CN112115517A - Database plug-in inspection method, device, equipment and medium - Google Patents
Database plug-in inspection method, device, equipment and medium Download PDFInfo
- Publication number
- CN112115517A CN112115517A CN202011018936.9A CN202011018936A CN112115517A CN 112115517 A CN112115517 A CN 112115517A CN 202011018936 A CN202011018936 A CN 202011018936A CN 112115517 A CN112115517 A CN 112115517A
- Authority
- CN
- China
- Prior art keywords
- database
- plug
- database plug
- signature
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000007689 inspection Methods 0.000 title abstract description 38
- 238000004422 calculation algorithm Methods 0.000 claims description 44
- 238000012795 verification Methods 0.000 claims description 39
- 238000012360 testing method Methods 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 8
- 235000000332 black box Nutrition 0.000 claims description 2
- 230000006870 function Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 4
- 238000011056 performance test Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
- G06F9/44526—Plug-ins; Add-ons
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the disclosure relates to a method, a device, equipment and a medium for checking a database plug-in, wherein the method comprises the following steps: encrypting the database plug-in after first security check is carried out on the database plug-in, and storing a secret key; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Description
Technical Field
The present disclosure relates to the field of database technologies, and in particular, to a method, an apparatus, a device, and a medium for checking a database plug-in.
Background
With the rapid development of computer technology, the application of databases is becoming more and more extensive, and some databases provide plug-in (Plugin) ways to expand the functions of databases, which is convenient for users to use. The database system can provide system plug-ins, users can also realize custom plug-ins, and the existing system plug-ins can be replaced by the custom plug-ins, so that the database system needs to be checked before the plug-ins are loaded, and the safety of the plug-ins is guaranteed.
Currently, it is common to check whether the plug-ins loaded in the database are correct by the database version, macro definition of the function, or a special Magic Number (Magic Number). However, the above-mentioned verification method is relatively simple, and cannot detect that the plug-in is tampered or replaced, and the security is low.
Disclosure of Invention
To solve the technical problem or at least partially solve the technical problem, the present disclosure provides a method, an apparatus, a device, and a medium for verifying a database plug-in.
The embodiment of the disclosure provides a method for checking a database plug-in, which comprises the following steps:
encrypting the database plug-in after first security check is carried out on the database plug-in, and storing a secret key;
and loading the target database plug-in to be loaded into the database after executing second security check on the target database plug-in to be loaded based on the key.
The embodiment of the present disclosure further provides an apparatus for verifying a database plug-in, where the apparatus includes:
the first checking module is used for encrypting the database plug-in after first safety checking is carried out on the database plug-in and storing a secret key;
and the second checking module is used for loading the target database plug-in to be loaded into the database after executing second security check on the basis of the key.
An embodiment of the present disclosure further provides an electronic device, which includes: a processor; a memory for storing the processor-executable instructions; the processor is used for reading the executable instructions from the memory and executing the instructions to realize the verification method of the database plug-in provided by the embodiment of the disclosure.
The embodiment of the present disclosure also provides a computer-readable storage medium, which stores a computer program for executing the method for verifying the database plug-in provided by the embodiment of the present disclosure.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: according to the verification scheme of the database plug-in, the database plug-in is encrypted after first security verification is performed, and a secret key is stored; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flowchart of a method for verifying a database plug-in according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart illustrating another database plug-in verification method according to an embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of an apparatus for verifying a database plug-in provided in an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Fig. 1 is a flowchart illustrating a database plug-in verification method according to an embodiment of the present disclosure, where the method may be performed by a database plug-in verification apparatus, where the apparatus may be implemented in software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 1, the method includes:
The database plug-ins are loaded into the database and can be used for expanding the functions of the database, different database plug-ins usually have different functions, and the number of the database plug-ins can be multiple, and is not limited specifically. The specific database and the database plug-in are not limited in the embodiments of the present disclosure, for example, the database may be Mysql, PostgreSQL, KingbaseES, and the like. The first security check refers to a pre-security check before the database plug-in is loaded into the database, and the first security check may include a white-box check for checking a source code of the database plug-in and/or a black-box check for checking the database plug-in as a whole.
In this embodiment of the present disclosure, encrypting after performing the first security check on the database plugin, and storing the key may include: performing white box inspection and/or black box inspection on the database plug-in to obtain a first inspection result; and if the first verification result is that the verification is passed, encrypting the database plug-in and storing the key. When the source code of the database plug-in can be acquired, white box inspection or white box inspection and black box inspection can be executed; when the source code of the database plug-in is not available, then only black box verification may be performed. When the first inspection result is that the inspection is passed, encrypting the database plug-in and storing the key in the database for later use; and when the first check result is that the check is not passed, sending a notice that the check is not passed to the user.
The white box check may include security check, vulnerability check, Performance test and the like performed on the source code of the database plug-in, where the security check is to check whether the source code of the database plug-in is embedded with malicious codes such as trojans, viruses and the like, the vulnerability check is to check whether the source code of the database plug-in is embedded with malicious codes such as memory overflow, Structured Query Language (SQL) injection and the like, and the Performance test is to test the execution Performance performed after the database plug-in is loaded in a test manner, and may be a tpc (transaction Processing Performance council) test, for example, and the Performance of the database plug-in is determined by specific indexes.
The black box inspection is an inspection performed only when the compiled library file is available, and may specifically include all function tests, input parameter boundary value tests, security checks, performance tests, and the like for the database plug-in. The whole function test is to perform a full coverage test on all functions of the database plug-in and verify an expected result, for example, for a data plug-in with a function of password complexity check, it may be tested whether it can be detected that the complexity of the password does not meet a preset requirement. The input parameter boundary value test is to perform a full coverage test on all input parameter boundary values of the database plugin and verify an expected result, for example, it may be tested whether the database plugin can detect that the input character length does not meet a preset requirement. The security check can be a security check of the database plug-in by using a virus check tool, a memory check tool, an SQL injection tool and the like. The performance test was performed in the same manner as in the white box test described above.
In the embodiment of the present disclosure, encrypting the database plug-in and storing the key may include: determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature; and storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner. Optionally, the preset encryption algorithm includes a national encryption algorithm.
In the embodiment of the present disclosure, the specific algorithm adopted by the preset encryption algorithm is not limited, the national encryption algorithm is only an example, and other encryption algorithms may also be applicable. The cryptographic algorithm is a national standard algorithm, and may include SM2, SM3, SM4, and the like, the cryptographic algorithm SM2 is a signature algorithm, the cryptographic algorithm SM3 is a digest algorithm, and the cryptographic algorithm SM4 is a group symmetric encryption algorithm.
In the embodiment of the disclosure, when the preset encryption algorithm is a national secret algorithm, the digest can be calculated by the database plugin by adopting a national secret SM3 algorithm, and then the digest obtained by calculation is signed by adopting a national secret SM2 algorithm to obtain a first signature; and then, storing the plug-in information of the database plug-in and the corresponding first signature into the database in an associated manner for later use. The plug-in information of the database plug-in can be a plug-in name or a plug-in identifier, and the like, and specifically, the plug-in information of the database plug-in and a corresponding first signature can be stored in a plug-in signature library of the database, the safety of the plug-in signature library is ensured by a transparent encryption engine of the database, when the database is subjected to patch upgrading, the plug-in signature library is synchronously upgraded, and the plug-in signature is ensured to be timely updated.
And 102, after second security check is carried out on the target database plug-in to be loaded based on the key, the target database plug-in is loaded into the database.
The target database plug-in is one of a plurality of database plug-ins passing the first security check, and is a database plug-in to be loaded into a database. The second security check refers to the security check performed by the database when the target database plug-in is loaded.
In this embodiment of the disclosure, after performing the second security check on the target database plug-in to be loaded based on the key, loading the target database plug-in to the database may include: determining the abstract of the target database plug-in by adopting a preset encryption algorithm and signing to obtain a second signature; acquiring a first signature corresponding to a target database plug-in; and loading the target database plug-in into the database based on the comparison result of the second signature and the first signature corresponding to the target database plug-in. Specifically, loading the target database plugin into the database based on the comparison result of the second signature and the first signature includes: and if the second signature is the same as the first signature corresponding to the target database plug-in, loading the target database plug-in into the database.
The preset encryption algorithm used here is the same as the preset encryption algorithm after the first security check described above. When the preset encryption algorithm is a national secret algorithm, the second security check process includes the steps of firstly calculating the abstract of the database plug-in by using the national secret SM3 algorithm, signing the calculated abstract by using the national secret SM2 algorithm to obtain a second signature, and inquiring the plug-in signature library from the plug-in signature library of the database based on the plug-in information of the target database plug-in to obtain a first signature corresponding to the target database plug-in. If the second signature currently determined by the target database plugin is the same as the first signature stored before, the second security check on the target database plugin can be determined to be passed, and the target database plugin is loaded into the database; if the second signature currently determined by the target database plugin is different from the previously stored first signature, it may be determined that the second security check on the target database plugin failed, and the target database plugin is rejected for loading.
In the embodiment of the disclosure, for the database plug-in which the security inspection is performed in the front, the database plug-in which the security inspection is performed needs to be performed again during loading, the database plug-in which the security inspection is performed is allowed to be loaded into the database, and the database plug-in which the security inspection is not performed rejects loading, so that the security of the database plug-in loaded into the database is ensured through double inspection.
According to the verification scheme of the database plug-in, the database plug-in is encrypted after first security verification is performed, and a secret key is stored; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Fig. 2 is a schematic flow chart of another database plug-in verification method provided in the embodiment of the present disclosure, and the embodiment further optimizes the database plug-in verification method based on the above embodiment. As shown in fig. 2, the method includes:
The white box inspection is used for inspecting the source codes of the database plug-ins, and the black box inspection is used for inspecting the whole database plug-ins.
And 203, determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature.
The preset encryption algorithm comprises a national encryption algorithm.
And 204, storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner.
And step 205, determining the abstract of the target database plug-in to be loaded by adopting a preset encryption algorithm and signing to obtain a second signature.
And step 206, acquiring a first signature corresponding to the target database plug-in.
And step 208, loading the target database plug-in into the database.
For example, in the embodiment of the present disclosure, the database performs a pre-security check on the developed database plug-in, since the source code of the database plug-in can be obtained, the white box check can be performed on the source code of the database plug-in, for the database plug-in that passes the check, the digest can be generated using the SM3 algorithm, and the digest is signed using the SM2 algorithm and stored in the signature plug-in library of the database. When the database is loaded with the database plug-ins, the database plug-ins are generated with an abstract by using a State secret SM3 algorithm, a current signature is generated by using a State secret SM3, the corresponding signature can be taken out from the plug-in signature library through the name of the plug-ins, if the current signature is the same as the signature stored in the previous plug-in signature library, the signature passes verification, and the plug-ins are loaded.
The embodiment of the disclosure provides a front-end security inspection for a database plug-in, which specifically includes a white box inspection and/or a black box inspection, and then a secondary security inspection can be performed based on a cryptographic algorithm, and the database plug-in is loaded after the inspection is passed, so that the security of the database plug-in loaded into a database is ensured, and further, the security of the database is improved.
According to the verification scheme of the database plug-in, white box verification and/or black box verification are/is carried out on the database plug-in to obtain a first verification result, if the first verification result is that the database plug-in passes the verification, the abstract of the database plug-in is determined by adopting a preset encryption algorithm and signed to obtain a first signature, and plug-in information of the database plug-in and the corresponding first signature are stored in an associated mode; determining the abstract of a target database plugin to be loaded by adopting a preset encryption algorithm, signing to obtain a second signature, obtaining a first signature corresponding to the target database plugin, and loading the target database plugin into the database if the second signature is the same as the first signature corresponding to the target database plugin; and if the second signature is different from the first signature corresponding to the target database plug-in, refusing to load the target database plug-in. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Fig. 3 is a schematic structural diagram of an apparatus for verifying a database plug-in provided in an embodiment of the present disclosure, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 3, the apparatus includes:
the first verification module 301 is configured to encrypt the database plugin after performing a first security verification on the database plugin, and store a key;
and the second verification module 302 is configured to load the target database plug-in to be loaded into the database after performing a second security verification on the target database plug-in to be loaded based on the key.
According to the verification scheme of the database plug-in, the database plug-in is encrypted after first security verification is performed, and a secret key is stored; and loading the target database plug-in to be loaded into the database after executing the second security check on the basis of the key. By adopting the technical scheme, the safety of the database plug-in loaded into the database is ensured by carrying out the pre-safety inspection and the safety inspection twice during loading on the database plug-in, so that the safety of the database is improved.
Optionally, the first security check includes a white box check for checking a source code of the database plug-in and/or a black box check for checking the database plug-in as a whole.
Optionally, the first checking module 301 is specifically configured to:
performing the white box test and/or the black box test on the database plug-in to obtain a first test result;
and if the first verification result is that the verification is passed, encrypting the database plug-in and storing a secret key.
Optionally, the first checking module 301 is specifically configured to:
determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature;
and storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner.
Optionally, the preset encryption algorithm includes a national encryption algorithm.
Optionally, the second verification module 302 is specifically configured to:
determining the abstract of the target database plug-in by adopting the preset encryption algorithm and signing to obtain a second signature;
acquiring a first signature corresponding to the target database plug-in;
and loading the target database plug-in into a database based on the comparison result of the second signature and the first signature corresponding to the target database plug-in.
Optionally, the second verification module 302 is specifically configured to:
and if the second signature is the same as the first signature corresponding to the target database plugin, loading the target database plugin into a database.
The database plug-in inspection device provided by the embodiment of the disclosure can execute the database plug-in inspection method provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 4, the electronic device 400 includes one or more processors 401 and memory 402.
The processor 401 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 400 to perform desired functions.
In one example, the electronic device 400 may further include: an input device 403 and an output device 404, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
The input device 403 may also include, for example, a keyboard, a mouse, and the like.
The output device 404 may output various information to the outside, including the determined distance information, direction information, and the like. The output devices 404 may include, for example, a display, speakers, a printer, and a communication network and its connected remote output devices, among others.
Of course, for simplicity, only some of the components of the electronic device 400 relevant to the present disclosure are shown in fig. 4, omitting components such as buses, input/output interfaces, and the like. In addition, electronic device 400 may include any other suitable components depending on the particular application.
In addition to the above methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the database plug-in verification method provided by embodiments of the present disclosure.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform the database plug-in verification method provided by embodiments of the present disclosure.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for verifying a database plug-in, comprising:
encrypting the database plug-in after first security check is carried out on the database plug-in, and storing a secret key;
and loading the target database plug-in to be loaded into the database after executing second security check on the target database plug-in to be loaded based on the key.
2. The method of claim 1, wherein the first security check comprises a white-box check for checking a source code of the database plug-in and/or a black-box check for checking an entirety of the database plug-in.
3. The method of claim 2, wherein encrypting and storing the key after performing the first security check on the database plug-in comprises:
performing the white box test and/or the black box test on the database plug-in to obtain a first test result;
and if the first verification result is that the verification is passed, encrypting the database plug-in and storing a secret key.
4. The method of claim 3, wherein encrypting the database plug-in and storing a key comprises:
determining the abstract of the database plug-in by adopting a preset encryption algorithm and signing to obtain a first signature;
and storing the plug-in information of the database plug-in and the corresponding first signature in an associated manner.
5. The method of claim 4, wherein the predetermined encryption algorithm comprises a national encryption algorithm.
6. The method of claim 4, wherein the loading into the database after performing the second security check on the target database plug-in to be loaded based on the key comprises:
determining the abstract of the target database plug-in by adopting the preset encryption algorithm and signing to obtain a second signature;
acquiring a first signature corresponding to the target database plug-in;
and loading the target database plug-in into a database based on the comparison result of the second signature and the first signature corresponding to the target database plug-in.
7. The method of claim 6, wherein loading the target database plugin into a database based on the comparison of the second signature and the first signature corresponding to the target database plugin comprises:
and if the second signature is the same as the first signature corresponding to the target database plugin, loading the target database plugin into a database.
8. An apparatus for verifying a database plug-in, comprising:
the first checking module is used for encrypting the database plug-in after first safety checking is carried out on the database plug-in and storing a secret key;
and the second checking module is used for loading the target database plug-in to be loaded into the database after executing second security check on the basis of the key.
9. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instructions from the memory and executing the instructions to realize the database plug-in verification method of any one of the claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program for executing the database plug-in verification method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011018936.9A CN112115517A (en) | 2020-09-24 | 2020-09-24 | Database plug-in inspection method, device, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011018936.9A CN112115517A (en) | 2020-09-24 | 2020-09-24 | Database plug-in inspection method, device, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112115517A true CN112115517A (en) | 2020-12-22 |
Family
ID=73801574
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011018936.9A Pending CN112115517A (en) | 2020-09-24 | 2020-09-24 | Database plug-in inspection method, device, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112115517A (en) |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007021775A2 (en) * | 2005-08-09 | 2007-02-22 | Adesso Systems, Inc. | A method for providing extensible software components within a distributed synchronization system |
US20080059479A1 (en) * | 2006-09-06 | 2008-03-06 | Cheng-Fang Lin | Method and apparatus for invoking a plug-in on a server |
US20110314266A1 (en) * | 2010-06-17 | 2011-12-22 | Microsoft Corporation | On-demand database server startup and shutdown |
CN102880456A (en) * | 2012-07-31 | 2013-01-16 | 北京奇虎科技有限公司 | Method and device for creating plug-in |
CN105119888A (en) * | 2015-07-10 | 2015-12-02 | 小米科技有限责任公司 | Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device |
CN105404815A (en) * | 2015-11-05 | 2016-03-16 | 株洲南车时代电气股份有限公司 | Anti-counterfeiting method and system for host plug-in of secure computer platform |
CN106549768A (en) * | 2016-12-08 | 2017-03-29 | 上海众人网络安全技术有限公司 | A kind of method and system of time type plug-in authentication |
WO2017197869A1 (en) * | 2016-05-19 | 2017-11-23 | 中兴通讯股份有限公司 | Version file checking method and apparatus, encryption method and apparatus, and storage medium |
CN107704584A (en) * | 2017-10-09 | 2018-02-16 | 易联众信息技术股份有限公司 | A kind of method of payment using database application plug-in unit |
CN110162980A (en) * | 2019-05-31 | 2019-08-23 | 上交所技术有限责任公司 | A kind of method of one-stop safety test and management in software development process |
CN110443039A (en) * | 2019-08-09 | 2019-11-12 | 北京阿尔山区块链联盟科技有限公司 | Detection method, device and the electronic equipment of plug-in security |
CN110474898A (en) * | 2019-08-07 | 2019-11-19 | 北京明朝万达科技股份有限公司 | Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing |
CN110569088A (en) * | 2019-09-09 | 2019-12-13 | 五八有限公司 | client plug-in management method and device, electronic equipment and storage medium |
-
2020
- 2020-09-24 CN CN202011018936.9A patent/CN112115517A/en active Pending
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007021775A2 (en) * | 2005-08-09 | 2007-02-22 | Adesso Systems, Inc. | A method for providing extensible software components within a distributed synchronization system |
US20080059479A1 (en) * | 2006-09-06 | 2008-03-06 | Cheng-Fang Lin | Method and apparatus for invoking a plug-in on a server |
US20110314266A1 (en) * | 2010-06-17 | 2011-12-22 | Microsoft Corporation | On-demand database server startup and shutdown |
CN102880456A (en) * | 2012-07-31 | 2013-01-16 | 北京奇虎科技有限公司 | Method and device for creating plug-in |
CN105119888A (en) * | 2015-07-10 | 2015-12-02 | 小米科技有限责任公司 | Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device |
CN105404815A (en) * | 2015-11-05 | 2016-03-16 | 株洲南车时代电气股份有限公司 | Anti-counterfeiting method and system for host plug-in of secure computer platform |
WO2017197869A1 (en) * | 2016-05-19 | 2017-11-23 | 中兴通讯股份有限公司 | Version file checking method and apparatus, encryption method and apparatus, and storage medium |
CN106549768A (en) * | 2016-12-08 | 2017-03-29 | 上海众人网络安全技术有限公司 | A kind of method and system of time type plug-in authentication |
CN107704584A (en) * | 2017-10-09 | 2018-02-16 | 易联众信息技术股份有限公司 | A kind of method of payment using database application plug-in unit |
CN110162980A (en) * | 2019-05-31 | 2019-08-23 | 上交所技术有限责任公司 | A kind of method of one-stop safety test and management in software development process |
CN110474898A (en) * | 2019-08-07 | 2019-11-19 | 北京明朝万达科技股份有限公司 | Data encrypting and deciphering and key location mode, device, equipment and readable storage medium storing program for executing |
CN110443039A (en) * | 2019-08-09 | 2019-11-12 | 北京阿尔山区块链联盟科技有限公司 | Detection method, device and the electronic equipment of plug-in security |
CN110569088A (en) * | 2019-09-09 | 2019-12-13 | 五八有限公司 | client plug-in management method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
Title |
---|
郭世满 等: "宽带接入技术及应用", 31 March 2006, 北京邮电大学出版社, pages: 275 - 277 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8356351B2 (en) | Method and device for verification of code module in virtual machine | |
KR101804996B1 (en) | Centralized operation management | |
US9118713B2 (en) | System and a method for automatically detecting security vulnerabilities in client-server applications | |
JP5398824B2 (en) | Using temporary PCR to achieve reliability in the application space of secure processing systems | |
JP5745061B2 (en) | Authenticating the use of interactive components during the boot process | |
US20160381075A1 (en) | Methods and apparatus for generating and using security assertions associated with containers in a computing environment | |
US20160378990A1 (en) | Validating firmware on a computing device | |
US7962952B2 (en) | Information processing apparatus that executes program and program control method for executing program | |
US11533182B2 (en) | Identity-based security platform and methods | |
US20200327227A1 (en) | Method of speeding up a full antivirus scan of files on a mobile device | |
KR102518980B1 (en) | Method, device and computer-readable recording medium for analyzing and processing malicious code for container images | |
US20220382874A1 (en) | Secure computation environment | |
US20100037065A1 (en) | Method and Apparatus for Transitive Program Verification | |
JP6765554B2 (en) | Software test equipment, software test methods, and software test programs | |
US20160239662A1 (en) | Control system and authentication device | |
KR101482700B1 (en) | Method For Verifying Integrity of Program Using Hash | |
KR20100028026A (en) | Method and apparatus for changing and adding activation keys for functions of digital content without having to change and recompile the digital content | |
CN102982279A (en) | Computer aided design virus infection prevention system and computer aided design virus infection prevention method | |
US11716319B2 (en) | Software deployment certification | |
CN112115517A (en) | Database plug-in inspection method, device, equipment and medium | |
KR101893504B1 (en) | A file integrity test in linux environment device and method | |
CN112231694B (en) | Database detection method, device, equipment and medium | |
US20230409694A1 (en) | Secure Device Tracking Via Device Ownership Service | |
IL274165B2 (en) | Privacy preserving application and device error detection | |
WO2021211541A1 (en) | Secure application development using distributed ledgers |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |