CN111741032B - Data transmission control method - Google Patents
Data transmission control method Download PDFInfo
- Publication number
- CN111741032B CN111741032B CN202010873590.4A CN202010873590A CN111741032B CN 111741032 B CN111741032 B CN 111741032B CN 202010873590 A CN202010873590 A CN 202010873590A CN 111741032 B CN111741032 B CN 111741032B
- Authority
- CN
- China
- Prior art keywords
- request
- application
- data transmission
- address
- special mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Abstract
The invention relates to the technical field of data transmission control, in particular to a data transmission control method, a device and a system; each server in the data transmission control system executes the following steps: s1: configuring application interface information and safety application information, storing the received data in an application memory, regularly pulling the configuration information of the console, and configuring a white list in the synchronous server into the application memory; s2: when the application receives the request, acquiring a special mark of the request in a message of the request, and storing the identified special mark in global information; s3: identifying a request protocol transmitted by an application to the outside, identifying a request address according to the transmission protocol, and verifying whether a special mark is carried; s4: it is checked that the request is terminated if the transport address is not secure. The invention is used for solving the problems of incomplete access system and uncontrollable data transmission in the existing data transmission process.
Description
Technical Field
The invention relates to the technical field of data transmission control, in particular to a data transmission control method.
Background
During the performance test of the production environment, a pressure test request usually flows through a plurality of sets of business systems. In the process of application transformation online, the situation that partial application completes full link pressure measurement transformation and partial application does not complete transformation exists for a long time. If a request is invoked from a service that has completed a transformation to a service that has not completed a transformation, it can cause problems with the pressure measurement request entering the production environment. In view of the problem that the incomplete reconstruction service in the prior art causes the pressure measurement request to enter the production environment, a data transmission control method is provided.
Disclosure of Invention
The invention aims to provide a data transmission control method, which is used for solving the problems of incomplete access system and uncontrollable data transmission in the existing data transmission process.
In order to achieve the purpose, the technical scheme of the invention is as follows:
a data transmission control method is used in a data transmission control system comprising a plurality of servers, and each server in the data transmission control system executes the following steps:
s1: configuring application interface information and safety application information, storing the received data in an application memory, regularly pulling the configuration information of the console, and configuring a white list in the synchronous server into the application memory;
s2: when the application receives the request, acquiring a special mark of the request in a message of the request, and storing the identified special mark in global information for verifying the verification of a data transmission destination terminal;
s3: identifying a request protocol transmitted by an application to the outside, identifying a request address according to the transmission protocol, verifying whether a special mark is carried, and if the special mark is carried, verifying whether the request address is consistent with an application memory;
s4: if the transmission address is not safe, the request is terminated, and the transmission destination address is marked as an unsafe address in an error reporting mode.
Specifically, the periodic time period in S1 is 5 minutes.
Specifically, the identification of the request protocol for the external transmission of the application in S3 is to identify the pressure measurement request for the external transmission of the application, and when the request is sent, a request special identifier is added according to the request protocol to notify that the application is a special request, where the special identifier is a PT keyword.
Specifically, the request address in S3 includes the request IP port number and the attached information.
A data transmission control device comprises a transmission receiving protocol identification module, a transmission sending protocol identification module and a transmission check module, wherein the transmission receiving protocol identification module is used for identifying whether a transmission protocol is a trusted source when different data transmission modules receive requests, marking the trusted source in an application memory and providing help for application downstream use; the transmission sending protocol identification module is used for identifying the data transmission sending module, intercepting transmission sending data when data transmission operation occurs, and identifying a destination address of external transmission; and the transmission checking module is used for checking the external transmission address in the memory when identifying the external data transmission, allowing the transmission sending module to transmit the data after the verification is passed, and otherwise, terminating the operation when the target address is found to be an unsafe address.
A data transmission control system comprises a plurality of servers and a plurality of applications interacted with the servers, wherein the servers are used for receiving requests of the applications, storing data transmission security configuration in an application memory for data verification when the applications receive response results of the servers, and verifying a transmission sending protocol according to the data transmission security configuration stored by a server when each application receives the transmission request, verifying whether the transmission sending protocol is stored in the security configuration of the application memory, and performing abnormal termination operation on the transmission protocol which is not in the security configuration.
Specifically, each server establishes a connection with the terminal through a transmission control protocol/internet protocol.
The invention has the beneficial effects that: the invention solves the problems of incomplete access system and uncontrollable data transmission in the existing data transmission process, each application can be synchronously transmitted to a white list from a server, the external transmission applications of all the applications are verified, the transmission is released after the verification is passed, the transmission is abnormally terminated after the verification fails, and the pressure measurement flow can be effectively prevented from escaping into the production flow.
Drawings
Fig. 1 is a block diagram of a data transmission control system according to an embodiment of the present invention;
fig. 2 is a flowchart of a data transmission control method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the existing data transmission control system, each application has a complex data transmission calling process, and data pollution which is difficult to estimate can be caused by data transmission which is not allowed.
Based on the problem, the invention provides a data transmission control method, a device and a system, which solve the problem of uncontrollable data pollution under the condition that data transmission cannot be determined; each application in the data transmission control of the invention can synchronously transmit a white list from a server; and checking all applied external transmission applications, releasing the transmission after the checking is passed, and performing abnormal termination processing on the transmission after the checking is failed.
Referring to fig. 2, a data transmission control method provided in an embodiment of the present invention is applied to a data transmission control system including a plurality of servers, and for each application in the data transmission control system, the following steps may be performed:
s201, configuring application interface information and safety application information, storing received data in an application memory, regularly pulling console configuration information, and configuring a white list in a synchronous server into the application memory.
Further, the present invention relates to a periodic time period of 5 minutes.
Further, the configuration application interface information and the security application information in the security application information related to the present invention are: and the application connected with the application sends the information of the safety application with the application configuration.
Further, each server related to the present invention may establish a connection with the terminal through a Transmission Control Protocol/Internet Protocol (TCP/IP), and the data sent by the terminal may be of various types, that is, may be determined according to different application scenarios, for example, the data sent by the terminal includes, but is not limited to, IP address data of a remote call server, and the like.
Furthermore, each server related to the present invention may be configured with a server list in advance on each application in order to pull data into the application memory, where the server list includes information such as IP addresses of the server and subsequent servers that need to be synchronized with the server, so that each server can store the data received by itself according to the server list configured by itself.
Wherein, the configured server list is a dynamic update list.
S202: when the application receives the request, the special mark of the request is obtained in the message of the request, and the identified special mark is stored in the global information for verifying the verification of the data transmission destination terminal.
Further, the application receiving request is a pressure measurement request, and when the request is sent, a request special mark is added according to a request protocol to inform the application of the special request.
Further, the invention relates to special labels denoted PT keys.
Furthermore, after the application receives the pressure measurement request, the application identifies the special mark of the request, stores the request mark in the local thread storage, and is used for marking the working thread state of the processing request, and in the subsequent processing process, the special mark can be acquired through a uniform thread variable and used as a uniform judgment standard of downstream processing.
Furthermore, the request identification of the invention is the dynamic reconstruction of the middleware for receiving the request, and the dynamic bytecode enhancement technology is adopted to carry out the reconstruction before the operation of the request receiving middleware, thereby ensuring that the service code is not invaded and reducing the implementation complexity.
S203: identifying a request protocol transmitted by an application to the outside, identifying a request address according to the transmission protocol, verifying whether a special mark is carried, if the special mark is carried, verifying whether the request address is consistent with an application memory, intercepting external request call, and keeping the state stored by the mark in the identification in S202 for verification.
Further, the specific step of intercepting the external request call related by the present invention is to dynamically add a judgment logic in the middleware of the request protocol sent to the outside, aiming at performing data preparation for the intercepting operation of S204.
Furthermore, the intercepting of the external request related by the invention requires the verification of the middleware of the request, and when the mark in the thread is matched, the corresponding verification logic is made, and the address of the external request, which mainly obtains the request address, comprises the request IP port number and the attached information.
Furthermore, for each application related to the present invention, it is only necessary to determine that the thread memory contains a request with a special mark, and the request without the special mark is not processed.
S204: if the request is not the safe transmission address, the request is terminated, the transmission destination address is marked as the unsafe address in an error reporting mode, namely whether the call is an external call is verified to be a white list request, and if the call is not the white list request, the request is terminated.
Further, the verification according to the present invention includes three parts, namely, a requested address, a requested security list in the application memory, and a special indication in the thread memory.
The fuzzy matching is needed to be carried out on the request address and the request safety list in the memory, and the condition that the application performance is influenced by overlong safety list due to the fact that different parameters are carried by special request addresses is avoided
When the application system is matched with the safety list, the application system carries out request operation according to the previously established request address, and can obtain a specific request result.
When the security list is not matched, the application is interrupted when the secondary request is requested, and the request is refused to a downstream system, so that data pollution is avoided.
A data transmission control device comprises a transmission receiving protocol identification module, a transmission sending protocol identification module and a transmission check module, wherein the transmission receiving protocol identification module is used for identifying whether a transmission protocol is a trusted source when different data transmission modules receive requests, marking the trusted source in an application memory and providing help for application downstream use; the transmission sending protocol identification module is used for identifying the data transmission sending module, intercepting transmission sending data when data transmission operation occurs, and identifying a destination address of external transmission; and the transmission checking module is used for checking the external transmission address in the memory when identifying the external data transmission, allowing the transmission sending module to transmit the data after the verification is passed, and otherwise, terminating the operation when the target address is found to be an unsafe address.
A data transmission control system, refer to fig. 1, the system includes a plurality of servers 110 and a plurality of applications (for example, an application 120, an application 130, or an application 140) interacting with the servers, and is configured to receive requests of the plurality of applications, store data transmission security configurations in an application memory for data verification when the applications receive a response result of the servers, verify a transmission sending protocol according to the data transmission security configurations stored by a server when each application receives a transmission request, verify whether the transmission sending protocol is stored in the security configurations of the application memory, and perform an abnormal termination operation on a transmission protocol not in the security configurations.
Finally, the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all of them should be covered in the claims of the present invention.
Claims (1)
1. A data transmission control method, which is used in a data transmission control system including a plurality of servers, wherein each server in the data transmission control system performs the steps of:
s1: configuring application interface information and safety application information, storing the received data in an application memory, regularly pulling the configuration information of the console, and configuring a white list in the synchronous server into the application memory; the regular time period in S1 is 5 minutes;
s2: when the application receives the request, acquiring a special mark of the request in a message of the request, and storing the identified special mark in global information for verifying the verification of a data transmission destination terminal;
s3: identifying a request protocol transmitted by an application to the outside, identifying a request address according to the transmission protocol, verifying whether a special mark is carried, and if the special mark is carried, verifying whether the request address is consistent with an application memory; identifying that the request protocol transmitted by the application to the outside is a pressure measurement request transmitted by the application to the outside in the S3, adding a request special mark according to the request protocol when sending the request, and notifying that the application is a special request, wherein the special mark is a PT keyword; the request address in S3 includes a request IP port number and affiliation information;
s4: if the transmission address is not safe, the request is terminated, and the transmission destination address is marked as an unsafe address in an error reporting mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010873590.4A CN111741032B (en) | 2020-08-26 | 2020-08-26 | Data transmission control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010873590.4A CN111741032B (en) | 2020-08-26 | 2020-08-26 | Data transmission control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111741032A CN111741032A (en) | 2020-10-02 |
| CN111741032B true CN111741032B (en) | 2021-02-26 |
Family
ID=72658877
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010873590.4A Active CN111741032B (en) | 2020-08-26 | 2020-08-26 | Data transmission control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111741032B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103024933A (en) * | 2011-09-28 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Mobile Internet access system and mobile Internet access method |
| CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
| CN105827634A (en) * | 2016-05-09 | 2016-08-03 | 清华大学 | Safe routing switching method and system, and optimization judgment method of safe routing switching |
| CN106302383A (en) * | 2016-07-22 | 2017-01-04 | 北京奇虎科技有限公司 | The processing method of data access request and processing means |
| CN106330973A (en) * | 2016-10-27 | 2017-01-11 | 国网江苏省电力公司南京供电公司 | Data security exchange method based on black list and white list |
| CN109871320A (en) * | 2019-01-21 | 2019-06-11 | 上海德启信息科技有限公司 | A kind of data processing method, device, application server and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104125244B (en) * | 2013-04-23 | 2019-05-07 | 中兴通讯股份有限公司 | The method and system of forwarding information in a kind of distributed network |
| CN110413594A (en) * | 2019-06-25 | 2019-11-05 | 苏州浪潮智能科技有限公司 | A kind of more example method for testing pressure of Redis and device |
| CN110704312B (en) * | 2019-09-25 | 2023-09-12 | 浙江大搜车软件技术有限公司 | Method, device, computer equipment and storage medium for pressure test |
| CN111343048B (en) * | 2020-02-28 | 2024-04-09 | 深圳市网心科技有限公司 | Pressure testing method and device, computer device and storage medium |
-
2020
- 2020-08-26 CN CN202010873590.4A patent/CN111741032B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103024933A (en) * | 2011-09-28 | 2013-04-03 | 腾讯科技(深圳)有限公司 | Mobile Internet access system and mobile Internet access method |
| CN104063473A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | Database auditing monitoring system and database auditing monitoring method |
| CN105827634A (en) * | 2016-05-09 | 2016-08-03 | 清华大学 | Safe routing switching method and system, and optimization judgment method of safe routing switching |
| CN106302383A (en) * | 2016-07-22 | 2017-01-04 | 北京奇虎科技有限公司 | The processing method of data access request and processing means |
| CN106330973A (en) * | 2016-10-27 | 2017-01-11 | 国网江苏省电力公司南京供电公司 | Data security exchange method based on black list and white list |
| CN109871320A (en) * | 2019-01-21 | 2019-06-11 | 上海德启信息科技有限公司 | A kind of data processing method, device, application server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111741032A (en) | 2020-10-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109800160B (en) | Cluster server fault testing method and related device in machine learning system | |
| CN107241315B (en) | Access method and device of bank gateway interface and computer readable storage medium | |
| CN105897652A (en) | Standard protocol based heterogeneous terminal dynamic access method | |
| KR20170120029A (en) | Method and device for preventing manipulation of a data transmission | |
| CN110677383A (en) | Firewall opening method and device, storage medium and computer equipment | |
| CN112035344A (en) | Multi-scenario test method, device, equipment and computer readable storage medium | |
| CN107948063B (en) | Method for establishing aggregation link and access equipment | |
| CN113821242B (en) | Intelligent firmware matching method and system | |
| CN106571975B (en) | Fault tolerance method and device for communication data | |
| CN111447238A (en) | Data sharing system based on block chain | |
| CN112651044B (en) | Business transaction method, system and storage medium based on block chain technology | |
| WO2022141024A1 (en) | Blockchain technology-based business transaction method and system, and storage medium | |
| CN111741032B (en) | Data transmission control method | |
| CN112732463A (en) | Message subscription method and device based on big data | |
| CN115378841B (en) | Method and device for detecting state of equipment accessing cloud platform, storage medium and terminal | |
| CN113271337B (en) | Method and device for subscribing computer message | |
| WO2023124127A1 (en) | Communication connection method, apparatus and device for host and storage system, and medium | |
| CN116112559A (en) | Remote server management control method, system and storage medium | |
| CN113296911B (en) | Cluster calling method, cluster calling device, electronic equipment and readable storage medium | |
| CN110995756B (en) | Method and device for calling service | |
| CN114257632A (en) | Disconnection reconnection method and device, electronic equipment and readable storage medium | |
| CN111221764B (en) | Cross-link data transmission method and system | |
| CN107451468A (en) | A kind of safety on line detection implementation method of control device | |
| CN110750366A (en) | Message processing method and device, computer equipment and storage medium | |
| US20220026859A1 (en) | Multi-unit cooperative distributed electrical control system and electrical system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |