CN111683067A - Method, system and readable storage medium for screening decoration mode and request based on jdbc - Google Patents
Method, system and readable storage medium for screening decoration mode and request based on jdbc Download PDFInfo
- Publication number
- CN111683067A CN111683067A CN202010464795.7A CN202010464795A CN111683067A CN 111683067 A CN111683067 A CN 111683067A CN 202010464795 A CN202010464795 A CN 202010464795A CN 111683067 A CN111683067 A CN 111683067A
- Authority
- CN
- China
- Prior art keywords
- access
- information
- server
- database
- jdbc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012216 screening Methods 0.000 title claims abstract description 19
- 238000005034 decoration Methods 0.000 title claims abstract description 18
- 238000004891 communication Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims description 3
- 230000001788 irregular Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 8
- 238000012544 monitoring process Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a method, a system and a readable storage medium for screening decoration modes and requests based on jdbc, which are used for extracting access information in advance and adding the access information into a judgment process queue; importing the access information into a server through a Jdbc port; the server judges whether the current access information is in compliance; and if the rule is not regular, the communication connection between the access terminal and the database is disconnected. The switch authority does not need to be acquired, and the method is safe and reliable. The execution of sql can be monitored at any time, and illegal operations can be blocked in time. The context of the execution of the sql can be accurately monitored, and the user, the program and the line number of the execution of the sql are positioned.
Description
Technical Field
The invention relates to the technical field of network communication transmission, in particular to a method, a system, equipment and a readable storage medium for screening decoration patterns and requests based on jdbc.
Background
And monitoring sql based on network messages, capturing a data packet by a system through a switch, transmitting the messages through the network, analyzing the execution condition of the database sql, and analyzing the condition of the http data packet sent to the monitored middleware, wherein the relevance of the data packet achieves the function of monitoring data.
This way of monitoring does not require a program intruding into the middleware being monitored. The middleware cannot cheat based on the network data packet. But also has certain disadvantages, such as complex deployment, requirement of obtaining switch authority, and certain influence on network security. The message structures of different types of databases are different, and only limited centralized databases can be supported. Due to the complexity of network data transmission, the monitoring accuracy needs to be improved.
Disclosure of Invention
In order to overcome the defects in the prior art, the invention provides a method for screening a decoration pattern and a request based on jdbc, which comprises the following steps:
extracting access information and adding the access information into a judgment process queue;
importing the access information into a server through a Jdbc port;
the server judges whether the current access information is in compliance;
and if the rule is not regular, the communication connection between the access terminal and the database is disconnected.
It should be further noted that the step of extracting the access information and adding the access information into the judgment process queue further includes:
before the access terminal is connected with a database, the address port and the identity information of the database which is requested to be accessed are sent to a server through a Jdbc port;
the server verifies the identity information of the access terminal;
and matching the identity information of the access terminal with the database requested to be accessed to determine whether the access authority is met.
It should be further noted that, the step that the server determines whether the current access information is compliant further includes:
acquiring user information, sql information, access time information and database operation function information in the access information;
extracting access time information in the access information;
judging whether the access time information meets the requirement of an access time period;
and if the requirement of the access time period is met, judging whether the user information meets the access authority information.
It should be further noted that, if the authority information is satisfied, the authority information is matched with the database operation function information, and whether the database operation function information satisfies the access authority is determined.
It should be further noted that the step of disconnecting the communication connection between the access terminal and the database if the rule is not legal further includes:
and acquiring the address and the user information of the current access terminal, and updating the address and the user information in the blacklist.
The invention also provides a screening system based on the jdbc decorative pattern and the request, which comprises: a server and a database;
the server is configured with a judgment process queue; receiving access information of an access terminal through a Jdbc port, and configuring the access information to a judgment process queue; calling access information from the judgment progress queue according to a preset sequence to judge whether the current access information is in compliance;
and if the compliance is met, the access terminal establishes communication connection with the database.
It should be further noted that the server is further configured to configure an access time period of the database and configure different access permissions of the user for different access time periods.
It should be further noted that the server is also used for matching the access terminal with the access right rule;
and filtering the SQL access instruction in the access information, and matching the SQL access instruction with the access authority rule so as to execute the SQL access instruction matched with the access authority rule.
It should be further noted that the server configures a black list, and configures the address information of the irregular access terminal into the black list.
The invention also provides a readable storage medium having a jdbc-based decoration pattern and a request screening method, the readable storage medium having stored thereon a computer program for execution by a processor for performing the steps of the jdbc-based decoration pattern and the request screening method.
According to the technical scheme, the invention has the following advantages:
the invention extracts the access information in advance and adds the access information into a judgment process queue; importing the access information into a server through a Jdbc port; the server judges whether the current access information is in compliance; and if the rule is not regular, the communication connection between the access terminal and the database is disconnected. The switch authority does not need to be acquired, and the method is safe and reliable. The execution of sql can be monitored at any time, and illegal operations can be blocked in time. The context of the execution of the sql can be accurately monitored, and the user, the program and the line number of the execution of the sql are positioned.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings used in the description will be briefly introduced, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a flow chart of a method for screening based on jdbc decoration patterns and requests;
FIG. 2 is a schematic diagram of a screening system based on jdbc decoration mode and request.
Detailed Description
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The SQL is a Structured Query Language (Structured Query Language), is a special purpose programming Language, is a database Query and programming Language, and is used for accessing data and querying, updating and managing a relational database system.
Java Database Connectivity (JDBC) is an application program interface in Java language that specifies how client programs access databases, providing methods such as querying and updating data in databases.
The invention particularly relates to a method for screening decoration patterns and requests based on jdbc, which comprises the following steps of:
in the method of the invention, the server filters the user information. The information of the user access page, session (including login data) and the like can be intercepted.
S101, extracting access information and adding the access information into a judgment process queue;
in the step, before the access terminal is connected with the database, the address port and the identity information of the database which is requested to be accessed are sent to the server through the Jdbc port; the server verifies the identity information of the access terminal; and matching the identity information of the access terminal with the database requested to be accessed to determine whether the access authority is met.
S102, importing the access information into a server through a Jdbc port;
s103, the server judges whether the current access information is in compliance;
specifically, user information, sql information, access time information and database operation function information in the access information are obtained; extracting access time information in the access information; judging whether the access time information meets the requirement of an access time period;
and if the requirement of the access time period is met, judging whether the user information meets the access authority information.
And if the authority information is met, matching the authority information with the database operation function information, and judging whether the database operation function information meets the access authority.
And S104, if the rule is not met, the communication connection between the access terminal and the database is disconnected.
And acquiring the address and the user information of the current access terminal, and updating the address and the user information in the blacklist.
Based on the above method, the present invention further provides a screening system based on jdbc decorative pattern and request, as shown in fig. 2, including: a server 1 and a database 2;
the server is configured with a judgment process queue; receiving access information of an access terminal 3 through a Jdbc port, and configuring the access information to a judgment process queue; calling access information from the judgment progress queue according to a preset sequence to judge whether the current access information is in compliance; and if the compliance is met, the access terminal establishes communication connection with the database.
The server writes a new jdbc program to package the native jdbc through the decoration mode. Mainly decorate main class methods such as Driver, Connection, preparedState, State, etc. The contact server transmits the user information, the sql information and the function calling information to the monitoring server before and after the sql calling, and can also interrupt illegal operation to play a role in control.
The server is also used for configuring the access time period of the database and configuring different access time periods for different access authorities of the user.
Matching an access terminal with an access authority rule; and filtering the SQL access instruction in the access information, and matching the SQL access instruction with the access authority rule so as to execute the SQL access instruction matched with the access authority rule.
And the server configures a blacklist and configures the address information of the irregular access terminal into the blacklist.
Wherein the server can also access the server to determine whether the current application is available based on the Jdbc probe.
Further 301 when registering dirve for the first time, the monitored system requests the real database address port from the server.
302 when calling drive, decorated drive intercept connect method inquires the server whether the monitored system can execute sql
302 server replies and returns monitored system information
303 directly throwing an exception ending execution if the server disables the monitored link
The jdbc probe combines the sql information with the user information before the native jdbc executes the sql and sends it to the server for storage.
The server judges whether the current sql is in compliance
Interrupting operation if abnormal rules are directly thrown out
If compliance hands sql information to the native driver execution.
The switch authority does not need to be acquired, and the method is safe and reliable. The execution of sql can be monitored at any time, and illegal operations can be blocked in time. The context of the execution of the sql can be accurately monitored, and the user, the program and the line number of the execution of the sql can be positioned
Based on the method and the system, the invention also provides a readable storage medium with a jdbc decoration based mode and a request screening method, wherein the readable storage medium stores a computer program, and the computer program is executed by a processor to realize the steps of the jdbc decoration based mode and the request screening method.
The readable storage medium having the jdbc based decoration schema and the request screening method may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for screening decoration patterns and requests based on jdbc is characterized by comprising the following steps:
extracting access information and adding the access information into a judgment process queue;
importing the access information into a server through a Jdbc port;
the server judges whether the current access information is in compliance;
and if the rule is not regular, the communication connection between the access terminal and the database is disconnected.
2. The method of claim 1,
the steps of extracting the access information and adding the access information into the judgment process queue further comprise:
before the access terminal is connected with a database, the address port and the identity information of the database which is requested to be accessed are sent to a server through a Jdbc port;
the server verifies the identity information of the access terminal;
and matching the identity information of the access terminal with the database requested to be accessed to determine whether the access authority is met.
3. The method of claim 1,
the step that the server judges whether the current access information is in compliance further comprises the following steps:
acquiring user information, sql information, access time information and database operation function information in the access information;
extracting access time information in the access information;
judging whether the access time information meets the requirement of an access time period;
and if the requirement of the access time period is met, judging whether the user information meets the access authority information.
4. The method of claim 3,
and if the authority information is met, matching the authority information with the database operation function information, and judging whether the database operation function information meets the access authority.
5. The method of claim 3,
if the communication connection between the access terminal and the database is disconnected in case of non-rule, the method further comprises the following steps:
and acquiring the address and the user information of the current access terminal, and updating the address and the user information in the blacklist.
6. A jdbc based decoration pattern and request screening system, comprising: a server and a database;
the server is configured with a judgment process queue; receiving access information of an access terminal through a Jdbc port, and configuring the access information to a judgment process queue; calling access information from the judgment progress queue according to a preset sequence to judge whether the current access information is in compliance;
and if the compliance is met, the access terminal establishes communication connection with the database.
7. The system of claim 6,
the server is also used for configuring the access time period of the database and configuring different access rights of the user for configuring different access time periods.
8. The system of claim 6,
the server is also used for matching the access terminal with the access authority rules;
and filtering the SQL access instruction in the access information, and matching the SQL access instruction with the access authority rule so as to execute the SQL access instruction matched with the access authority rule.
9. The system of claim 6,
and the server configures a blacklist and configures the address information of the irregular access terminal into the blacklist.
10. A readable storage medium having a jdbc-based decoration pattern and request screening method, wherein the readable storage medium has stored thereon a computer program, which is executed by a processor to implement the steps of the jdbc-based decoration pattern and request screening method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010464795.7A CN111683067A (en) | 2020-05-28 | 2020-05-28 | Method, system and readable storage medium for screening decoration mode and request based on jdbc |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010464795.7A CN111683067A (en) | 2020-05-28 | 2020-05-28 | Method, system and readable storage medium for screening decoration mode and request based on jdbc |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111683067A true CN111683067A (en) | 2020-09-18 |
Family
ID=72434818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010464795.7A Pending CN111683067A (en) | 2020-05-28 | 2020-05-28 | Method, system and readable storage medium for screening decoration mode and request based on jdbc |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111683067A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077284A (en) * | 2013-03-26 | 2014-10-01 | 中国移动通信集团湖北有限公司 | Data security access method and data security access system |
| CN105721507A (en) * | 2016-04-21 | 2016-06-29 | 中国科学院软件研究所 | Basic support system and method for data sharing service platform based on JDBC (Java Data Base Connectivity)-long message |
| CN106067881A (en) * | 2016-06-24 | 2016-11-02 | 泰康保险集团股份有限公司 | Data Access Security control method based on OS/400, Apparatus and system |
| US20170331826A1 (en) * | 2016-05-11 | 2017-11-16 | International Business Machines Corporation | Hybrid database access control in external-to-database security systems |
| CN110069941A (en) * | 2019-03-15 | 2019-07-30 | 深圳市买买提信息科技有限公司 | A kind of interface access authentication method, apparatus and computer-readable medium |
-
2020
- 2020-05-28 CN CN202010464795.7A patent/CN111683067A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077284A (en) * | 2013-03-26 | 2014-10-01 | 中国移动通信集团湖北有限公司 | Data security access method and data security access system |
| CN105721507A (en) * | 2016-04-21 | 2016-06-29 | 中国科学院软件研究所 | Basic support system and method for data sharing service platform based on JDBC (Java Data Base Connectivity)-long message |
| US20170331826A1 (en) * | 2016-05-11 | 2017-11-16 | International Business Machines Corporation | Hybrid database access control in external-to-database security systems |
| CN106067881A (en) * | 2016-06-24 | 2016-11-02 | 泰康保险集团股份有限公司 | Data Access Security control method based on OS/400, Apparatus and system |
| CN110069941A (en) * | 2019-03-15 | 2019-07-30 | 深圳市买买提信息科技有限公司 | A kind of interface access authentication method, apparatus and computer-readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107395767B (en) | Message pushing system and method based on long connection | |
| US10972461B2 (en) | Device aware network communication management | |
| US6529784B1 (en) | Method and apparatus for monitoring computer systems and alerting users of actual or potential system errors | |
| US10268474B2 (en) | Network slice selection in a mobile network | |
| CN110855676B (en) | Network attack processing method and device and storage medium | |
| US8099588B2 (en) | Method, system and computer program for configuring firewalls | |
| CN113704767A (en) | Vulnerability scanning engine and vulnerability worksheet management fused vulnerability management system | |
| CN107733706A (en) | The illegal external connection monitoring method and system of a kind of no agency | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN101557584A (en) | Method for realizing application authority control of mobile terminal and device | |
| WO2021234464A2 (en) | Systems and methods for device detection and registration | |
| CN113225339B (en) | Network security monitoring method and device, computer equipment and storage medium | |
| CN113572757B (en) | Server access risk monitoring method and device | |
| EP2651073A2 (en) | Method for registering and providing notice of a trap event, and terminal using same | |
| US20060143717A1 (en) | Computer network monitoring method and device | |
| CN114531467B (en) | Information processing method, equipment and system | |
| US20150127831A1 (en) | Method and device for enabling or disabling server in wireless communication system | |
| KR101658450B1 (en) | Security device using transaction information obtained from web application server and proper session id | |
| CN114153705A (en) | Data monitoring method and device based on configuration management database | |
| KR101233934B1 (en) | Integrated Intelligent Security Management System and Method | |
| CN111371811B (en) | Resource calling method, resource calling device, client and service server | |
| CN113626789A (en) | User operation request processing method and device and electronic equipment | |
| WO2023169097A1 (en) | 5g message terminal identification method, service platform and storage medium | |
| CN111683067A (en) | Method, system and readable storage medium for screening decoration mode and request based on jdbc | |
| CN115208671B (en) | Firewall configuration method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200918 |
|
| RJ01 | Rejection of invention patent application after publication |