基于jdbc装饰模式与请求筛选系统,其特征在于,包括:服务器和数据库;6. A system based on jdbc decoration mode and request screening, characterized in that, comprising: a server and a database; 服务器配置有判断进程队列;通过Jdbc端口接收访问端的访问信息,并配置到判断进程队列;按照预设次序从判断进程队列调取访问信息判断当前访问信息是否合规;The server is configured with a judgment process queue; the access information of the access terminal is received through the Jdbc port, and configured to the judgment process queue; the access information is called from the judgment process queue according to the preset order to judge whether the current access information is compliant; 如果合规将访问端与数据库建立通信连接。If it is compliant, establish a communication connection between the access end and the database. 7.根据权利要求6所述的系统,其特征在于,7. The system of claim 6, wherein: 服务器还用于配置数据库的访问时间段以及配置用户的不同访问权限配置不同的访问时间段。The server is also used to configure the access time period of the database and configure different access time periods for users with different access rights. 8.根据权利要求6所述的系统,其特征在于,8. The system of claim 6, wherein: 服务器还用于匹配访问端与访问权限规则;The server is also used to match the access terminal and access permission rules; 过滤访问信息中的SQL访问指令,将SQL访问指令与访问权限规则相匹配,以执行与访问权限规则相匹配的SQL访问指令。Filter the SQL access instructions in the access information, and match the SQL access instructions with the access authority rules to execute the SQL access instructions matched with the access authority rules. 9.根据权利要求6所述的系统,其特征在于,9. The system of claim 6, wherein 服务器配置黑名单,并将不合规则访问端的地址信息配置到黑名单中。The server configures a blacklist, and configures the address information of the illegal access terminals into the blacklist. 10.一种具有基于jdbc装饰模式与请求筛选方法的可读存储介质,其特征在于,可读存储介质上存储有计算机程序,所述计算机程序被处理器执行以实现如权利要求1至5任意一项所述基于jdbc装饰模式与请求筛选方法的步骤。10. A readable storage medium with a jdbc-based decoration mode and a request screening method, characterized in that, a computer program is stored on the readable storage medium, and the computer program is executed by the processor to achieve any of claims 1 to 5. One of the described steps based on the jdbc decoration pattern and request filtering method.
CN202010464795.7A 2020-05-28 2020-05-28 A jdbc-based decoration mode and request screening method, system and readable storage medium Pending CN111683067A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010464795.7A CN111683067A (en) 2020-05-28 2020-05-28 A jdbc-based decoration mode and request screening method, system and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010464795.7A CN111683067A (en) 2020-05-28 2020-05-28 A jdbc-based decoration mode and request screening method, system and readable storage medium

Publications (1)

Publication Number Publication Date
CN111683067A true CN111683067A (en) 2020-09-18

Family

ID=72434818

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010464795.7A Pending CN111683067A (en) 2020-05-28 2020-05-28 A jdbc-based decoration mode and request screening method, system and readable storage medium

Country Status (1)

Country Link
CN (1) CN111683067A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN105721507A (en) * 2016-04-21 2016-06-29 中国科学院软件研究所 Basic support system and method for data sharing service platform based on JDBC (Java Data Base Connectivity)-long message
CN106067881A (en) * 2016-06-24 2016-11-02 泰康保险集团股份有限公司 Data Access Security control method based on OS/400, Apparatus and system
US20170331826A1 (en) * 2016-05-11 2017-11-16 International Business Machines Corporation Hybrid database access control in external-to-database security systems
CN110069941A (en) * 2019-03-15 2019-07-30 深圳市买买提信息科技有限公司 A kind of interface access authentication method, apparatus and computer-readable medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104077284A (en) * 2013-03-26 2014-10-01 中国移动通信集团湖北有限公司 Data security access method and data security access system
CN105721507A (en) * 2016-04-21 2016-06-29 中国科学院软件研究所 Basic support system and method for data sharing service platform based on JDBC (Java Data Base Connectivity)-long message
US20170331826A1 (en) * 2016-05-11 2017-11-16 International Business Machines Corporation Hybrid database access control in external-to-database security systems
CN106067881A (en) * 2016-06-24 2016-11-02 泰康保险集团股份有限公司 Data Access Security control method based on OS/400, Apparatus and system
CN110069941A (en) * 2019-03-15 2019-07-30 深圳市买买提信息科技有限公司 A kind of interface access authentication method, apparatus and computer-readable medium

Similar Documents

Publication Publication Date Title
CN115134099B (en) Network attack behavior analysis method and device based on full flow
CN111585771B (en) A centralized authentication system for IoT devices based on U2F physical tokens
CN106357609B (en) A kind of method and system, public network server and private clound equipment creating user
WO2012159474A1 (en) Malicious behavior detection method and system based on smartphone radio interface layer
CN102185716A (en) Universal management method and system for communication equipment
WO2021027600A1 (en) Single log-in method, apparatus and device, and computer-readable storage medium
US20060143717A1 (en) Computer network monitoring method and device
CN112115475A (en) Unauthorized vulnerability detection method and device, storage medium and computer equipment
WO2015070584A1 (en) Method and apparatus for controlling intelligent terminal
KR100655568B1 (en) Wireless internet service processing apparatus and method
CN111683067A (en) A jdbc-based decoration mode and request screening method, system and readable storage medium
CN119299155A (en) Authentication method and device for Internet of Things equipment, and non-volatile storage medium
CN102137102A (en) Realizing method of service supporting platform for supporting multiclass information publishing modes
CN113626789A (en) User operation request processing method and device and electronic equipment
CN103997416B (en) The error correction method and error correction device of mobile terminal Internet access
CN118520448A (en) Method, device, equipment and storage medium for exporting in-band one-key collection log
CN109756403A (en) Access verification method, device, system and computer readable storage medium
TWI687817B (en) Remote operation method
CN102316443A (en) Storage system for use information of mobile terminal and method
WO2023169097A1 (en) 5g message terminal identification method, service platform and storage medium
CN106067881B (en) Data Access Security control method based on OS/400, apparatus and system
CN109348053B (en) Telephone number mark processing method, server, terminal device and computer readable storage medium
CN111343193B (en) Cloud network port security protection method and device, electronic equipment and storage medium
WO2022243956A1 (en) Method, mobile equipment, and system for vulnerability detection in a sim
CN112468500A (en) Risk processing method and system based on multi-dimensional data dynamic change scene

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200918

RJ01 Rejection of invention patent application after publication