CN113032831A - Database query method, device and system, computer equipment and storage medium - Google Patents
Database query method, device and system, computer equipment and storage medium Download PDFInfo
- Publication number
- CN113032831A CN113032831A CN202110336668.3A CN202110336668A CN113032831A CN 113032831 A CN113032831 A CN 113032831A CN 202110336668 A CN202110336668 A CN 202110336668A CN 113032831 A CN113032831 A CN 113032831A
- Authority
- CN
- China
- Prior art keywords
- application system
- database cluster
- user
- execution plan
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004590 computer program Methods 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 11
- 238000012545 processing Methods 0.000 description 9
- 230000006399 behavior Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a database query method, a device and a system, computer equipment and a storage medium, wherein the query method comprises the following steps: acquiring an authentication token and an HQL statement of a user; acquiring connection information from an application system by using the authentication token and establishing connection with the database cluster according to the connection information; sending the HQL statement to an application system; judging whether an authentication result returned by the application system comprises an execution plan, if so, sending the execution plan to the database cluster; and receiving an execution result returned by the database cluster. The query method provided by the invention obtains the authentication token of the user through the tool kit and obtains the connection information for connecting with the database cluster from the application system according to the authentication token, and the connection information is uniformly managed by the application system, so that the problem that the password of the cluster user is easy to leak is solved, and the information of the user can be traced according to the authentication token, so that the problem that a specific executor is difficult to locate is solved.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a database query method, apparatus, system, computer device, and storage medium.
Background
With the development of science and technology, the internet and the internet of things are widely applied, and the application of big data in the internet and the internet of things is the core technology of the internet and the internet of things, at present, the valuable data in the world is exponentially increased, the dependence degree of the society on the big data is more and more large, wherein the value of the deep data is continuously and prominently displayed, so that the deep requirements of users are quickly and efficiently mined from the big data, and the effective productivity of the data in the big data era is the most valuable embodiment of the big data. At present, Jupyter is a relatively friendly, practical and convenient tool, and brings indispensable advantages for mining user requirements. But when the tool is used for acquiring data from a cluster for analysis, the cluster user password is easy to leak, and the specific executor is difficult to locate.
Disclosure of Invention
In order to solve the defects of the prior art, the invention provides a database query method, a database query device, a database query system, computer equipment and a storage medium, which can solve the problems that a cluster user password is easy to leak and a specific executor is difficult to locate.
The specific technical scheme provided by the invention is as follows: provided is a database query method, which comprises the following steps:
acquiring an authentication token and an HQL statement of a user;
acquiring connection information from an application system by using the authentication token and establishing connection with a database cluster according to the connection information;
sending the HQL statement to the application system so that the application system can authenticate a user according to the HQL statement;
judging whether an authentication result returned by the application system comprises an execution plan, if so, sending the execution plan to the database cluster;
and receiving an execution result returned by the database cluster.
Further, acquiring connection information from an application system by using the authentication token and establishing connection with a database cluster according to the connection information, including:
sending the authentication token to an application system and receiving an authentication result returned by the application system;
judging whether the authentication result comprises connection information or not;
and if so, establishing connection with the database cluster according to the connection information.
Further, sending the execution plan to the database cluster, including:
and sending the execution plan to the database cluster and sending an execution record to the application system so that the application system can record the execution plan.
Further, after receiving the execution result returned by the database cluster, the query method further includes:
judging whether the task execution result is to modify the table;
and if so, updating the authority information of the user and sending the updated authority information to the application system so that the application system can update the information of the user synchronously.
The invention also provides a database query device, which comprises:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring an authentication token and an HQL statement of a user;
the second acquisition module is used for acquiring the connection information from the application system by using the authentication token;
the connection module is used for establishing connection with the database cluster according to the connection information;
the sending module is used for sending the HQL sentences to the application system so that the application system can authenticate users according to the HQL sentences;
the judging module is used for judging whether the authentication result returned by the application system comprises an execution plan or not and sending the execution plan to the database cluster when the authentication result returned by the application system comprises the execution plan;
and the receiving module is used for receiving the execution result returned by the database cluster.
The invention also provides a database query system, which comprises a toolkit, an application system and a database cluster, wherein the toolkit is the query device.
The invention also provides a database query method, which is applied to the query system and comprises the following steps:
the toolkit acquires an authentication token and an HQL statement of a user and sends the authentication token to the application system;
the application system sends connection information to the tool kit according to the authentication token;
the toolkit establishes connection with the database cluster according to the connection information;
the tool bag sends the HQL statement to the application system;
the application system authenticates the user according to the HQL statement and sends an authentication result to the toolkit;
the tool kit judges whether an authentication result returned by the application system comprises an execution plan, and if so, the execution plan is sent to the database cluster;
and the database cluster obtains an execution result according to the execution plan and sends the execution result to the tool kit.
Further, the sending, by the application system, connection information to the toolkit according to the authentication token includes:
receiving an authentication token sent by a tool kit;
and judging whether the authentication token is the same as a pre-stored authentication token, and if so, sending an authentication result containing connection information to the tool kit.
Further, the tool kit establishing a connection with the database cluster according to the connection information, including:
judging whether the authentication result returned by the application system comprises connection information or not;
and if so, establishing connection with the database cluster according to the connection information.
Further, the authenticating the user according to the HQL statement and sending the authentication result to the toolkit by the application system includes:
analyzing the HQL statement to obtain an execution plan, wherein the execution plan comprises the operation type and table information of a user;
judging whether the operation type belongs to a pre-stored operation type;
and if the execution plan belongs to the tool kit, sending the authentication result containing the execution plan to the tool kit.
Further, the tool kit determines whether an authentication result returned by the application system includes an execution plan, and if yes, sends the execution plan to the database cluster, including:
the tool kit judges whether an authentication result returned by the application system comprises an execution plan, if so, the execution plan is sent to the database cluster and an execution record is sent to the application system;
and the application system records the execution plan according to the execution record.
Further, after the database cluster obtains an execution result according to the execution plan and sends the execution result to the toolkit, the query method further includes:
the tool package judges whether the task execution result is to modify the table, if so, the tool package updates the authority information of the user and sends the updated authority information to the application system;
and the application system synchronously updates the information of the user according to the updated authority information.
The invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory, characterized in that the processor executes the computer program to implement the query method as described above.
The present invention also provides a computer readable storage medium having stored thereon computer instructions, wherein the computer instructions, when executed by a processor, implement the query method as described above.
The query method provided by the invention obtains the authentication token of the user through the tool kit and obtains the connection information for connecting with the database cluster from the application system according to the authentication token, and the connection information is uniformly managed by the application system, so that the problem that the password of the cluster user is easy to leak is solved, and because each user has a unique authentication token, the information of the user can be traced back according to the authentication token, so that the problem that a specific executor is difficult to locate is solved.
Drawings
The technical solution and other advantages of the present invention will become apparent from the following detailed description of the embodiments of the present invention, which is to be read in connection with the accompanying drawings.
FIG. 1 is a flowchart illustrating a query method according to a first embodiment of the present invention;
FIG. 2 is a schematic structural diagram of a query device according to a first embodiment of the present invention;
FIG. 3 is a schematic structural diagram of a query system according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device in the third embodiment of the present invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the specific embodiments set forth herein. Rather, these embodiments are provided to explain the principles of the invention and its practical application to thereby enable others skilled in the art to understand the invention for various embodiments and with various modifications as are suited to the particular use contemplated. In the drawings, like reference numerals will be used to refer to like elements throughout.
Example one
Referring to fig. 1, the query method of the database provided in this embodiment is applied to a toolkit, and the query method includes the steps of:
s1, acquiring an authentication token and an HQL statement of a user;
s2, acquiring connection information from the application system by using the authentication token and establishing connection with the database cluster according to the connection information;
s3, sending the HQL statement to an application system so that the application system can authenticate the user according to the HQL statement;
s4, judging whether the authentication result returned by the application system comprises an execution plan, if so, sending the execution plan to a database cluster;
and S5, receiving an execution result returned by the database cluster.
The tool package in this embodiment refers to an encapsulated Python tool package, and the tool package is configured to receive an authentication token (token) of a user, where the token is a character string randomly generated by an application system when the user first sends a request to the application system, the character string is subsequently used as a token of the user and stored in the application system, each user corresponds to a unique token, and the user needs to request data from the application system through the token.
The token is transmitted into an application system through a tool kit, and connection information is acquired from the application system by using the token, wherein the connection information is used for establishing connection with a database cluster, the connection information refers to a user name and a password of a user in the database cluster, and the user name and the password in the database cluster can be connected to the database cluster after being acquired. The database cluster in this embodiment is a hive database.
Specifically, after the token is sent to the application system by the toolkit, the application system needs to authenticate the token of the user and return an authentication result to the toolkit, where the authentication process is to determine whether the input token is the same as the token of the user pre-stored in the application system, if so, the application system returns the authentication result including the connection information to the toolkit, and if not, the application system returns the authentication result including the error information to the toolkit.
Correspondingly, after receiving the authentication result returned by the application system, the toolkit needs to determine whether the authentication result includes the connection information, that is, step S2 includes:
s21, sending the token to the application system and receiving the authentication result sent by the application system;
s22, judging whether the authentication result includes connection information; if yes, go to step S23;
and S23, establishing connection with the database cluster according to the connection information.
In this embodiment, when the authentication result returned by the application system includes an execution plan, the toolkit sends the execution plan to the database cluster and sends the execution record to the application system at the same time, so that the application system records the execution plan, and thus, when the behavior of the user is an aggressive operation, the behavior of the user can be recorded so as to be called in a subsequent trace, and thus the problem that the behavior of the user cannot be recorded in the process of performing the aggressive operation is solved.
After step S5, the query method in this embodiment further includes:
s6, judging whether the task execution result is to modify the table, if yes, entering the step S7;
and S7, updating the authority information of the user and sending the updated authority information to the application system so that the application system can update the information of the user synchronously.
In step S6, because each user name corresponds to a plurality of tables, when the task execution result is that one of the tables under the user name is modified, the authority information of the user is directly updated, specifically, the authority information of the user is modified to have write authority for all the tables under the user name, so that it is not necessary to repeat an authorization operation for each table under the user name, and the data processing efficiency is effectively improved. If the task execution result is only the query table, the authority information of the user does not need to be updated.
In this embodiment, if the authentication result returned by the application system does not include the connection information, or the authentication result returned by the application system does not include the execution plan, the method proceeds to the following steps:
and S8, finishing the query.
When the authentication result returned by the application system does not include the execution plan, the tool kit also prompts that the user does not have the authority.
In the query method provided by the embodiment, the token of the user is obtained, and the connection information for connecting the database cluster is obtained from the application system according to the token, so that the problem that the password of the cluster user is easy to leak is solved because the connection information is uniformly managed by the application system, and the information of the user can be traced back according to the token because each user has the unique token, thereby solving the problem that a specific executor is difficult to locate.
Referring to fig. 2, the present embodiment further provides a query device for a database, where the query device is the above-mentioned kit, and specifically, the query device includes a first obtaining module 1, a second obtaining module 2, a connecting module 3, a sending module 4, a determining module 5, and a receiving module 6.
The system comprises a first acquisition module 1, a second acquisition module 2, a connection module 3 and a sending module 4, wherein the first acquisition module is used for acquiring token and HQL sentences of a user from an application system by using the token, the second acquisition module is used for acquiring connection information from the application system by using the token, the connection module 3 is used for establishing connection with a database cluster according to the connection information, the sending module 4 is used for sending the HQL sentences to the application system, the sending module 4 is an REST interface, a query device transmits the HQL sentences into the application system through the REST interface so that the application system authenticates the user according to the HQL sentences, the judging module 5 is used for judging whether an authentication result returned by the application system comprises an execution plan and sending the execution plan to the cluster when the authentication result returned by the application system comprises the execution plan, and the receiving module 6 is used for receiving the.
Preferably, the second obtaining module 2 is further configured to receive an authentication result returned by the application system, and the determining module 5 is further configured to determine whether the authentication result includes connection information, and send the execution plan to the database cluster and send the execution record to the application system at the same time.
The judging module 5 in this embodiment is further configured to judge whether the task execution result modifies the table, and the querying device further includes an updating module 7, which is configured to update the authority information of the user and send the updated authority information to the application system when the judging module 5 judges that the task execution result modifies the table, so that the application system updates the information of the user synchronously.
Example two
Referring to fig. 3, the query method of the database provided in this embodiment is applied to a query system, the structure of the query system is shown in fig. 3, and the query system includes a toolkit, an application system, and a database cluster, where the toolkit in this embodiment is a query device in the first embodiment, and the query method includes the steps of:
s1, acquiring a token and an HQL statement of the user by a tool pack and sending the token to an application system;
s2, the application system sends the connection information to a tool kit according to the token;
s3, the tool kit establishes connection with the database cluster according to the connection information;
s4, sending the HQL statement to an application system by the tool bag;
s5, the application system authenticates the user according to the HQL statement and sends the authentication result to the tool bag;
s6, the tool kit judges whether the authentication result returned by the application system includes an execution plan, if yes, the step S7 is carried out;
s7, sending the execution plan to a database cluster;
and S8, the database cluster obtains an execution result according to the execution plan and sends the execution result to the tool kit.
The tool package in this embodiment refers to an encapsulated Python tool package, and the tool package is configured to receive an authentication token (token) of a user, where the token is a character string randomly generated by an application system when the user first sends a request to the application system, the character string is subsequently used as a token of the user and stored in the application system, each user corresponds to a unique token, and the user needs to request data from the application system through the token.
The token is transmitted into an application system through a tool kit, and connection information is acquired from the application system by using the token, wherein the connection information is used for establishing connection with a database cluster, the connection information refers to a user name and a password of a user in the database cluster, and the user name and the password in the database cluster can be connected to the database cluster after being acquired.
After the toolkit sends the token to the application system, the application system needs to authenticate the token of the user and return an authentication result to the toolkit, specifically, step S2 includes:
s21, receiving the authentication token sent by the tool kit;
s22, judging whether the authentication token is the same as the prestored authentication token, if so, entering the step S23;
s23, the authentication result including the connection information is sent to the tool kit.
The authentication process in this embodiment is to determine whether the input token is the same as the token of the user pre-stored in the application system, and if so, the application system returns the authentication result including the connection information to the toolkit.
In step S22, if the input token is not the same as the token of the user pre-stored in the application system, the method proceeds to the following steps:
s24: and sending the authentication result containing the error information to the tool kit.
After receiving the authentication result sent by the application system, the toolkit needs to determine whether the authentication result includes connection information, specifically, step S3 includes:
s31, judging whether the authentication result returned by the application system includes the connection information, if yes, entering the step S32;
and S32, establishing connection with the database cluster according to the connection information.
And after the tool kit is successfully connected to the database cluster according to the connection information, the tool kit sends the HQL statement to the application system through the REST interface.
When receiving the HQL statement sent by the toolkit, the application system needs to authenticate the user, that is, determine whether the user has the right to perform query and write operations, specifically, step S5 includes:
s51, analyzing the HQL statement to obtain an execution plan, wherein the execution plan comprises the operation type and table information of a user;
s52, judging whether the operation type belongs to a prestored operation type, and if so, entering the step S53;
and S53, sending the authentication result containing the execution plan to the tool kit.
In step S51, a parser is provided in the application system, the parser parses an HQL statement to obtain a syntax tree, and an execution plan corresponding to the HQL statement can be obtained according to the syntax tree, where the execution plan includes operation types and table information of the user, where the table information includes information such as a pattern name, a table name, and a column name, and a specific operation of the user can be known as query or write according to the operation type, and a target table that the user needs to query or write can be obtained according to the table information.
The application system stores user authority information, namely a pre-stored operation type in advance, and when the application system analyzes and obtains the user operation type, whether the user operation type belongs to the pre-stored operation type in the application system is judged, for example, the pre-stored operation type is query and write-in, and when the operation type obtained through analysis is query or write-in, the operation type can be obtained to belong to the pre-stored operation type.
After receiving the authentication result sent by the application system, the toolkit needs to judge whether the authentication is successful, that is, whether the user has the authority, wherein the toolkit identifies whether the authentication is successful by judging whether the authentication result returned by the application system includes an execution plan.
In this embodiment, when the toolkit determines that the authentication result returned by the application system includes an execution plan, the toolkit sends the execution plan to the database cluster and sends an execution record to the application system at the same time, and the application system records the execution plan according to the execution record, so that when the behavior of the user is an aggressive operation, the behavior of the user can be recorded for subsequent tracing, and thus the problem that the behavior of the user cannot be recorded when the aggressive operation is performed is solved.
After step 8, the query method in this embodiment further includes:
s9, the tool kit judges whether the task execution result is that the table is modified, if yes, the step S10 is executed;
s10, the tool kit updates the authority information of the user and sends the updated authority information to the application system;
and S11, the application system synchronously updates the information of the user according to the updated authority information.
In step S10, because each user name corresponds to a plurality of tables, when the task execution result is that one of the tables under the user name is modified, the authority information of the user is directly updated, specifically, the authority information of the user is modified to have write-in authority for all the tables under the user name, so that it is not necessary to repeat an operation of assigning authority for each table under the user name, and the data processing efficiency is effectively improved. If the task execution result is only the query table, the authority information of the user does not need to be updated.
In this embodiment, if the authentication result returned by the application system does not include the connection information, or the authentication result returned by the application system does not include the execution plan, the method proceeds to the following steps:
and S12, finishing the query.
In the embodiment, the HQL statement is analyzed and the user is authenticated through the application system, and the query is directly ended when the fact that the user does not have the authority is judged, so that the problem can be found before the execution plan is submitted to the database cluster, the system efficiency is improved, and the pressure of the database cluster is reduced. The toolkit may also prompt the user that the right to execute is not available when the user does not have the right.
In addition, in the embodiment, the authentication and the authorization of the user are completed by the application system, the execution plan is completed by the database cluster, and the authority control and the data operation are completed separately, so that the authority control data processing amount is small, the operation is simple, and the expandability is strong.
EXAMPLE III
Referring to fig. 4, the present embodiment provides a computer device, which includes a processor 200, a memory 201, and a network interface 202, where the memory 201 stores a computer program thereon, and the processor 200 executes the computer program to implement the query method according to the first embodiment.
The Memory 201 may include a Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory.
The processor 200 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the query method according to the first embodiment may be implemented by integrated logic circuits of hardware in the processor 200 or instructions in the form of software. The Processor 200 may also be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), etc., and may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component.
The memory 201 is used for storing a computer program, and the processor 200 executes the computer program to implement the query method according to the first embodiment after receiving the execution instruction.
The embodiment also provides a computer storage medium, in which a computer program is stored, and the processor 200 is configured to read and execute the computer program stored in the computer storage medium, so as to implement the query method according to the first embodiment.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer storage medium or transmitted from one computer storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer storage media may be any available media that can be accessed by a computer or a data storage device, such as a server, data center, etc., that incorporates one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing is directed to embodiments of the present application and it is noted that numerous modifications and adaptations may be made by those skilled in the art without departing from the principles of the present application and are intended to be within the scope of the present application.
Claims (14)
1. A query method for a database, the query method comprising:
acquiring an authentication token and an HQL statement of a user;
acquiring connection information from an application system by using the authentication token and establishing connection with a database cluster according to the connection information;
sending the HQL statement to the application system so that the application system can authenticate the user according to the HQL statement;
judging whether an authentication result returned by the application system comprises an execution plan, if so, sending the execution plan to the database cluster;
and receiving an execution result returned by the database cluster.
2. The query method of claim 1, wherein obtaining connection information from an application system using the authentication token and establishing a connection with a database cluster according to the connection information comprises:
sending the authentication token to an application system and receiving an authentication result returned by the application system;
judging whether the authentication result comprises connection information or not;
and if so, establishing connection with the database cluster according to the connection information.
3. The query method of claim 1, wherein sending the execution plan to the database cluster comprises:
and sending the execution plan to the database cluster and sending an execution record to the application system so that the application system can record the execution plan.
4. The query method of claim 1, after receiving the execution result returned by the database cluster, the query method further comprising:
judging whether the task execution result is to modify the table;
and if so, updating the authority information of the user and sending the updated authority information to the application system so that the application system can update the information of the user synchronously.
5. An apparatus for querying a database, the apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring an authentication token and an HQL statement of a user;
the second acquisition module is used for acquiring the connection information from the application system by using the authentication token;
the connection module is used for establishing connection with the database cluster according to the connection information;
the sending module is used for sending the HQL sentences to the application system so that the application system can authenticate users according to the HQL sentences;
the judging module is used for judging whether the authentication result returned by the application system comprises an execution plan or not and sending the execution plan to the database cluster when the authentication result returned by the application system comprises the execution plan;
and the receiving module is used for receiving the execution result returned by the database cluster.
6. A database query system, comprising a tool kit, an application system and a database cluster, wherein the tool kit is the query device according to claim 5.
7. A database query method applied to the query system of claim 6, the query method comprising:
the toolkit acquires an authentication token and an HQL statement of a user and sends the authentication token to the application system;
the application system sends connection information to the tool kit according to the authentication token;
the toolkit establishes connection with the database cluster according to the connection information;
the tool bag sends the HQL statement to the application system;
the application system authenticates the user according to the HQL statement and sends an authentication result to the toolkit;
the tool kit judges whether an authentication result returned by the application system comprises an execution plan, and if so, the execution plan is sent to the database cluster;
and the database cluster obtains an execution result according to the execution plan and sends the execution result to the tool kit.
8. The query method of claim 7, wherein the application system sends connection information to the toolkit according to the authentication token, comprising:
receiving an authentication token sent by a tool kit;
and judging whether the authentication token is the same as a pre-stored authentication token, and if so, sending an authentication result containing connection information to the tool kit.
9. The query method of claim 8, wherein the tool kit establishes a connection with the database cluster according to the connection information, and comprises:
judging whether the authentication result returned by the application system comprises connection information or not;
and if so, establishing connection with the database cluster according to the connection information.
10. The query method of claim 7, wherein the authenticating the user according to the HQL statement and sending the authentication result to the tool kit by the application system comprises:
analyzing the HQL statement to obtain an execution plan, wherein the execution plan comprises the operation type and table information of a user;
judging whether the operation type belongs to a pre-stored operation type;
and if the execution plan belongs to the tool kit, sending the authentication result containing the execution plan to the tool kit.
11. The query method of claim 7, wherein the toolkit determines whether an authentication result returned by the application system includes an execution plan, and if so, sends the execution plan to the database cluster, including:
the tool kit judges whether an authentication result returned by the application system comprises an execution plan, if so, the execution plan is sent to the database cluster and an execution record is sent to the application system;
and the application system records the execution plan according to the execution record.
12. The query method of claim 7, wherein after the database cluster obtains execution results according to the execution plan and sends the execution results to the toolkit, the query method further comprises:
the toolkit judges whether the task execution result is to modify the table, if so, the toolkit updates the authority information of the user and sends the updated authority information to the application system;
and the application system synchronously updates the information of the user according to the updated authority information.
13. A computer device comprising a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to implement the query method of any one of claims 1 to 4 or the query method of any one of claims 7 to 12.
14. A computer readable storage medium having computer instructions stored thereon, wherein the computer instructions, when executed by a processor, implement the query method of any one of claims 1-4 or claims 7-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110336668.3A CN113032831A (en) | 2021-03-29 | 2021-03-29 | Database query method, device and system, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110336668.3A CN113032831A (en) | 2021-03-29 | 2021-03-29 | Database query method, device and system, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113032831A true CN113032831A (en) | 2021-06-25 |
Family
ID=76452660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110336668.3A Pending CN113032831A (en) | 2021-03-29 | 2021-03-29 | Database query method, device and system, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113032831A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
| CN105677681A (en) * | 2014-11-21 | 2016-06-15 | 北京神州泰岳软件股份有限公司 | Data search method and device based on multiple databases |
| CN108280367A (en) * | 2018-01-22 | 2018-07-13 | 腾讯科技(深圳)有限公司 | Management method, device, computing device and the storage medium of data manipulation permission |
| CN110659418A (en) * | 2019-09-12 | 2020-01-07 | 北京达佳互联信息技术有限公司 | Content searching method and device, storage medium and computing equipment |
| CN111756752A (en) * | 2020-06-24 | 2020-10-09 | 北京金山云网络技术有限公司 | Method and device for controlling access authority of database and electronic equipment |
-
2021
- 2021-03-29 CN CN202110336668.3A patent/CN113032831A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101639882A (en) * | 2009-08-28 | 2010-02-03 | 华中科技大学 | Database security system based on storage encryption |
| CN105677681A (en) * | 2014-11-21 | 2016-06-15 | 北京神州泰岳软件股份有限公司 | Data search method and device based on multiple databases |
| CN108280367A (en) * | 2018-01-22 | 2018-07-13 | 腾讯科技(深圳)有限公司 | Management method, device, computing device and the storage medium of data manipulation permission |
| CN110659418A (en) * | 2019-09-12 | 2020-01-07 | 北京达佳互联信息技术有限公司 | Content searching method and device, storage medium and computing equipment |
| CN111756752A (en) * | 2020-06-24 | 2020-10-09 | 北京金山云网络技术有限公司 | Method and device for controlling access authority of database and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107122258B (en) | Method and equipment for checking state code of test interface | |
| CN107122296B (en) | Method and apparatus for data assertion for test interface | |
| CN107092535B (en) | Method and apparatus for data storage of test interface | |
| CN107193593B (en) | Upgrading method of upgradable file, set top box and storage medium | |
| CN110084486B (en) | Resource management method and device | |
| CN104408118A (en) | Database establishing method and device | |
| CN111124480B (en) | Method and device for generating application program package, electronic equipment and storage medium | |
| CN112540924A (en) | Interface automation test method, device, equipment and storage medium | |
| CN108255967B (en) | Method and device for calling storage process, storage medium and terminal | |
| CN110515924B (en) | Database operation logic verification method, device, equipment and readable storage medium | |
| CN111078424A (en) | Information interaction method and device, computer equipment and storage medium | |
| CN112860585A (en) | Test script assertion generation method and device | |
| CN112947907B (en) | Method for creating code branches | |
| CN112988600A (en) | Service scene testing method and device, electronic equipment and storage medium | |
| CN113032831A (en) | Database query method, device and system, computer equipment and storage medium | |
| CN112433935A (en) | Test method, test device, electronic equipment and storage medium | |
| CN113448847B (en) | Test method and system | |
| CN113282476B (en) | Interface performance testing method and device and electronic equipment | |
| CN114238143A (en) | ES data number making method, system and storage medium for interface test | |
| CN114329495A (en) | Endogenous security based asset vulnerability static analysis method and device | |
| CN113010587B (en) | Data source configuration method, device, terminal, server and medium | |
| CN113626870A (en) | Access control method, device, electronic equipment and storage medium | |
| CN113158146A (en) | Script management method, script management platform, computing device and medium | |
| CN115795425A (en) | Permission verification method and device for data processing task | |
| CN118092811B (en) | Safety configuration method for collecting and writing multiple data sources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |