CN112395591A - Encryption method and system - Google Patents
Encryption method and system Download PDFInfo
- Publication number
- CN112395591A CN112395591A CN202011288206.0A CN202011288206A CN112395591A CN 112395591 A CN112395591 A CN 112395591A CN 202011288206 A CN202011288206 A CN 202011288206A CN 112395591 A CN112395591 A CN 112395591A
- Authority
- CN
- China
- Prior art keywords
- encryption
- database protocol
- database
- script
- task
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention aims to provide a secret-improving method and a secret-improving system, which can be based on a B/S framework and mainly comprise a foreground operation and maintenance management page, a background secret-improving service program, a database protocol secret-improving script and a database protocol secret-checking script. By adopting the automatic database encryption technology, the invention greatly reduces the operation difficulty and complexity of the client database, simultaneously prevents the problems of misoperation, password forgetting, password recording error, encryption changing and forgetting a certain device and the like of a user, can reduce the labor cost of the client, avoids the confusion of account management, can improve the security of the database account, realizes the simple management of the database account, and improves the security of the database operation.
Description
Technical Field
The invention relates to the field of computers, in particular to a method and a system for improving encryption.
Background
With the rapid development of internet information technology, various information systems are in endless, and the types of IT equipment in charge of an IT operation and maintenance department are more and more, and more account numbers need to be managed. The prior art cannot meet the current requirements by directly carrying out periodic secret-changing on equipment by manpower alone. Under such circumstances, various operation and maintenance management systems have been developed.
The operation and maintenance management system is used as a middle layer of the operation and maintenance client and the operation and maintenance target device, and the most core part of the operation and maintenance management system is an agent of the equipment asset management and operation and maintenance process. In the prior art of this function, usually, the operation and maintenance client is in butt joint with the operation and maintenance management system, and the operation and maintenance management system is in butt joint with the target device, so that the operation information of the client can smoothly pass through the target device of the operation and maintenance management system, and the management system manages the assets of the target device.
In the existing operation and maintenance management system, the asset management of the existing operation and maintenance management system is limited to encryption of asset account numbers such as linux, windows, network equipment and the like, then account number management of a database is still lack, the existing database assets are more and more, and if periodical encryption changing is not carried out, the hidden danger of stealing exists. If the password is changed, the administrator needs a lot of time to manually change the password of the database. Password management after encryption is also problematic, and the database asset account is required to be uploaded to various management systems again, which is very troublesome.
Disclosure of Invention
An object of the present invention is to provide an improved encryption method and system.
According to an aspect of the present invention, there is provided an encryption method, the method comprising:
the client management page acquires the encryption task and writes the encryption task into an encryption database;
the background encryption changing service program calls a corresponding database protocol encryption changing script based on the encryption changing task, and the database protocol encryption changing script carries out encryption changing on a database protocol to be encrypted so as to obtain a new password;
and calling a corresponding database protocol password verification script by the background password changing service program, and logging in the system of the database protocol to be changed with the new password by the database protocol password verification script to verify the new password.
Further, in the above method, the encryption task further includes: the initial encryption time, the encryption period, the complexity of the password and the account information of the database protocol needing encryption.
Further, in the above method, the step of calling, by the background encryption changing service program, the corresponding database protocol encryption changing script based on the encryption changing task, and encrypting the database protocol to be encrypted by the database protocol encryption changing script to obtain the new password includes:
the background secret-changing service program checks the account information of the database protocol in the secret-changing task,
if the account information of the database conforms to a preset rule, the background encryption changing service routine calls a corresponding database protocol encryption changing script based on the encryption changing task, and the database protocol encryption changing script carries out encryption changing on a database protocol to be encrypted so as to obtain a new password.
Further, in the above method, the invoking, by the background encryption service program, the corresponding database protocol encryption script based on the encryption task includes:
the background secret-changing service program determines the time of the secret-changing task based on the initial secret-changing time and the secret-changing period in the secret-changing task, and detects all the secret-changing tasks at regular time,
and if a certain encryption task reaches the encryption task time of the database protocol, calling a corresponding database protocol encryption script based on the account information of the database protocol in the encryption task.
Further, in the above method, the encrypting the database protocol to be encrypted by the database protocol encryption script to obtain a new password includes:
the database encryption script firstly logs in a system of a database protocol through an original password of the database protocol to be encrypted,
if the original password fails to log in, the original password is wrong;
if the original password is successfully logged in, the database protocol encryption script calls an encryption sentence of the database protocol to carry out encryption so as to obtain a new password, and the new password is returned to the background encryption service program.
Further, in the above method, the step of logging in the database protocol to be encrypted by the new password for new password verification by the database protocol encryption verification script includes:
the database protocol password verifying script respectively adopts the original password and the new password to log in the system of the database protocol to be encrypted,
if the new password is successfully logged in, the new password is saved;
and if the old password is successfully logged in, saving the old password.
According to another aspect of the present invention, there is also provided an encryption system, wherein the system comprises:
the client management page is used for acquiring the encryption task and writing the encryption task into the encryption database;
the background encryption changing service program is used for calling a corresponding database protocol encryption changing script based on the encryption changing task, and the database protocol encryption changing script carries out encryption changing on a database protocol to be encrypted so as to obtain a new password; and calling a corresponding database protocol encryption verification script, wherein the database protocol encryption verification script is adopted.
According to another aspect of the present invention, there is also provided a computer readable medium having computer readable instructions stored thereon, the computer readable instructions being executable by a processor to implement the method of any one of the above.
According to another aspect of the present invention, there is also provided an apparatus for information processing at a network device, the apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform any of the methods described above.
Compared with the prior art, the method can be based on a B/S framework and mainly comprises a foreground operation and maintenance management page, a background encryption changing service program, a database protocol encryption changing script and a database protocol encryption verifying script. By adopting the automatic database encryption technology, the invention greatly reduces the operation difficulty and complexity of the client database, simultaneously prevents the problems of misoperation, password forgetting, password recording error, encryption changing and forgetting a certain device and the like of a user, can reduce the labor cost of the client, avoids the confusion of account management, can improve the security of the database account, realizes the simple management of the database account, and improves the security of the database operation.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1 shows a schematic diagram of an encryption method according to an embodiment of the present invention.
The same or similar reference numbers in the drawings identify the same or similar elements.
Detailed Description
The present invention is described in further detail below with reference to the attached drawing figures.
In a typical configuration of the present application, the terminal, the device serving the network, and the trusted party each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transient media), such as modulated data signals and carrier waves.
As shown in fig. 1, the present invention provides a method of improving encryption, the method comprising:
step S1, the client management page acquires the encryption task and writes the encryption task into the encryption database;
step S2, the background encryption changing service program calls a corresponding database protocol encryption changing script based on the encryption changing task, and the database protocol encryption changing script changes the encryption of the database protocol to be encrypted to obtain a new password;
and step S3, the background encryption changing service program calls a corresponding database protocol encryption verifying script, and the database protocol encryption verifying script adopts the new password to log in the system of the database protocol to be encrypted for new password verification.
The invention can be based on a B/S framework and mainly comprises a foreground operation and maintenance management page, a background encryption service program, a database protocol encryption script and a database protocol encryption verification script. By adopting the automatic database encryption technology, the invention greatly reduces the operation difficulty and complexity of the client database, simultaneously prevents the problems of misoperation, password forgetting, password recording error, encryption changing and forgetting a certain device and the like of a user, can reduce the labor cost of the client, avoids the confusion of account management, can improve the security of the database account, realizes the simple management of the database account, and improves the security of the database operation.
In an embodiment of the encryption method of the present invention, the encryption task further includes: the initial encryption time, the encryption period, the complexity of the password and the account information of the database protocol needing encryption.
Here, a secret modification task, initial secret modification time, a secret modification period, complexity of a password, and account information (an IP of a database protocol, a port of the database protocol, a type of the database protocol, an instance of the database protocol, a name of the database protocol, an account of the database protocol, etc.) associated with the account information that needs secret modification may be added to a client management page of a foreground, and associated data may be written into a secret modification database for storage, so that the secret modification task is established.
The client management page of the foreground is mainly responsible for collecting information of the operation and maintenance target machine, and the information mainly comprises an ip address of the target machine to be managed with the database, port information, a used protocol type, a database instance, a database name and a database account password. And meanwhile, a password verification button is provided to ensure that the database account is correct. And providing a timing task, and associating the information of the database account needing to be encrypted. The interaction process of foreground and background can use the web server which is popular at present, such as lighttpd, nginx, apach, etc.
In an embodiment of the encryption method of the present invention, in step S2, the background encryption server invokes a corresponding database protocol encryption script based on the encryption task, and the database protocol encryption script encrypts the database protocol to be encrypted to obtain a new password, where the method includes:
the background secret-changing service program checks the account information of the database protocol in the secret-changing task,
if the account information of the database conforms to a preset rule, the background encryption changing service routine calls a corresponding database protocol encryption changing script based on the encryption changing task, and the database protocol encryption changing script carries out encryption changing on a database protocol to be encrypted so as to obtain a new password.
Here, the background encryption service: and the system is responsible for carrying out information interaction with a foreground management page, verifying the acquired information, and if the account information of the database conforms to the rule, carrying out encryption modification on the database protocol.
In an embodiment of the encryption method of the present invention, in step S2, the background encryption service program invokes a corresponding database protocol encryption script based on the encryption task, including:
the background secret-changing service program determines the time of the secret-changing task based on the initial secret-changing time and the secret-changing period in the secret-changing task, and detects all the secret-changing tasks at regular time,
and if a certain encryption task reaches the encryption task time of the database protocol, calling a corresponding database protocol encryption script based on the account information of the database protocol in the encryption task.
The background encryption changing service program regularly detects all encryption changing tasks based on the initial encryption changing time and the encryption changing period, if a certain encryption changing task reaches the encryption changing task time of the database protocol, the account information of the database protocol needing encryption changing is taken out, and the related database encryption changing script is called according to the type of the database needing encryption changing.
In an embodiment of the encryption method of the present invention, in step S2, the encrypting script of the database protocol encrypts the database protocol to be encrypted to obtain a new password, including:
the database encryption script firstly logs in a system of a database protocol through an original password of the database protocol to be encrypted,
if the original password fails to log in, the original password is wrong;
if the original password is successfully logged in, the database protocol encryption script calls an encryption sentence of the database protocol to carry out encryption so as to obtain a new password, and the new password is returned to the background encryption service program.
The database protocol encryption script is mainly responsible for encrypting various database protocols. Different information can be returned to the background encryption service program according to the encryption result.
In an embodiment of the encryption method of the present invention, in step S3, the step of logging in the database protocol to be encrypted by the database protocol encryption verification script using the new password to perform new password verification includes:
the database protocol password verifying script respectively adopts the original password and the new password to log in the system of the database protocol to be encrypted,
if the new password is successfully logged in, the new password is saved;
and if the old password is successfully logged in, saving the old password.
Here, the database protocol encryption script: the method is mainly responsible for verifying or rolling back various database protocols with modified passwords.
And the abnormal password changing is prevented, the database password verification script performs login verification on the new password and the old password once, and if the new password is successful, the new password is stored. If the old password is successful, the old password is saved.
According to another aspect of the present invention, there is also provided an encryption system, wherein the system comprises:
the client management page is used for acquiring the encryption task and writing the encryption task into the encryption database;
the background encryption changing service program is used for calling a corresponding database protocol encryption changing script based on the encryption changing task, and the database protocol encryption changing script carries out encryption changing on a database protocol to be encrypted so as to obtain a new password; and calling a corresponding database protocol encryption verification script, wherein the database protocol encryption verification script is adopted.
According to another aspect of the present invention, there is also provided a computer readable medium having computer readable instructions stored thereon, the computer readable instructions being executable by a processor to implement the method of any one of the above.
According to another aspect of the present invention, there is also provided an apparatus for information processing at a network device, the apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform any of the methods described above.
For details of embodiments of each device and storage medium of the present invention, reference may be made to corresponding parts of each method embodiment, and details are not described herein again.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
It should be noted that the present invention may be implemented in software and/or in a combination of software and hardware, for example, as an Application Specific Integrated Circuit (ASIC), a general purpose computer or any other similar hardware device. In one embodiment, the software program of the present invention may be executed by a processor to implement the steps or functions described above. Also, the software programs (including associated data structures) of the present invention can be stored in a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. Further, some of the steps or functions of the present invention may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
In addition, some of the present invention can be applied as a computer program product, such as computer program instructions, which when executed by a computer, can invoke or provide the method and/or technical solution according to the present invention through the operation of the computer. Program instructions which invoke the methods of the present invention may be stored on a fixed or removable recording medium and/or transmitted via a data stream on a broadcast or other signal-bearing medium and/or stored within a working memory of a computer device operating in accordance with the program instructions. An embodiment according to the invention herein comprises an apparatus comprising a memory for storing computer program instructions and a processor for executing the program instructions, wherein the computer program instructions, when executed by the processor, trigger the apparatus to perform a method and/or solution according to embodiments of the invention as described above.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.
Claims (9)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011288206.0A CN112395591A (en) | 2020-11-17 | 2020-11-17 | Encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011288206.0A CN112395591A (en) | 2020-11-17 | 2020-11-17 | Encryption method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112395591A true CN112395591A (en) | 2021-02-23 |
Family
ID=74606041
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011288206.0A Pending CN112395591A (en) | 2020-11-17 | 2020-11-17 | Encryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112395591A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114091010A (en) * | 2021-11-30 | 2022-02-25 | 北京天融信网络安全技术有限公司 | Encryption self-adaptive optimization method and device, electronic equipment and storage medium |
| CN114553609A (en) * | 2022-04-24 | 2022-05-27 | 北京圣博润高新技术股份有限公司 | Linux-based remote equipment account number encryption method, device, equipment and medium |
| CN114969715A (en) * | 2022-05-11 | 2022-08-30 | 北京圣博润高新技术股份有限公司 | Encryption method, device, equipment and medium for WEB site |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106021497A (en) * | 2016-05-23 | 2016-10-12 | 中国银联股份有限公司 | Database access password management method |
| CN107423638A (en) * | 2017-08-02 | 2017-12-01 | 成都安恒信息技术有限公司 | A kind of password management system and application method based on order detection type Modify password |
| CN108712247A (en) * | 2018-05-16 | 2018-10-26 | 成都天翼空间科技有限公司 | Server account cipher management method, system and server |
| CN109308285A (en) * | 2018-10-11 | 2019-02-05 | 平安科技(深圳)有限公司 | Database script management method, device, computer equipment and storage medium |
| CN110401529A (en) * | 2019-07-23 | 2019-11-01 | 南瑞集团有限公司 | A password management method |
| CN111010397A (en) * | 2019-12-18 | 2020-04-14 | 吉林亿联银行股份有限公司 | Database password modification method and device |
| CN111177112A (en) * | 2019-12-06 | 2020-05-19 | 陕西上讯信息技术有限公司 | Database blocking method and device based on operation and maintenance management system and electronic equipment |
| CN111786780A (en) * | 2020-06-23 | 2020-10-16 | 北京思特奇信息技术股份有限公司 | Method, system, medium and equipment for secure password use of shell script |
-
2020
- 2020-11-17 CN CN202011288206.0A patent/CN112395591A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106021497A (en) * | 2016-05-23 | 2016-10-12 | 中国银联股份有限公司 | Database access password management method |
| CN107423638A (en) * | 2017-08-02 | 2017-12-01 | 成都安恒信息技术有限公司 | A kind of password management system and application method based on order detection type Modify password |
| CN108712247A (en) * | 2018-05-16 | 2018-10-26 | 成都天翼空间科技有限公司 | Server account cipher management method, system and server |
| CN109308285A (en) * | 2018-10-11 | 2019-02-05 | 平安科技(深圳)有限公司 | Database script management method, device, computer equipment and storage medium |
| CN110401529A (en) * | 2019-07-23 | 2019-11-01 | 南瑞集团有限公司 | A password management method |
| CN111177112A (en) * | 2019-12-06 | 2020-05-19 | 陕西上讯信息技术有限公司 | Database blocking method and device based on operation and maintenance management system and electronic equipment |
| CN111010397A (en) * | 2019-12-18 | 2020-04-14 | 吉林亿联银行股份有限公司 | Database password modification method and device |
| CN111786780A (en) * | 2020-06-23 | 2020-10-16 | 北京思特奇信息技术股份有限公司 | Method, system, medium and equipment for secure password use of shell script |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114091010A (en) * | 2021-11-30 | 2022-02-25 | 北京天融信网络安全技术有限公司 | Encryption self-adaptive optimization method and device, electronic equipment and storage medium |
| CN114553609A (en) * | 2022-04-24 | 2022-05-27 | 北京圣博润高新技术股份有限公司 | Linux-based remote equipment account number encryption method, device, equipment and medium |
| CN114553609B (en) * | 2022-04-24 | 2022-08-16 | 北京圣博润高新技术股份有限公司 | Linux-based remote equipment account number encryption method, device, equipment and medium |
| CN114969715A (en) * | 2022-05-11 | 2022-08-30 | 北京圣博润高新技术股份有限公司 | Encryption method, device, equipment and medium for WEB site |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11627054B1 (en) | Methods and systems to manage data objects in a cloud computing environment | |
| US10467426B1 (en) | Methods and systems to manage data objects in a cloud computing environment | |
| US10318285B1 (en) | Deployment of infrastructure in pipelines | |
| US9705855B2 (en) | Secure data destruction in a distributed environment using key protection mechanisms | |
| US10375013B2 (en) | Managed directory service connection | |
| US20140237293A1 (en) | Application monitoring through continuous record and replay | |
| CN112395591A (en) | Encryption method and system | |
| JP2017539017A (en) | Identity infrastructure as a service | |
| US9146841B2 (en) | Proxy server assisted product testing | |
| CN107092535B (en) | Method and apparatus for data storage of test interface | |
| WO2022116761A1 (en) | Self auditing blockchain | |
| CN110968760A (en) | Webpage data crawling method and device, and webpage login method and device | |
| CN113132363A (en) | Front-end and back-end security verification method and equipment | |
| CN112115436B (en) | AD domain account password modification method and device | |
| CN115118434A (en) | Blockchain-based key management method and device | |
| CN110555682A (en) | multi-channel implementation method based on alliance chain | |
| US20230246814A1 (en) | Data intermediary registry security | |
| WO2022121673A1 (en) | Decentralized broadcast encryption and key generation facility | |
| CN116107781A (en) | Log tracking method, device, electronic equipment and computer program product | |
| GB2623225A (en) | Method, system, and apparatus for securely sharing video stream, and storage medium | |
| CN110851851B (en) | Authority management method, device and equipment in block chain type account book | |
| US20220164729A1 (en) | Automated control compliance evidence manager using a secure distributed ledger | |
| CN111291393A (en) | Request checking method and device | |
| CN113190820A (en) | Fingerprint login method and device based on bastion machine | |
| CN116781392A (en) | Login method, device, system and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210223 |