CN112395562A - Login protection method and device for code warehouse - Google Patents
Login protection method and device for code warehouse Download PDFInfo
- Publication number
- CN112395562A CN112395562A CN201910755864.7A CN201910755864A CN112395562A CN 112395562 A CN112395562 A CN 112395562A CN 201910755864 A CN201910755864 A CN 201910755864A CN 112395562 A CN112395562 A CN 112395562A
- Authority
- CN
- China
- Prior art keywords
- client
- behavior
- login
- dotting
- management center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 230000008569 process Effects 0.000 claims abstract description 19
- 230000006399 behavior Effects 0.000 claims description 219
- 238000004891 communication Methods 0.000 claims description 15
- 230000003993 interaction Effects 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 2
- 230000002159 abnormal effect Effects 0.000 description 5
- 238000012795 verification Methods 0.000 description 5
- 230000032683 aging Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/128—Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a login protection method and device for a code warehouse, relates to the technical field of network security, and aims to solve the problem that the code warehouse cannot be effectively protected in the prior art. The method mainly comprises the following steps: the client judges whether the login behavior of the code warehouse is an active operation behavior; if the judgment result is yes, the client sends the login behavior to the server, and sends the dotting MID identification code of the client to the Web management center; the Web management center stores the dotting MID identification code to a dotting client list; if the server detects the login behavior, sending a query request for querying the dotting behavior to a Web management center; the Web management center inquires whether a client of the MID identification code to be detected allows login behavior to be executed or not, and sends an inquiry result to the server, wherein the inquiry result comprises login permission and login prohibition; and if the inquiry result is that the login is allowed, the server responds to the login behavior. The method is mainly applied to the safety protection process of the code warehouse.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a login protection method and device for a code warehouse.
Background
And the code warehouse is used for storing the software codes in the software development process and is the most important asset in the software development process. If the account password or the corresponding token is possessed, the code warehouse and the codes in the code warehouse can be loaded, modified and submitted according to the account authority. With the expansion of the internet, the account password or the corresponding token stored in plain text or cipher text is used in the conventional login means, which is very likely to be stolen, and an attacker can utilize the account password or the corresponding token to invade, steal or destroy the code data of the code repository.
In the prior art, a login request for user login is firstly obtained, the login request carries a user name and a password, then the login request is authenticated for the first time according to the user name and the password, and then the login request is authenticated for the second time after the first authentication is passed, wherein the authentication mode of the second authentication comprises at least one of the following authentication modes: and finally, when the second authentication is determined to pass, the login request passes.
In the above scheme, if the user environment for starting the secondary authentication is penetrated, an attacker can obtain the related authority corresponding to the user name by binding the secondary authentication device or obtaining the secondary authentication data. Compared with explicit attacks, the manner of obtaining user rights by attacking the user environment is difficult to identify, resulting in an inability to effectively defend the code repository.
Disclosure of Invention
In view of this, the present invention provides a login protection method and device for a code repository, and mainly aims to solve the problem that effective protection of the code repository cannot be realized in the prior art.
According to one aspect of the invention, a login protection method for a code warehouse is provided, which comprises the following steps:
the client judges whether the login behavior of the code warehouse is an active operation behavior;
if the judgment result is yes, the client sends the login behavior to a server, and sends the unique MID identification code of the dotting machine of the client to a Web management center;
the Web management center stores the dotting MID identification code to a dotting client list;
if the server detects the login behavior, sending a query request for querying a dotting behavior to the Web management center, wherein the query dotting behavior is used for querying whether an MID identification code to be tested of the login behavior is stored in the dotting client list or not;
the Web management center inquires whether the client side of the MID identification code to be detected allows login behavior to be executed or not according to the inquiry request, and sends the inquiry result to the server, wherein the inquiry result comprises login permission and login prohibition;
and if the query result is that login is allowed, the server responds to the login behavior.
Further, the determining, by the client, whether the login behavior of the code repository is an active operation behavior includes:
the kernel driver of the client detects the process creating behavior of the login behavior;
if the process creation behavior belongs to a credit granting management tool list, the client judges whether an instruction source of the login behavior is a human-computer interaction device;
and if the judgment result is yes, the client determines that the login behavior is the active operation behavior.
Further, before the client determines whether the login behavior of the code repository is the active operation behavior, the method further includes:
the client sends an acquisition request of a management list of the code warehouse, and the trust management tool list is stored in the Web management center;
and the Web management center sends the credit granting management tool list to the client.
Further, the client sends the unique MID identification code of the dotting machine of the client to a Web management center, and the method comprises the following steps:
the client acquires the dotting MID identification code;
the client generates encrypted identification data of the dotting MID identification code according to a first preset encryption algorithm;
the client sends the encrypted identification data to a Web management center;
the Web management center stores the dotting MID identification code to a dotting client list, and the method comprises the following steps:
the Web management center receives the encrypted identification data sent by the client;
the Web management center decrypts the encrypted identification data to restore the dotting MID identification code according to a first preset decryption algorithm corresponding to the first preset encryption algorithm;
and the Web management center stores the dotting MID identification code to a dotting client list.
Further, the login behavior comprises a user name and a password;
after the server responds to the login behavior, the method further comprises the following steps:
the server searches the code authority of the user name;
and the server generates executable allowable operation behaviors of the client according to the code authority.
According to another aspect of the present invention, there is provided a login protection device for a code repository, comprising:
the client judgment module is used for judging whether the login behavior of the code warehouse is an active operation behavior or not by the client;
the client sending module is used for sending the login behavior to a server and sending the unique MID identification code of the dotting machine of the client to a Web management center if the judgment result is yes;
the Web management center storage module is used for storing the dotting MID identification code to a dotting client list by the Web management center;
the server sending module is used for sending a query request for querying a dotting behavior to the Web management center if the server detects the login behavior, wherein the query dotting behavior is used for querying whether an MID identification code to be tested of the login behavior is stored in the dotting client list or not;
the Web management center sending module is used for the Web management center to inquire whether the client side of the MID identification code to be detected allows login behavior to be executed or not according to the inquiry request and send inquiry results to the server, wherein the inquiry results comprise login permission and login prohibition;
and the server response module is used for responding the login behavior if the query result is that the login is allowed.
According to another aspect of the present invention, a storage medium is provided, where at least one executable instruction is stored, and the executable instruction causes a processor to perform an operation corresponding to the login protection method of the code repository.
According to still another aspect of the present invention, there is provided a computer apparatus including: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the login protection method of the code warehouse.
By the technical scheme, the technical scheme provided by the embodiment of the invention at least has the following advantages:
the invention provides a login protection method and a device of a code warehouse, which are characterized in that firstly, a client calculates and judges whether the login behavior of the code warehouse is an active operation behavior, if so, a client sends the login behavior to a server, and sends a dotting MID identification code of the client to a Web management center, the Web management center stores the dotting MID identification code to a dotting client list, if the server detects the login behavior, a query request for querying the dotting behavior is sent to the Web management center, the Web management center queries whether the client to which the MID identification code to be tested belongs is allowed to execute the login behavior according to the query request, and sends the query result to the server, and if the query result is allowed to log in, the server responds to the login behavior. Compared with the prior art, the embodiment of the invention adopts the verification mode of the dotting client list, all other abnormal logins can be rejected, and the login can not be successfully realized even if a correct account and password and a common IP are used, thereby realizing the effective protection of the login of the code warehouse.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flowchart illustrating a method for preventing a code repository from logging in according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating another method for protecting a code repository from logging in according to an embodiment of the present invention;
FIG. 3 is a block diagram illustrating a login protection apparatus for a code repository according to an embodiment of the present invention;
FIG. 4 is a block diagram illustrating an alternative log-in guard for a code repository, according to an embodiment of the present invention;
fig. 5 shows a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to ensure the security of the warehouse code, an attack discovery and risk control system, referred to as F & C for short, is installed on a terminal needing protection, and is a technical application carrier of the invention. The F & C comprises a Web management center and a terminal, wherein the terminal comprises a client and a server. The Web management center is a central control part of a software development system, a software management system or a code storage system, and comprises functions of user management, terminal strategies and the like. In order to ensure the safety of the code warehouse, high-risk login behaviors are automatically intercepted from the code warehouse login, the login behaviors are managed and controlled through a Web management center, and agent warehouse login attack behaviors are fundamentally defended.
An embodiment of the present invention provides a login protection method for a code repository, as shown in fig. 1, the method includes:
101. and the client judges whether the login behavior of the code warehouse is an active operation behavior.
The code warehouse is a database which is used for storing software program codes inside an enterprise. The login behavior is a login request initiated by a user through a client, and a login request instruction is included in the login behavior to request the server to login the code repository. The active operation refers to an operation actively performed by a user through an interactive device such as a keyboard, a mouse, a touch screen, and the like, for example, a mouse double-clicks a certain program icon on a desktop, executes the program, and opens a certain file through a process sequence menu. Compared with the automatic real-time operation behavior of the program, the active operation behavior has different behavior authorities, such as a winword.
If an attack is encountered during the logging into the code repository, the attack may initiate auto-log behavior by an auto-run program. If the automatic login behavior is started, the login operation is not an active operation behavior, so that an attack mode of attacking the warehouse code through a program automatic execution mode can be avoided.
102. And if so, the client sends the login behavior to a server and sends the unique MID identification code of the dotting machine of the client to a Web management center.
And the server is used for responding to the request of the client. If the user initiates the login behavior at the client through the active operation behavior, the client sends the login behavior to the server so as to obtain a feedback message of the server on the login behavior. If the user initiates a login behavior at the client through an active operation behavior, the client also needs to click the MID identification code of the client and send the MID identification code to the Web management center.
103. And the Web management center stores the dotting MID identification code to a dotting client list.
And the dotting client is a client which requests to log in the code warehouse by applying an active operation behavior. And storing the dotting MID identification code of the dotting client in the dotting client list. And the MID identification codes in the dotting client list have aging limit, and are automatically deleted from the dotting client list after the aging limit is exceeded. Due to the fact that the client side can be updated at irregular time, the login protection of the code warehouse is not effective in order to avoid the phenomenon that the abandoned client side is stolen, and therefore the time limit is set for the MID identification codes in the dotting client side list. The time limit may be one week, one month, or three months, and the specific time for implementing the limit is not limited in the embodiment of the present invention.
104. And if the server detects the login behavior, sending a query request for querying the dotting behavior to the Web management center.
And the query dotting behavior is used for querying whether the MID identification code to be tested of the login behavior is stored in the dotting client list. And the server detects the request sent by the client, and if the login behavior is detected, the server sends a request for inquiring the dotting behavior to the Web management center. The request is to inquire whether the client initiating the login behavior performs the dotting on the Web management center, that is, whether the client initiating the login behavior is in a dotting client list of the Web management center.
105. And the Web management center inquires whether the client side of the MID identification code to be detected allows to execute login behavior according to the inquiry request, and sends the inquiry result to the server.
The query results include permitted login and prohibited login.
106. And if the query result is that login is allowed, the server responds to the login behavior.
And after determining that the client corresponding to the MID identification code to be tested can log in the access code warehouse, the server responds to the login behavior and sends a response page after login to the client.
The invention provides a safety protection method of a browser, which comprises the steps that firstly, a client calculates and judges whether the login behavior of a code warehouse is an active operation behavior, if so, a client sends the login behavior to a server, and sends a dotting MID identification code of the client to a Web management center, the Web management center stores the dotting MID identification code to a dotting client list, if the server detects the login behavior, a query request for querying the dotting behavior is sent to the Web management center, the Web management center queries whether the client to which the MID identification code to be tested belongs is allowed to execute the login behavior according to the query request, and sends a query result to the server, and if the query result is allowed to log in, the server responds to the login behavior. Compared with the prior art, the embodiment of the invention adopts the verification mode of the dotting client list, all other abnormal logins can be rejected, and the login can not be successfully realized even if a correct account and password and a common IP are used, thereby realizing the effective protection of the login of the code warehouse.
An embodiment of the present invention provides another method for protecting a code repository from logging in, as shown in fig. 2, where the method includes:
201. and the client judges whether the login behavior of the code warehouse is an active operation behavior.
The code warehouse is a database which is used for storing software program codes inside an enterprise. The login behavior is a login request initiated by a user through a client, and a login request instruction is included in the login behavior to request the server to login the code repository. The active operation refers to an operation actively performed by a user through an interactive device such as a keyboard, a mouse, or a touch screen.
The judging process specifically comprises the following steps: the kernel driver of the client detects the process creating behavior of the login behavior; if the process creation behavior belongs to a credit granting management tool list, the client judges whether an instruction source of the login behavior is a human-computer interaction device; and if the judgment result is yes, the client determines that the login behavior is the active operation behavior.
The trust management tool list means that the code warehouse can be logged in only by setting a specific trust management tool and using the specific trust management tool according to the behavior of logging in the code warehouse. The login behavior is realized through the process creation behavior, and when the process creation behavior belongs to the credit granting management tool list, whether the instruction source of the login behavior is a human-computer interaction device or not is judged, that is, whether the instruction source of the login behavior is the operation actively performed by a user through interaction devices such as a keyboard, a mouse and a touch screen or not is judged. And if so, determining that the login behavior is the active operation behavior.
Before the client determines whether the login behavior of the code repository is the active operation behavior, the method further includes: the client sends an acquisition request of a management list of the code warehouse, and the trust management tool list is stored in the Web management center; and the Web management center sends the credit granting management tool list to the client. The trust management tool list can be managed and configured in the Web management center, and the code warehouse client tool list can be configured.
202. And if so, the client sends the login behavior to a server and sends the unique MID identification code of the dotting machine of the client to a Web management center.
And the server is used for responding to the request of the client. If the user initiates the login behavior at the client through the active operation behavior, the client sends the login behavior to the server so as to obtain a feedback message of the server on the login behavior. If the user initiates a login behavior at the client through an active operation behavior, the client also needs to send the MID identification code of the client to the Web management center.
In the process of transmitting the MID identification code, the method specifically comprises the following steps: the client acquires the MID identification code; the client generates encrypted identification data of the MID identification code according to a first preset encryption algorithm; and the client sends the encrypted identification data to a Web management center. The first preset encryption algorithm may be DES, 3DES, AES, IDEA, RC6, CAST5, or the like, and the method adopted by the first preset encryption algorithm is not limited in the embodiment of the present invention.
203. And the Web management center stores the dotting MID identification code to a dotting client list.
And the dotting client is a client which requests to log in the code warehouse by applying an active operation behavior. And storing the MID identification code of the dotting client in the dotting client list. And the MID identification codes in the dotting client list have aging limit, and are automatically deleted from the dotting client list after the aging limit is exceeded. The process of saving the MID identification code specifically comprises the following steps: the Web management center receives the encrypted identification data sent by the client; the Web management center decrypts the encrypted identification data to restore the MID identification code according to a first preset decryption algorithm corresponding to the first preset encryption algorithm; and the Web management center stores the MID identification code to a dotting client list. As for the first preset encryption algorithm, the first preset decryption algorithm may be DES, 3DES, AES, IDEA, RC6, CAST5, or the like, and the method adopted in the first preset decryption algorithm is not limited in the embodiment of the present invention.
204. And if the server detects the login behavior, sending a query request for querying the dotting behavior to the Web management center.
And the server detects the request sent by the client, and if the login behavior is detected, the server sends a request for inquiring the dotting behavior to the Web management center. The request is to inquire whether the client initiating the login behavior performs the dotting on the Web management center, that is, whether the client initiating the login behavior is in a dotting client list of the Web management center. And the query dotting behavior is used for querying whether the MID identification code to be tested of the login behavior is stored in the dotting client list.
205. And the Web management center inquires whether the client side of the MID identification code to be detected allows to execute login behavior according to the inquiry request, and sends the inquiry result to the server.
The query results include permitted login and prohibited login.
206. And if the query result is that login is allowed, the server responds to the login behavior.
If the MID identification code to be tested of the client is stored in the credit client list and the dotting client list, the client is proved to pass the double guarantee, and the client can be determined to log in the access code warehouse. And after determining that the client corresponding to the MID identification code to be tested can log in the access code warehouse, the server responds to the login behavior and sends a response page after login to the client.
If the judgment result is negative, the server reports the login behavior to the Web management center, the Web management center judges again, if the judgment result is positive, the Web management center informs the server of responding to the login behavior, and if the judgment result is negative, the child server intercepts.
207. And the server searches the code authority of the user name.
User login behaviors also comprise user names and passwords, and different user names have different access rights.
208. And the server generates executable allowable operation behaviors of the client according to the code authority.
When the client requests to operate the code warehouse again, whether a response can be given can be directly judged according to the operation behavior.
The invention provides a login protection method of a code warehouse, which comprises the steps that firstly, a client calculates and judges whether the login behavior of the code warehouse is an active operation behavior, if so, a client sends the login behavior to a server, and sends a dotting MID identification code of the client to a Web management center, the Web management center stores the dotting MID identification code to a dotting client list, if the server detects the login behavior, a query request for querying the dotting behavior is sent to the Web management center, the Web management center queries whether the client to which the MID identification code to be tested belongs is allowed to execute the login behavior according to the query request, and sends a query result to the server, and if the query result is allowed to log in, the server responds to the login behavior. Compared with the prior art, the embodiment of the invention adopts the verification mode of the dotting client list, all other abnormal logins can be rejected, and the login can not be successfully realized even if a correct account and password and a common IP are used, thereby realizing the effective protection of the login of the code warehouse.
Further, as an implementation of the method shown in fig. 1, an embodiment of the present invention provides a login protection device for a code repository, as shown in fig. 3, where the device includes:
the client judging module 31 is configured to judge whether the login behavior of the code repository is an active operation behavior by the client;
the client sending module 32 is used for sending the login behavior to a server and sending the unique MID identification code of the dotting machine of the client to a Web management center if the judgment result is yes;
the Web management center storage module 33 is used for storing the dotting MID identification code to a dotting client list by the Web management center;
a server sending module 34, configured to send, if the server detects the login behavior, a query request for querying a dotting behavior to the Web management center, where the query dotting behavior is used to query whether an MID identifier to be tested of the login behavior is stored in the dotting client list;
the Web management center sending module 35 is used for the Web management center to inquire whether the client side of the MID identification code to be detected allows to execute login behavior according to the inquiry request, and sending the inquiry result to the server, wherein the inquiry result comprises login permission and login prohibition;
and a server response module 36, configured to, if the query result is that login is allowed, respond to the login behavior by the server.
The invention provides a login protection device of a code warehouse, which comprises the steps that firstly, a client calculates and judges whether the login behavior of the code warehouse is an active operation behavior, if so, a client sends the login behavior to a server, and sends a dotting MID identification code of the client to a Web management center, the Web management center stores the dotting MID identification code to a dotting client list, if the server detects the login behavior, a query request for querying the dotting behavior is sent to the Web management center, the Web management center queries whether the client to which the MID identification code to be tested belongs is allowed to execute the login behavior according to the query request, and sends a query result to the server, and if the query result is allowed to log in, the server responds to the login behavior. Compared with the prior art, the embodiment of the invention adopts the verification mode of the dotting client list, all other abnormal logins can be rejected, and the login can not be successfully realized even if a correct account and password and a common IP are used, thereby realizing the effective protection of the login of the code warehouse.
Further, as an implementation of the method shown in fig. 2, an embodiment of the present invention provides another login protection apparatus for a code repository, as shown in fig. 4, where the apparatus includes:
a client judgment module 41, configured to judge, by the client, whether a login behavior of the code repository is an active operation behavior;
the client sending module 42 is used for sending the login behavior to the server and sending the unique MID identification code of the dotting machine of the client to the Web management center if the judgment result is yes;
a Web management center storing module 43, configured to store the dotting MID identifier to a dotting client list by the Web management center;
a server sending module 44, configured to send, if the server detects the login behavior, a query request for querying a dotting behavior to the Web management center, where the query dotting behavior is used to query whether an MID identifier to be tested of the login behavior is stored in the dotting client list;
a Web management center sending module 45, configured to query, by the Web management center, whether the client of the MID identifier to be detected allows to execute a login behavior according to the query request, and send a query result to the server, where the query result includes login permission and login prohibition;
and a server response module 46, configured to respond to the login behavior if the query result is that login is allowed.
Further, the client determining module 41 includes:
a client detection unit 411, configured to detect a process creation behavior of a login behavior by a kernel driver of the client;
a client determining unit 412, configured to determine, if the process creation behavior belongs to the trust management tool list, whether an instruction source of the login behavior is a human-computer interaction device;
a client determining unit 413, configured to determine that the login behavior is an active operation behavior if the determination result is yes.
Further, the apparatus further comprises:
the client sending module 42 is further configured to send, by the client, an acquisition request of a management list of the code repository before the client determines whether the login behavior of the code repository is the active operation behavior, where the trust management tool list is stored in the Web management center;
the Web management center sending module 45 is further configured to send the credit granting management tool list to the client by the Web management center.
Further, the client sending module 42 includes:
a client obtaining unit 421, configured to obtain the dotting MID identification code by the client;
a client generating unit 422, configured to generate, by the client, encrypted identification data of the dotting MID identifier according to a first preset encryption algorithm;
a client sending unit 423, configured to send the encrypted identification data to a Web management center by the client;
the Web management center saving module 43 includes:
a Web management center receiving unit 431, configured to receive, by the Web management center, the encrypted identification data sent by the client;
a Web management center decryption unit 432, configured to decrypt, by the Web management center, the encrypted identification data according to a first preset decryption algorithm corresponding to the first preset encryption algorithm to restore the MID identification code;
and the Web management center storage unit 433 is used for storing the dotting MID identification code to a dotting client list by the Web management center.
Further, the login behavior comprises a user name and a password;
the device also includes:
a server search module 47, configured to, after the server responds to the login behavior, search, by the server, the code authority of the user name;
and a server generating module 48, configured to generate, by the server, an executable permitted operation behavior of the client according to the code permission.
The invention provides a login protection device of a code warehouse, which comprises the steps that firstly, a client calculates and judges whether the login behavior of the code warehouse is an active operation behavior, if so, a client sends the login behavior to a server, and sends a dotting MID identification code of the client to a Web management center, the Web management center stores the dotting MID identification code to a dotting client list, if the server detects the login behavior, a query request for querying the dotting behavior is sent to the Web management center, the Web management center queries whether the client to which the MID identification code to be tested belongs is allowed to execute the login behavior according to the query request, and sends a query result to the server, and if the query result is allowed to log in, the server responds to the login behavior. Compared with the prior art, the embodiment of the invention adopts the verification mode of the dotting client list, all other abnormal logins can be rejected, and the login can not be successfully realized even if a correct account and password and a common IP are used, thereby realizing the effective protection of the login of the code warehouse.
According to an embodiment of the present invention, a storage medium is provided, where at least one executable instruction is stored, and the computer executable instruction may execute the method for log-in protection of a code repository in any of the above method embodiments.
Fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computer device.
As shown in fig. 5, the computer apparatus may include: a processor (processor)502, a Communications Interface 504, a memory 506, and a communication bus 508.
Wherein: the processor 502, communication interface 504, and memory 506 communicate with one another via a communication bus 508.
A communication interface 504 for communicating with network elements of other devices, such as clients or other servers.
The processor 502 is configured to execute the program 510, and may specifically execute the relevant steps in the above-described embodiment of the login protection method for the code repository.
In particular, program 510 may include program code that includes computer operating instructions.
The processor 502 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement an embodiment of the present invention. The computer device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 506 for storing a program 510. The memory 506 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 510 may specifically be used to cause the processor 502 to perform the following operations:
the client judges whether the login behavior of the code warehouse is an active operation behavior;
if the judgment result is yes, the client sends the login behavior to a server, and sends the unique MID identification code of the dotting machine of the client to a Web management center;
the Web management center stores the dotting MID identification code to a dotting client list;
if the server detects the login behavior, sending a query request for querying a dotting behavior to the Web management center, wherein the query dotting behavior is used for querying whether an MID identification code to be tested of the login behavior is stored in the dotting client list or not;
the Web management center inquires whether a client side to which the identification code of the MID to be detected belongs allows login behavior to be executed or not according to the inquiry request, and sends inquiry results to the server, wherein the inquiry results comprise login permission and login prohibition;
and if the query result is that login is allowed, the server responds to the login behavior.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A login protection method for a code warehouse is characterized by comprising the following steps:
the client judges whether the login behavior of the code warehouse is an active operation behavior;
if the judgment result is yes, the client sends the login behavior to a server, and sends the unique MID identification code of the dotting machine of the client to a Web management center;
the Web management center stores the dotting MID identification code to a dotting client list;
if the server detects the login behavior, sending a query request for querying a dotting behavior to the Web management center, wherein the query dotting behavior is used for querying whether an MID identification code to be tested of the login behavior is stored in the dotting client list or not;
the Web management center inquires whether a client side to which the identification code of the MID to be detected belongs allows login behavior to be executed or not according to the inquiry request, and sends inquiry results to the server, wherein the inquiry results comprise login permission and login prohibition;
and if the query result is that login is allowed, the server responds to the login behavior.
2. The method of claim 1, wherein the client determining whether the logging behavior of the code repository is an active operation behavior comprises:
the kernel driver of the client detects the process creating behavior of the login behavior;
if the process creation behavior belongs to a credit granting management tool list, the client judges whether an instruction source of the login behavior is a human-computer interaction device;
and if the judgment result is yes, the client determines that the login behavior is the active operation behavior.
3. The method of claim 2, wherein before the client determines whether the logging behavior of the code repository is an active operation behavior, the method further comprises:
the client sends an acquisition request of a management list of the code warehouse, and the trust management tool list is stored in the Web management center;
and the Web management center sends the credit granting management tool list to the client.
4. The method of claim 1, wherein the client sending the client's dotting machine unique MID identification code to a Web management center, comprising:
the client acquires the dotting MID identification code;
the client generates encrypted identification data of the dotting MID identification code according to a first preset encryption algorithm;
the client sends the encrypted identification data to a Web management center;
the Web management center stores the dotting MID identification code to a dotting client list, and the method comprises the following steps:
the Web management center receives the encrypted identification data sent by the client;
the Web management center decrypts the encrypted identification data to restore the dotting MID identification code according to a first preset decryption algorithm corresponding to the first preset encryption algorithm;
and the Web management center stores the dotting MID identification code to a dotting client list.
5. The method of claim 1, wherein the login behavior comprises a username and password;
after the server responds to the login behavior, the method further comprises the following steps:
the server searches the code authority of the user name;
and the server generates executable allowable operation behaviors of the client according to the code authority.
6. A login protection device for a code repository, comprising:
the client judgment module is used for judging whether the login behavior of the code warehouse is an active operation behavior or not by the client;
the client sending module is used for sending the login behavior to a server and sending the unique MID identification code of the dotting machine of the client to a Web management center if the judgment result is yes;
the Web management center storage module is used for storing the dotting MID identification code to a dotting client list by the Web management center;
the server sending module is used for sending a query request for querying a dotting behavior to the Web management center if the server detects the login behavior, wherein the query dotting behavior is used for querying whether an MID identification code to be tested of the login behavior is stored in the dotting client list or not;
the Web management center sending module is used for the Web management center to inquire whether the client side of the MID identification code to be detected allows login behavior to be executed or not according to the inquiry request and send inquiry results to the server, wherein the inquiry results comprise login permission and login prohibition;
and the server response module is used for responding the login behavior if the query result is that the login is allowed.
7. The apparatus of claim 6, wherein the client determination module comprises:
the client detection unit is used for detecting the process creation behavior of the login behavior by the kernel driver of the client;
the client judging unit is used for judging whether the instruction source of the login behavior is a human-computer interaction device or not if the process creating behavior belongs to the credit granting management tool list;
and the client determining unit is used for determining that the login behavior is the active operation behavior if the judgment result is yes.
8. The apparatus of claim 6, wherein before the client determines whether the logging behavior of the code repository is an active operation behavior, the apparatus further comprises:
the client sending module is further used for the client sending an acquisition request of a management list of the code warehouse, and the trust management tool list is stored in the Web management center;
and the Web management center sending module is also used for sending the credit granting management tool list to the client by the Web management center.
9. A storage medium having stored therein at least one executable instruction that causes a processor to perform operations corresponding to a method of login protection of a code repository according to any of claims 1-7.
10. A computer device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the login protection method of the code warehouse according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755864.7A CN112395562B (en) | 2019-08-15 | 2019-08-15 | Login protection method and device for code warehouse |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755864.7A CN112395562B (en) | 2019-08-15 | 2019-08-15 | Login protection method and device for code warehouse |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112395562A true CN112395562A (en) | 2021-02-23 |
| CN112395562B CN112395562B (en) | 2022-07-05 |
Family
ID=74601790
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910755864.7A Active CN112395562B (en) | 2019-08-15 | 2019-08-15 | Login protection method and device for code warehouse |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112395562B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801728A (en) * | 2012-08-13 | 2012-11-28 | 汉柏科技有限公司 | Management method and system for automatic login of client side |
| US20150341356A1 (en) * | 2014-05-26 | 2015-11-26 | Netease Information Technology(Beijing) Co., Ltd. | Login method and apparatus |
| CN106899548A (en) * | 2015-12-17 | 2017-06-27 | 北京奇虎科技有限公司 | A kind of IP address modification method and device |
| CN107295088A (en) * | 2017-06-29 | 2017-10-24 | 广东神马搜索科技有限公司 | Get information monitoring method, device and client ready |
-
2019
- 2019-08-15 CN CN201910755864.7A patent/CN112395562B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801728A (en) * | 2012-08-13 | 2012-11-28 | 汉柏科技有限公司 | Management method and system for automatic login of client side |
| US20150341356A1 (en) * | 2014-05-26 | 2015-11-26 | Netease Information Technology(Beijing) Co., Ltd. | Login method and apparatus |
| CN106899548A (en) * | 2015-12-17 | 2017-06-27 | 北京奇虎科技有限公司 | A kind of IP address modification method and device |
| CN107295088A (en) * | 2017-06-29 | 2017-10-24 | 广东神马搜索科技有限公司 | Get information monitoring method, device and client ready |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112395562B (en) | 2022-07-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220294830A1 (en) | Distributed cloud-based security systems and methods | |
| US10057282B2 (en) | Detecting and reacting to malicious activity in decrypted application data | |
| KR102429633B1 (en) | Automatic login method and device between multiple websites | |
| US10778444B2 (en) | Devices and methods for application attestation | |
| US8959650B1 (en) | Validating association of client devices with sessions | |
| US9027086B2 (en) | Securing organizational computing assets over a network using virtual domains | |
| EP1914658B1 (en) | Identity controlled data center | |
| US8375425B2 (en) | Password expiration based on vulnerability detection | |
| US20120151559A1 (en) | Threat Detection in a Data Processing System | |
| JPH09128337A (en) | Method and apparatus for protection of masquerade attack in computer network | |
| KR102020178B1 (en) | Fire wall system for dynamic control of security policy | |
| KR20190120899A (en) | Single Sign-On Method Using Browser Fingerprint | |
| CN111935095A (en) | Source code leakage monitoring method and device and computer storage medium | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| CN111737232A (en) | Database management method, system, device, equipment and computer storage medium | |
| CN111460410A (en) | Server login method, device and system and computer readable storage medium | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| CN107276967B (en) | Distributed system and login verification method thereof | |
| CN113922975A (en) | Security control method, server, terminal, system and storage medium | |
| CN112395562B (en) | Login protection method and device for code warehouse | |
| US11177958B2 (en) | Protection of authentication tokens | |
| US10785213B2 (en) | Continuous authentication | |
| US10412097B1 (en) | Method and system for providing distributed authentication | |
| JP6842951B2 (en) | Unauthorized access detectors, programs and methods | |
| CN112104625B (en) | Process access control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |