CN112115517A - Database plug-in inspection method, device, equipment and medium - Google Patents

Database plug-in inspection method, device, equipment and medium Download PDF

Info

Publication number
CN112115517A
CN112115517A CN202011018936.9A CN202011018936A CN112115517A CN 112115517 A CN112115517 A CN 112115517A CN 202011018936 A CN202011018936 A CN 202011018936A CN 112115517 A CN112115517 A CN 112115517A
Authority
CN
China
Prior art keywords
database
plug
database plug
signature
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011018936.9A
Other languages
Chinese (zh)
Inventor
车晓瑶
王建华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingbase Information Technologies Co Ltd
Original Assignee
Beijing Kingbase Information Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingbase Information Technologies Co Ltd filed Critical Beijing Kingbase Information Technologies Co Ltd
Priority to CN202011018936.9A priority Critical patent/CN112115517A/en
Publication of CN112115517A publication Critical patent/CN112115517A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons

Abstract

The embodiment of the disclosure relates to a method, a device, equipment and a medium for checking a database plug-in, wherein the method comprises the following steps: encrypting the database plug-in after first security check is carried out on the database plug-in, and storing a secret key; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.

Description

Database plug-in inspection method, device, equipment and medium
Technical Field
The present disclosure relates to the field of database technologies, and in particular, to a method, an apparatus, a device, and a medium for checking a database plug-in.
Background
With the rapid development of computer technology, the application of databases is becoming more and more extensive, and some databases provide plug-in (Plugin) ways to expand the functions of databases, which is convenient for users to use. The database system can provide system plug-ins, users can also realize custom plug-ins, and the existing system plug-ins can be replaced by the custom plug-ins, so that the database system needs to be checked before the plug-ins are loaded, and the safety of the plug-ins is guaranteed.
Currently, it is common to check whether the plug-ins loaded in the database are correct by the database version, macro definition of the function, or a special Magic Number (Magic Number). However, the above-mentioned verification method is relatively simple, and cannot detect that the plug-in is tampered or replaced, and the security is low.
Disclosure of Invention
To solve the technical problem or at least partially solve the technical problem, the present disclosure provides a method, an apparatus, a device, and a medium for verifying a database plug-in.
The embodiment of the disclosure provides a method for checking a database plug-in, which comprises the following steps:
encrypting the database plug-in after first security check is carried out on the database plug-in, and storing a secret key;
and loading the target database plug-in to be loaded into the database after executing second security check on the target database plug-in to be loaded based on the key.
The embodiment of the present disclosure further provides an apparatus for verifying a database plug-in, where the apparatus includes:
the first checking module is used for encrypting the database plug-in after first safety checking is carried out on the database plug-in and storing a secret key;
and the second checking module is used for loading the target database plug-in to be loaded into the database after executing second security check on the basis of the key.
An embodiment of the present disclosure further provides an electronic device, which includes: a processor; a memory for storing the processor-executable instructions; the processor is used for reading the executable instructions from the memory and executing the instructions to realize the verification method of the database plug-in provided by the embodiment of the disclosure.
The embodiment of the present disclosure also provides a computer-readable storage medium, which stores a computer program for executing the method for verifying the database plug-in provided by the embodiment of the present disclosure.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: according to the verification scheme of the database plug-in, the database plug-in is encrypted after first security verification is performed, and a secret key is stored; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a method for verifying a database plug-in according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart illustrating another database plug-in verification method according to an embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of an apparatus for verifying a database plug-in provided in an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a flowchart illustrating a database plug-in verification method according to an embodiment of the present disclosure, where the method may be performed by a database plug-in verification apparatus, where the apparatus may be implemented in software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 1, the method includes:
step 101, encrypting the database plug-in after the first security check is performed, and storing the key.
The database plug-ins are loaded into the database and can be used for expanding the functions of the database, different database plug-ins usually have different functions, and the number of the database plug-ins can be multiple, and is not limited specifically. The specific database and the database plug-in are not limited in the embodiments of the present disclosure, for example, the database may be Mysql, PostgreSQL, KingbaseES, and the like. The first security check refers to a pre-security check before the database plug-in is loaded into the database, and the first security check may include a white-box check for checking a source code of the database plug-in and/or a black-box check for checking the database plug-in as a whole.
In this embodiment of the present disclosure, encrypting after performing the first security check on the database plugin, and storing the key may include: performing white box inspection and/or black box inspection on the database plug-in to obtain a first inspection result; and if the first verification result is that the verification is passed, encrypting the database plug-in and storing the key. When the source code of the database plug-in can be acquired, white box inspection or white box inspection and black box inspection can be executed; when the source code of the database plug-in is not available, then only black box verification may be performed. When the first inspection result is that the inspection is passed, encrypting the database plug-in and storing the key in the database for later use; and when the first check result is that the check is not passed, sending a notice that the check is not passed to the user.
The white box check may include security check, vulnerability check, Performance test and the like performed on the source code of the database plug-in, where the security check is to check whether the source code of the database plug-in is embedded with malicious codes such as trojans, viruses and the like, the vulnerability check is to check whether the source code of the database plug-in is embedded with malicious codes such as memory overflow, Structured Query Language (SQL) injection and the like, and the Performance test is to test the execution Performance performed after the database plug-in is loaded in a test manner, and may be a tpc (transaction Processing Performance council) test, for example, and the Performance of the database plug-in is determined by specific indexes.
The black box inspection is an inspection performed only when the compiled library file is available, and may specifically include all function tests, input parameter boundary value tests, security checks, performance tests, and the like for the database plug-in. The whole function test is to perform a full coverage test on all functions of the database plug-in and verify an expected result, for example, for a data plug-in with a function of password complexity check, it may be tested whether it can be detected that the complexity of the password does not meet a preset requirement. The input parameter boundary value test is to perform a full coverage test on all input parameter boundary values of the database plugin and verify an expected result, for example, it may be tested whether the database plugin can detect that the input character length does not meet a preset requirement. The security check can be a security check of the database plug-in by using a virus check tool, a memory check tool, an SQL injection tool and the like. The performance test was performed in the same manner as in the white box test described above.
In the embodiment of the present disclosure, encrypting the database plug-in and storing the key may include: determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature; and storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner. Optionally, the preset encryption algorithm includes a national encryption algorithm.
In the embodiment of the present disclosure, the specific algorithm adopted by the preset encryption algorithm is not limited, the national encryption algorithm is only an example, and other encryption algorithms may also be applicable. The cryptographic algorithm is a national standard algorithm, and may include SM2, SM3, SM4, and the like, the cryptographic algorithm SM2 is a signature algorithm, the cryptographic algorithm SM3 is a digest algorithm, and the cryptographic algorithm SM4 is a group symmetric encryption algorithm.
In the embodiment of the disclosure, when the preset encryption algorithm is a national secret algorithm, the digest can be calculated by the database plugin by adopting a national secret SM3 algorithm, and then the digest obtained by calculation is signed by adopting a national secret SM2 algorithm to obtain a first signature; and then, storing the plug-in information of the database plug-in and the corresponding first signature into the database in an associated manner for later use. The plug-in information of the database plug-in can be a plug-in name or a plug-in identifier, and the like, and specifically, the plug-in information of the database plug-in and a corresponding first signature can be stored in a plug-in signature library of the database, the safety of the plug-in signature library is ensured by a transparent encryption engine of the database, when the database is subjected to patch upgrading, the plug-in signature library is synchronously upgraded, and the plug-in signature is ensured to be timely updated.
And 102, after second security check is carried out on the target database plug-in to be loaded based on the key, the target database plug-in is loaded into the database.
The target database plug-in is one of a plurality of database plug-ins passing the first security check, and is a database plug-in to be loaded into a database. The second security check refers to the security check performed by the database when the target database plug-in is loaded.
In this embodiment of the disclosure, after performing the second security check on the target database plug-in to be loaded based on the key, loading the target database plug-in to the database may include: determining the abstract of the target database plug-in by adopting a preset encryption algorithm and signing to obtain a second signature; acquiring a first signature corresponding to a target database plug-in; and loading the target database plug-in into the database based on the comparison result of the second signature and the first signature corresponding to the target database plug-in. Specifically, loading the target database plugin into the database based on the comparison result of the second signature and the first signature includes: and if the second signature is the same as the first signature corresponding to the target database plug-in, loading the target database plug-in into the database.
The preset encryption algorithm used here is the same as the preset encryption algorithm after the first security check described above. When the preset encryption algorithm is a national secret algorithm, the second security check process includes the steps of firstly calculating the abstract of the database plug-in by using the national secret SM3 algorithm, signing the calculated abstract by using the national secret SM2 algorithm to obtain a second signature, and inquiring the plug-in signature library from the plug-in signature library of the database based on the plug-in information of the target database plug-in to obtain a first signature corresponding to the target database plug-in. If the second signature currently determined by the target database plugin is the same as the first signature stored before, the second security check on the target database plugin can be determined to be passed, and the target database plugin is loaded into the database; if the second signature currently determined by the target database plugin is different from the previously stored first signature, it may be determined that the second security check on the target database plugin failed, and the target database plugin is rejected for loading.
In the embodiment of the disclosure, for the database plug-in which the security inspection is performed in the front, the database plug-in which the security inspection is performed needs to be performed again during loading, the database plug-in which the security inspection is performed is allowed to be loaded into the database, and the database plug-in which the security inspection is not performed rejects loading, so that the security of the database plug-in loaded into the database is ensured through double inspection.
According to the verification scheme of the database plug-in, the database plug-in is encrypted after first security verification is performed, and a secret key is stored; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Fig. 2 is a schematic flow chart of another database plug-in verification method provided in the embodiment of the present disclosure, and the embodiment further optimizes the database plug-in verification method based on the above embodiment. As shown in fig. 2, the method includes:
step 201, performing a white box test and/or a black box test on the database plug-in, and obtaining a first test result.
The white box inspection is used for inspecting the source codes of the database plug-ins, and the black box inspection is used for inspecting the whole database plug-ins.
Step 202, whether the first inspection result is passed through the inspection is judged, and if yes, step 203 is executed; otherwise, step 210 is performed.
And 203, determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature.
The preset encryption algorithm comprises a national encryption algorithm.
And 204, storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner.
And step 205, determining the abstract of the target database plug-in to be loaded by adopting a preset encryption algorithm and signing to obtain a second signature.
And step 206, acquiring a first signature corresponding to the target database plug-in.
Step 207, whether the second signature is the same as the first signature corresponding to the target database plug-in, if so, executing step 208; otherwise, step 209 is performed.
And step 208, loading the target database plug-in into the database.
Step 209, refusing to load the target database plug-in.
Step 210, a notification that the verification failed is sent to the user.
For example, in the embodiment of the present disclosure, the database performs a pre-security check on the developed database plug-in, since the source code of the database plug-in can be obtained, the white box check can be performed on the source code of the database plug-in, for the database plug-in that passes the check, the digest can be generated using the SM3 algorithm, and the digest is signed using the SM2 algorithm and stored in the signature plug-in library of the database. When the database is loaded with the database plug-ins, the database plug-ins are generated with an abstract by using a State secret SM3 algorithm, a current signature is generated by using a State secret SM3, the corresponding signature can be taken out from the plug-in signature library through the name of the plug-ins, if the current signature is the same as the signature stored in the previous plug-in signature library, the signature passes verification, and the plug-ins are loaded.
The embodiment of the disclosure provides a front-end security inspection for a database plug-in, which specifically includes a white box inspection and/or a black box inspection, and then a secondary security inspection can be performed based on a cryptographic algorithm, and the database plug-in is loaded after the inspection is passed, so that the security of the database plug-in loaded into a database is ensured, and further, the security of the database is improved.
According to the verification scheme of the database plug-in, white box verification and/or black box verification are/is carried out on the database plug-in to obtain a first verification result, if the first verification result is that the database plug-in passes the verification, the abstract of the database plug-in is determined by adopting a preset encryption algorithm and signed to obtain a first signature, and plug-in information of the database plug-in and the corresponding first signature are stored in an associated mode; determining the abstract of a target database plugin to be loaded by adopting a preset encryption algorithm, signing to obtain a second signature, obtaining a first signature corresponding to the target database plugin, and loading the target database plugin into the database if the second signature is the same as the first signature corresponding to the target database plugin; and if the second signature is different from the first signature corresponding to the target database plug-in, refusing to load the target database plug-in. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Fig. 3 is a schematic structural diagram of an apparatus for verifying a database plug-in provided in an embodiment of the present disclosure, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 3, the apparatus includes:
the first verification module 301 is configured to encrypt the database plugin after performing a first security verification on the database plugin, and store a key;
and the second verification module 302 is configured to load the target database plug-in to be loaded into the database after performing a second security verification on the target database plug-in to be loaded based on the key.
According to the verification scheme of the database plug-in, the database plug-in is encrypted after first security verification is performed, and a secret key is stored; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Optionally, the first security check includes a white box check for checking a source code of the database plug-in and/or a black box check for checking the database plug-in as a whole.
Optionally, the first checking module 301 is specifically configured to:
performing the white box test and/or the black box test on the database plug-in to obtain a first test result;
and if the first verification result is that the verification is passed, encrypting the database plug-in and storing a secret key.
Optionally, the first checking module 301 is specifically configured to:
determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature;
and storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner.
Optionally, the preset encryption algorithm includes a national encryption algorithm.
Optionally, the second verification module 302 is specifically configured to:
determining the abstract of the target database plug-in by adopting the preset encryption algorithm and signing to obtain a second signature;
acquiring a first signature corresponding to the target database plug-in;
and loading the target database plug-in into a database based on the comparison result of the second signature and the first signature corresponding to the target database plug-in.
Optionally, the second verification module 302 is specifically configured to:
and if the second signature is the same as the first signature corresponding to the target database plugin, loading the target database plugin into a database.
The database plug-in inspection device provided by the embodiment of the disclosure can execute the database plug-in inspection method provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 4, the electronic device 400 includes one or more processors 401 and memory 402.
The processor 401 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 400 to perform desired functions.
Memory 402 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by processor 401 to implement the database plug-in verification method of the embodiments of the present disclosure described above and/or other desired functions. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the electronic device 400 may further include: an input device 403 and an output device 404, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
The input device 403 may also include, for example, a keyboard, a mouse, and the like.
The output device 404 may output various information to the outside, including the determined distance information, direction information, and the like. The output devices 404 may include, for example, a display, speakers, a printer, and a communication network and its connected remote output devices, among others.
Of course, for simplicity, only some of the components of the electronic device 400 relevant to the present disclosure are shown in fig. 4, omitting components such as buses, input/output interfaces, and the like. In addition, electronic device 400 may include any other suitable components depending on the particular application.
In addition to the above methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the database plug-in verification method provided by embodiments of the present disclosure.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the database plug-in verification method provided by embodiments of the present disclosure.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for verifying a database plug-in, comprising:
encrypting the database plug-in after first security check is carried out on the database plug-in, and storing a secret key;
and loading the target database plug-in to be loaded into the database after executing second security check on the target database plug-in to be loaded based on the key.
2. The method of claim 1, wherein the first security check comprises a white-box check for checking a source code of the database plug-in and/or a black-box check for checking an entirety of the database plug-in.
3. The method of claim 2, wherein encrypting and storing the key after performing the first security check on the database plug-in comprises:
performing the white box test and/or the black box test on the database plug-in to obtain a first test result;
and if the first verification result is that the verification is passed, encrypting the database plug-in and storing a secret key.
4. The method of claim 3, wherein encrypting the database plug-in and storing a key comprises:
determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature;
and storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner.
5. The method of claim 4, wherein the predetermined encryption algorithm comprises a national encryption algorithm.
6. The method of claim 4, wherein the loading into the database after performing the second security check on the target database plug-in to be loaded based on the key comprises:
determining the abstract of the target database plug-in by adopting the preset encryption algorithm and signing to obtain a second signature;
acquiring a first signature corresponding to the target database plug-in;
and loading the target database plug-in into a database based on the comparison result of the second signature and the first signature corresponding to the target database plug-in.
7. The method of claim 6, wherein loading the target database plugin into a database based on the comparison of the second signature and the first signature corresponding to the target database plugin comprises:
and if the second signature is the same as the first signature corresponding to the target database plugin, loading the target database plugin into a database.
8. An apparatus for verifying a database plug-in, comprising:
the first checking module is used for encrypting the database plug-in after first safety checking is carried out on the database plug-in and storing a secret key;
and the second checking module is used for loading the target database plug-in to be loaded into the database after executing second security check on the basis of the key.
9. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instructions from the memory and executing the instructions to realize the database plug-in verification method of any one of the claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program for executing the database plug-in verification method according to any one of claims 1 to 7.
CN202011018936.9A 2020-09-24 2020-09-24 Database plug-in inspection method, device, equipment and medium Pending CN112115517A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011018936.9A CN112115517A (en) 2020-09-24 2020-09-24 Database plug-in inspection method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011018936.9A CN112115517A (en) 2020-09-24 2020-09-24 Database plug-in inspection method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN112115517A true CN112115517A (en) 2020-12-22

Family

ID=73801574

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011018936.9A Pending CN112115517A (en) 2020-09-24 2020-09-24 Database plug-in inspection method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN112115517A (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007021775A2 (en) * 2005-08-09 2007-02-22 Adesso Systems, Inc. A method for providing extensible software components within a distributed synchronization system
US20080059479A1 (en) * 2006-09-06 2008-03-06 Cheng-Fang Lin Method and apparatus for invoking a plug-in on a server
US20110314266A1 (en) * 2010-06-17 2011-12-22 Microsoft Corporation On-demand database server startup and shutdown
CN102880456A (en) * 2012-07-31 2013-01-16 北京奇虎科技有限公司 Method and device for creating plug-in
CN105119888A (en) * 2015-07-10 2015-12-02 小米科技有限责任公司 Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device
CN105404815A (en) * 2015-11-05 2016-03-16 株洲南车时代电气股份有限公司 Anti-counterfeiting method and system for host plug-in of secure computer platform
CN106549768A (en) * 2016-12-08 2017-03-29 上海众人网络安全技术有限公司 A kind of method and system of time type plug-in authentication
WO2017197869A1 (en) * 2016-05-19 2017-11-23 中兴通讯股份有限公司 Version file checking method and apparatus, encryption method and apparatus, and storage medium
CN107704584A (en) * 2017-10-09 2018-02-16 易联众信息技术股份有限公司 A kind of method of payment using database application plug-in unit
CN110162980A (en) * 2019-05-31 2019-08-23 上交所技术有限责任公司 A kind of method of one-stop safety test and management in software development process
CN110443039A (en) * 2019-08-09 2019-11-12 北京阿尔山区块链联盟科技有限公司 Detection method, device and the electronic equipment of plug-in security
CN110474898A (en) * 2019-08-07 2019-11-19 北京明朝万达科技股份有限公司 Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing
CN110569088A (en) * 2019-09-09 2019-12-13 五八有限公司 client plug-in management method and device, electronic equipment and storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007021775A2 (en) * 2005-08-09 2007-02-22 Adesso Systems, Inc. A method for providing extensible software components within a distributed synchronization system
US20080059479A1 (en) * 2006-09-06 2008-03-06 Cheng-Fang Lin Method and apparatus for invoking a plug-in on a server
US20110314266A1 (en) * 2010-06-17 2011-12-22 Microsoft Corporation On-demand database server startup and shutdown
CN102880456A (en) * 2012-07-31 2013-01-16 北京奇虎科技有限公司 Method and device for creating plug-in
CN105119888A (en) * 2015-07-10 2015-12-02 小米科技有限责任公司 Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device
CN105404815A (en) * 2015-11-05 2016-03-16 株洲南车时代电气股份有限公司 Anti-counterfeiting method and system for host plug-in of secure computer platform
WO2017197869A1 (en) * 2016-05-19 2017-11-23 中兴通讯股份有限公司 Version file checking method and apparatus, encryption method and apparatus, and storage medium
CN106549768A (en) * 2016-12-08 2017-03-29 上海众人网络安全技术有限公司 A kind of method and system of time type plug-in authentication
CN107704584A (en) * 2017-10-09 2018-02-16 易联众信息技术股份有限公司 A kind of method of payment using database application plug-in unit
CN110162980A (en) * 2019-05-31 2019-08-23 上交所技术有限责任公司 A kind of method of one-stop safety test and management in software development process
CN110474898A (en) * 2019-08-07 2019-11-19 北京明朝万达科技股份有限公司 Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing
CN110443039A (en) * 2019-08-09 2019-11-12 北京阿尔山区块链联盟科技有限公司 Detection method, device and the electronic equipment of plug-in security
CN110569088A (en) * 2019-09-09 2019-12-13 五八有限公司 client plug-in management method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US8356351B2 (en) Method and device for verification of code module in virtual machine
KR101804996B1 (en) Centralized operation management
US10372914B2 (en) Validating firmware on a computing device
JP5398824B2 (en) Using temporary PCR to achieve reliability in the application space of secure processing systems
JP5745061B2 (en) Authenticating the use of interactive components during the boot process
US20160381075A1 (en) Methods and apparatus for generating and using security assertions associated with containers in a computing environment
US20160098555A1 (en) Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method
US7962952B2 (en) Information processing apparatus that executes program and program control method for executing program
US11533182B2 (en) Identity-based security platform and methods
US20220382874A1 (en) Secure computation environment
CN106709336A (en) Method and apparatus for identifying malware
US20200327227A1 (en) Method of speeding up a full antivirus scan of files on a mobile device
US9122864B2 (en) Method and apparatus for transitive program verification
JP6765554B2 (en) Software test equipment, software test methods, and software test programs
US9965625B2 (en) Control system and authentication device
KR101482700B1 (en) Method For Verifying Integrity of Program Using Hash
KR102518980B1 (en) Method, device and computer-readable recording medium for analyzing and processing malicious code for container images
KR20100028026A (en) Method and apparatus for changing and adding activation keys for functions of digital content without having to change and recompile the digital content
CN102982279A (en) Computer aided design virus infection prevention system and computer aided design virus infection prevention method
US11716319B2 (en) Software deployment certification
CN112115517A (en) Database plug-in inspection method, device, equipment and medium
KR20180094623A (en) A file integrity test in linux environment device and method
US20230409694A1 (en) Secure Device Tracking Via Device Ownership Service
CN112231694A (en) Database detection method, device, equipment and medium
CN113901088A (en) Parameter checking method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination