CN113221180A - Database security access system and method - Google Patents

Database security access system and method Download PDF

Info

Publication number
CN113221180A
CN113221180A CN202110639571.XA CN202110639571A CN113221180A CN 113221180 A CN113221180 A CN 113221180A CN 202110639571 A CN202110639571 A CN 202110639571A CN 113221180 A CN113221180 A CN 113221180A
Authority
CN
China
Prior art keywords
module
data
access
database
command
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110639571.XA
Other languages
Chinese (zh)
Inventor
王保春
张蛟鹏
余洋
莫恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiaqiao Shenzhen Investment Co ltd
Original Assignee
Yongqi Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yongqi Beijing Technology Co Ltd filed Critical Yongqi Beijing Technology Co Ltd
Priority to CN202110639571.XA priority Critical patent/CN113221180A/en
Publication of CN113221180A publication Critical patent/CN113221180A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a database security access system and a method thereof, wherein the system comprises: the system comprises terminal equipment, a forwarding module, an agent module, a controller, a database server, a data switch, a request verification module and a data verification module, wherein the database server, the data switch, the request verification module and the data verification module are connected with the controller; the terminal equipment is connected with the forwarding module, the forwarding module is connected with the request verification module, the request verification module is connected with the proxy module, the proxy module is connected with the database server, the database server is in communication connection with the terminal equipment through the data switch, and the data verification module is connected between the database server and the data switch. The database security access system and the method provided by the invention have a real-time monitoring function, and the database server can be closed when abnormal access is received because double authentication is required during access, thereby reducing the loss of the database when the database is invaded and greatly improving the security degree of the database.

Description

Database security access system and method
Technical Field
The invention relates to the technical field of database security, in particular to a database security access system and a database security access method.
Background
At present, data systems of all industries are provided with databases, and a large amount of information is stored in the databases. Most of the information belongs to the confidentiality of the company, and if the information is leaked, the reputation of the enterprise is seriously influenced, and even the enterprise is seriously lost. Authoritative data indicate that the main causes of data leakage include the following two points: 1. data leakage caused by intrusion of an external network, namely an external hacker; 2. imperfect access right monitoring inside the database leads to data leakage caused by unauthorized access, namely, inside personnel.
The intrusion of the external network is mainly solved by a firewall, and even some databases with higher security requirements can disconnect the internet to avoid the intrusion of the external network, which are effective means. However, the internal access of the existing database is not paid much attention, especially the database of the small company is mostly a cabinet server, and even some databases directly modified by a PC.
The existing database access is usually in a hierarchical authorization access mode, namely different authorization levels are distinguished for account numbers of employees, the employees can access different security level data according to different levels, namely the accessed account numbers are divided into different authorization levels, and files in the database are divided into different security levels. The existing database is often not subjected to excessive verification and monitoring during access, and the access can be performed only by account numbers and passwords, but the account numbers are easy to be stolen by hackers, so that loss is caused. Therefore, it is necessary to design a database security access system and method.
Disclosure of Invention
The invention aims to provide a database security access system and a method, which have a real-time monitoring function, need to pass double authentication during access, and can close a database server when abnormal access is received, thereby reducing the loss of the database when being invaded and greatly improving the security degree of the database.
In order to achieve the purpose, the invention provides the following scheme:
a database security access system, the system comprising: the system comprises terminal equipment, a forwarding module, an agent module, a controller, a database server, a data switch, a request verification module and a data verification module, wherein the database server, the data switch, the request verification module and the data verification module are connected with the controller; the terminal equipment is connected with the forwarding module, the forwarding module is connected with the request verification module, the request verification module is connected with the proxy module, the proxy module is connected with the database server, the database server is in communication connection with the terminal equipment through the data switch, and the data verification module is connected between the database server and the data switch;
the terminal equipment is used for sending an access request and acquiring data returned by the database server;
the database server is used for storing data;
the data switch is used for completing communication between the database server and the terminal equipment;
the forwarding module is used for acquiring an access request of the terminal equipment;
the agent module is used for identifying an access command in the access request and sending the access command to a database server;
the request verification module is used for verifying the access request of the terminal equipment;
the data verification module is used for verifying the data returned by the database server;
the controller is used for acquiring the information of the request verification module and the data verification module, and determining whether to send data to the terminal equipment and whether to close the database server.
Optionally, the agent module includes a cache module, a storage medium, and a command processing and sending module, the request verification module is connected to the cache module, the cache module is connected to the storage medium and the command processing and sending module, the cache module is configured to cache the access request forwarded by the request verification module, the storage medium is configured to store the access request, and the command sending module is configured to extract the access command in the access request and send the access command to the database server.
Optionally, the command processing and sending module includes a command obtaining unit, a command identifying unit, and a command sending unit, where the command obtaining unit is configured to extract an access command in the access request, the command identifying unit is configured to identify a type of the access command, and the command sending unit sends the access command to the database server according to the command type.
Optionally, the request verification module includes a first network sniffer and an identity comparison module, the forwarding module is connected to the first network sniffer, the first network sniffer is connected to the identity comparison module, the identity comparison module is connected to the agent module, the first network sniffer is used to obtain the identity information, authorization level and IP address of the terminal device, the identity comparison module is used to compare the identity information of the terminal device with the identity information of the database allowed to be accessed, and determine whether the terminal device is allowed to access the database, the first network sniffer and the identity comparison module are connected to the controller, and are used to send the identity information, authorization level and IP address of the terminal device and the determination result of the identity comparison module to the controller.
Optionally, the data verification module includes a second network sniffer and a data identification module, the database server is connected to the second network sniffer, the second network sniffer is connected to the data identification module, the data identification module is connected to the data switch, the second network sniffer is used for acquiring the data returned by the database server, the data identification module is used for identifying the data and judging the confidentiality level of the data, the second network sniffer and the data identification module are connected to the controller, and the controller is used for sending the confidentiality level of the data to the controller.
Optionally, the database security access system further includes a database monitoring module and a server monitoring module, the database monitoring module and the server monitoring module are connected to the controller, the database monitoring module is configured to obtain operation information of the database, and the server monitoring module is configured to obtain performance information of a server where the database is located.
A database security access method is applied to the database security access system and comprises the following steps:
step 1: receiving an access request sent by terminal equipment, and extracting information in the access request by a request verification module and verifying the access request;
step 2: after the verification is passed, judging the type of the access command in the access request, sending the access command to a database server according to the type of the access command, and sending data to a data verification module by the database server according to the access command;
and step 3: and the data verification module verifies the data returned by the database server, passes the verification and returns the data to the terminal equipment through the data switch.
Optionally, in step 1, the request verification module extracts information in the access request, and verifies the access request, specifically:
the request verification module extracts the identity information, the authorization level and the IP address in the access request and sends the identity information, the authorization level and the IP address to the controller, the request verification module compares the identity information in the access request with the identity information of the database server allowed to be accessed, and if the identity information of the database server allowed to be accessed contains the identity information in the access request, verification is passed.
Optionally, in step 2, after the verification is passed, the type of the access command in the access request is determined, and the access command is sent to the database server according to the type of the access command, which specifically includes:
after the verification is passed, the proxy module caches the access request, extracts the access command in the access request through the command acquisition unit, identifies the type of the access command through the command identification unit, and sends the access command to the database server through the command sending unit according to the command type.
Optionally, in step 3, the data verification module verifies data returned by the database server, and if the data passes the verification, the data is returned to the terminal device, specifically:
the data verification module verifies the database server, obtains the security level of the data and sends the security level of the data to the controller, the controller judges whether the identity information, the authorization level and the IP address in the access request are matched with the security level of the data, if the identity information, the authorization level and the IP address are matched with the security level of the data, the verification is passed, the controller returns the data to the terminal equipment through the data switch, if the identity information, the authorization level and the IP address are not matched with the security level of the data, the verification is not passed, and the controller controls the database server to be closed to prevent the database server from being maliciously invaded.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the database security access system and the method provided by the invention have a real-time monitoring function, and the database server can be closed when abnormal access is received because double authentication is required during access, thereby reducing the loss of the database when the database is invaded and greatly improving the security degree of the database; the system comprises terminal equipment, a forwarding module, an agent module, a controller, a database server, a data switch, a request verification module and a data verification module, wherein the database server, the data switch, the request verification module and the data verification module are in communication connection with the controller, the terminal equipment can send an access request and acquire data returned by the database server, the database server can store file data, the data switch can complete communication between the database server and the terminal equipment, the forwarding module can acquire the access request of the terminal equipment, the agent module can identify an access command in the access request and send the access command to the database server, the request verification module can verify the access request of the terminal equipment, subsequent operation can be carried out only after verification is passed, the safety is ensured, and the data verification module can verify the data returned by the database server, the database security access system comprises a database monitoring module and a server monitoring module, wherein the database monitoring module can acquire the operation information of a database, and the server monitoring module can acquire the performance information of a server where the database is located, so that the operation of the database server is further ensured; the method comprises the steps of receiving an access request sent by terminal equipment, extracting information in the access request by a request verification module, verifying the access request, judging the type of an access command in the access request after the verification is passed, sending the access command to a database server according to the type of the access command, sending data to a data verification module by the database server according to the access command, verifying the data returned by the database server by the data verification module, passing the verification, returning the data to a receiving terminal through a data switch, verifying the access application in an access application stage, determining the identity information of the receiving equipment, verifying the identity information, the authorization level and the IP address of the receiving equipment and the security level of the data in a data transmission stage to determine whether the data are matched or not, further improving the security of the database, and if the data are not matched, the database is determined to be invaded illegally, and the database server can be closed through the controller, so that loss is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic structural diagram of a database security access system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a database security access method according to an embodiment of the present invention.
Reference numerals: 1. a terminal device; 2. a forwarding module; 3. a request verification module; 4. an agent module; 5. a database server; 6. a data switch; 7. a data verification module; 8. and a controller.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a database security access system and a method, which have a real-time monitoring function, need to pass double authentication during access, and can close a database server when abnormal access is received, thereby reducing the loss of the database when being invaded and greatly improving the security degree of the database.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a schematic structural diagram of a database security access system according to an embodiment of the present invention, and as shown in fig. 1, the database security access system and method according to the embodiment of the present invention include: the system comprises terminal equipment 1, a forwarding module 2, an agent module 4, a controller 8, a database server 5 connected with the controller 8, a data switch 6, a request verification module 3 and a data verification module 7; the terminal device 1 is connected with the forwarding module 2, the forwarding module 2 is connected with the request verification module 3, the request verification module 3 is connected with the proxy module 4, the proxy module 4 is connected with the database server 5, the database server 5 is in communication connection with the terminal device 1 through the data switch 6, and the data verification module 7 is connected between the database server 5 and the data switch 6;
the terminal device 1 is used for sending an access request and acquiring data returned by the database server 5;
the database server 5 is used for storing data;
the data switch 6 is used for completing the communication between the database server 5 and the terminal equipment 1;
the forwarding module 2 is configured to obtain an access request of the terminal device 1;
the agent module 4 is used for identifying an access command in the access request and sending the access command to the database server 5;
the request verification module 3 is configured to verify an access request of the terminal device 1;
the data verification module 7 is configured to verify data returned by the database server 5;
the controller 8 is configured to obtain information of the request verification module 3 and the data verification module 7, and determine whether to send data to the terminal device 1 and whether to close the database server 5.
The agent module 4 comprises a cache module, a storage medium and a command processing and sending module, the request verification module 3 is connected with the cache module, the cache module is connected with the storage medium and the command processing and sending module, the cache module is used for caching the access request forwarded by the request verification module 3, the storage medium is used for storing the access request, and the command sending module is used for extracting the access command in the access request and sending the access command to the database server 5.
The command processing and sending module comprises a command obtaining unit, a command identifying unit and a command sending unit, wherein the command obtaining unit is used for extracting the access command in the access request, the command identifying unit is used for identifying the type of the access command, and the command sending unit is used for sending the access command to the database server 5 according to the command type.
The request verification module 3 comprises a first network sniffer and an identity comparison module, the forwarding module 2 is connected with the first network sniffer, the first network sniffer is connected with the identity comparison module, the identity comparison module is connected with the agent module 4, the first network sniffer is used for acquiring the identity information, authorization level and IP address of the terminal equipment 1, the identity comparison module is used for comparing the identity information of the terminal equipment 1 with the identity information of a database allowed to be accessed and judging whether the terminal equipment is allowed to access the database or not, and the first network sniffer and the identity comparison module are connected with the controller 8 and are used for sending the judgment results of the identity information, authorization level and IP address of the terminal equipment 1 and the identity comparison module to the controller 8.
The data verification module 7 comprises a second network sniffer and a data identification module, the database server 5 is connected with the second network sniffer, the second network sniffer is connected with the data identification module, the data identification module is connected with the data switch 6, the second network sniffer is used for acquiring data returned by the database server 5, the data identification module is used for identifying the data and judging the confidentiality grade of the data, and the second network sniffer and the data identification module are connected with the controller 8 and used for sending the confidentiality grade of the data to the controller 8.
First network sniffer and second network sniffer have been the pc computer end that has loaded and has sniffed the function, data identification module is the pc computer end of having loaded the privacy level and having confirmed the function, identity contrast module is the pc computer end of having loaded identity contrast function, the controller adopt common model can, for example plc controller etc..
The database security access system further comprises a database monitoring module and a server monitoring module, the database monitoring module and the server monitoring module are connected with the controller, the database monitoring module is used for acquiring operation information of the database, the operation information comprises current database connection number information, residual database connection number information and memory occupation information, the server monitoring module is used for acquiring performance information of a server where the database is located, and the performance information comprises CPU utilization rate information, IO performance information and memory usage information.
As shown in fig. 2, a database security access method applied to the database security access system includes the following steps:
step 1: receiving an access request sent by terminal equipment, and extracting information in the access request by a request verification module and verifying the access request;
step 2: after the verification is passed, judging the type of the access command in the access request, sending the access command to a database server according to the type of the access command, and sending data to a data verification module by the database server according to the access command;
and step 3: and the data verification module verifies the data returned by the database server, passes the verification and returns the data to the terminal equipment through the data switch.
In step 1, the request verification module extracts information in the access request and verifies the access request, specifically:
the request verification module extracts the identity information, the authorization level and the IP address in the access request and sends the identity information, the authorization level and the IP address to the controller, the request verification module compares the identity information in the access request with the identity information of the database server allowed to be accessed, and if the identity information of the database server allowed to be accessed contains the identity information in the access request, verification is passed.
In step 2, after the verification is passed, the type of the access command in the access request is judged, and the access command is sent to the database server according to the type of the access command, specifically:
after the verification is passed, the proxy module caches the access request, extracts the access command in the access request through the command acquisition unit, identifies the type of the access command through the command identification unit, and sends the access command to the database server through the command sending unit according to the command type.
In step 3, the data verification module verifies the data returned by the database server, and if the data passes the verification, the data is returned to the terminal device, specifically:
the data verification module verifies the database server, obtains the security level of the data and sends the security level of the data to the controller, the controller judges whether the identity information, the authorization level and the IP address in the access request are matched with the security level of the data, if the identity information, the authorization level and the IP address are matched with the security level of the data, the verification is passed, the controller returns the data to the terminal equipment through the data switch, if the identity information, the authorization level and the IP address are not matched with the security level of the data, the verification is not passed, and the controller controls the database server to be closed to prevent the database server from being maliciously invaded.
The database security access system and the method provided by the invention have a real-time monitoring function, and the database server can be closed when abnormal access is received because double authentication is required during access, thereby reducing the loss of the database when the database is invaded and greatly improving the security degree of the database; the system comprises terminal equipment, a forwarding module, an agent module, a controller, a database server, a data switch, a request verification module and a data verification module, wherein the database server, the data switch, the request verification module and the data verification module are in communication connection with the controller, the terminal equipment can send an access request and acquire data returned by the database server, the database server can store file data, the data switch can complete communication between the database server and the terminal equipment, the forwarding module can acquire the access request of the terminal equipment, the agent module can identify an access command in the access request and send the access command to the database server, the request verification module can verify the access request of the terminal equipment, subsequent operation can be carried out only after verification is passed, the safety is ensured, and the data verification module can verify the data returned by the database server, the database security access system comprises a database monitoring module and a server monitoring module, wherein the database monitoring module can acquire the operation information of a database, and the server monitoring module can acquire the performance information of a server where the database is located, so that the operation of the database server is further ensured; the method comprises the steps of receiving an access request sent by terminal equipment, extracting information in the access request by a request verification module, verifying the access request, judging the type of an access command in the access request after the verification is passed, sending the access command to a database server according to the type of the access command, sending data to a data verification module by the database server according to the access command, verifying the data returned by the database server by the data verification module, passing the verification, returning the data to a receiving terminal through a data switch, verifying the access application in an access application stage, determining the identity information of the receiving equipment, verifying the identity information, the authorization level and the IP address of the receiving equipment and the security level of the data in a data transmission stage to determine whether the data are matched or not, further improving the security of the database, and if the data are not matched, the database is determined to be invaded illegally, and the database server can be closed through the controller, so that loss is reduced.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (10)

1. A database security access system, comprising: the system comprises terminal equipment, a forwarding module, an agent module, a controller, a database server, a data switch, a request verification module and a data verification module, wherein the database server, the data switch, the request verification module and the data verification module are connected with the controller; the terminal equipment is connected with the forwarding module, the forwarding module is connected with the request verification module, the request verification module is connected with the proxy module, the proxy module is connected with the database server, the database server is in communication connection with the terminal equipment through the data switch, and the data verification module is connected between the database server and the data switch;
the terminal equipment is used for sending an access request and acquiring data returned by the database server;
the database server is used for storing data;
the data switch is used for completing communication between the database server and the terminal equipment;
the forwarding module is used for acquiring an access request of the terminal equipment;
the agent module is used for identifying an access command in the access request and sending the access command to a database server;
the request verification module is used for verifying the access request of the terminal equipment;
the data verification module is used for verifying the data returned by the database server;
the controller is used for acquiring the information of the request verification module and the data verification module, and determining whether to send data to the terminal equipment and whether to close the database server.
2. The database security access system according to claim 1, wherein the agent module includes a cache module, a storage medium, and a command processing and sending module, the request verification module is connected to the cache module, the cache module is connected to the storage medium and the command processing and sending module, the cache module is configured to cache the access request forwarded by the request verification module, the storage medium is configured to store the access request, and the command sending module is configured to extract the access command in the access request and send the access command to the database server.
3. The database security access system according to claim 2, wherein the command processing and sending module includes a command obtaining unit, a command identifying unit, and a command sending unit, the command obtaining unit is configured to extract the access command in the access request, the command identifying unit is configured to identify a type of the access command, and the command sending unit is configured to send the access command to the database server according to the command type.
4. The database security access system of claim 1, wherein the request verification module comprises a first network sniffer and identity comparison module, the forwarding module is connected with the first network sniffer, the first network sniffer is connected with the identity comparison module, the identity comparison module is connected with the agent module, the first network sniffer is used for acquiring the identity information, the authorization level and the IP address of the terminal equipment, the identity comparison module is used for comparing the identity information of the terminal equipment with the identity information of the database which is allowed to be accessed and judging whether the terminal equipment is allowed to be accessed or not, the first network sniffer and the identity comparison module are connected with the controller, and the controller is used for sending the identity information, the authorization level and the judgment result of the IP address and identity comparison module of the terminal equipment to the controller.
5. The database security access system according to claim 1, wherein the data verification module includes a second network sniffer and a data identification module, the database server is connected to the second network sniffer, the second network sniffer is connected to the data identification module, the data identification module is connected to the data switch, the second network sniffer is configured to obtain data returned by the database server, the data identification module is configured to identify data and determine a security level of the data, and the second network sniffer and the data identification module are connected to the controller and are configured to send the security level of the data to the controller.
6. The database security access system of claim 1, further comprising a database monitoring module and a server monitoring module, wherein the database monitoring module and the server monitoring module are connected to the controller, the database monitoring module is configured to obtain operation information of the database, and the server monitoring module is configured to obtain performance information of a server where the database is located.
7. A database security access method applied to the database security access system according to any one of claims 1 to 6, comprising the steps of:
step 1: receiving an access request sent by terminal equipment, and extracting information in the access request by a request verification module and verifying the access request;
step 2: after the verification is passed, judging the type of the access command in the access request, sending the access command to a database server according to the type of the access command, and sending data to a data verification module by the database server according to the access command;
and step 3: and the data verification module verifies the data returned by the database server, passes the verification and returns the data to the terminal equipment through the data switch.
8. The database security access method according to claim 7, wherein in step 1, the request verification module extracts information in the access request and verifies the access request, specifically:
the request verification module extracts the identity information, the authorization level and the IP address in the access request and sends the identity information, the authorization level and the IP address to the controller, the request verification module compares the identity information in the access request with the identity information of the database server allowed to be accessed, and if the identity information of the database server allowed to be accessed contains the identity information in the access request, verification is passed.
9. The system and method for secure access to a database according to claim 7, wherein in step 2, after the verification is passed, the type of the access command in the access request is determined, and the access command is sent to the database server according to the type of the access command, specifically:
after the verification is passed, the proxy module caches the access request, extracts the access command in the access request through the command acquisition unit, identifies the type of the access command through the command identification unit, and sends the access command to the database server through the command sending unit according to the command type.
10. The system and method for secure access to a database according to claim 7, wherein in step 3, the data verification module verifies the data returned by the database server, and if the data passes the verification, the data is returned to the terminal device, specifically:
the data verification module verifies the database server, obtains the security level of the data and sends the security level of the data to the controller, the controller judges whether the identity information, the authorization level and the IP address in the access request are matched with the security level of the data, if the identity information, the authorization level and the IP address are matched with the security level of the data, the verification is passed, the controller returns the data to the terminal equipment through the data switch, if the identity information, the authorization level and the IP address are not matched with the security level of the data, the verification is not passed, and the controller controls the database server to be closed to prevent the database server from being maliciously invaded.
CN202110639571.XA 2021-06-09 2021-06-09 Database security access system and method Pending CN113221180A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110639571.XA CN113221180A (en) 2021-06-09 2021-06-09 Database security access system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110639571.XA CN113221180A (en) 2021-06-09 2021-06-09 Database security access system and method

Publications (1)

Publication Number Publication Date
CN113221180A true CN113221180A (en) 2021-08-06

Family

ID=77083297

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110639571.XA Pending CN113221180A (en) 2021-06-09 2021-06-09 Database security access system and method

Country Status (1)

Country Link
CN (1) CN113221180A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113919000A (en) * 2021-12-16 2022-01-11 北京交研智慧科技有限公司 User database management method and device
CN114896223A (en) * 2022-04-07 2022-08-12 支付宝(杭州)信息技术有限公司 Database implementation apparatus, method, system, medium, and computer program product
CN116527401A (en) * 2023-06-30 2023-08-01 诚罡科技(天津)有限公司 Secure communication method and system of distributed data server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100024009A1 (en) * 2007-02-16 2010-01-28 Oded Comay Method and system for dynamic security using authentication server
CN205812070U (en) * 2016-07-18 2016-12-14 杭州汉领信息科技有限公司 A kind of data base's firewall system based on high amount of traffic amount
CN108093094A (en) * 2017-12-08 2018-05-29 腾讯科技(深圳)有限公司 Database instance access method, device, system, storage medium and equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100024009A1 (en) * 2007-02-16 2010-01-28 Oded Comay Method and system for dynamic security using authentication server
CN205812070U (en) * 2016-07-18 2016-12-14 杭州汉领信息科技有限公司 A kind of data base's firewall system based on high amount of traffic amount
CN108093094A (en) * 2017-12-08 2018-05-29 腾讯科技(深圳)有限公司 Database instance access method, device, system, storage medium and equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113919000A (en) * 2021-12-16 2022-01-11 北京交研智慧科技有限公司 User database management method and device
CN113919000B (en) * 2021-12-16 2022-03-29 北京交研智慧科技有限公司 User database management method and device
CN114896223A (en) * 2022-04-07 2022-08-12 支付宝(杭州)信息技术有限公司 Database implementation apparatus, method, system, medium, and computer program product
CN116527401A (en) * 2023-06-30 2023-08-01 诚罡科技(天津)有限公司 Secure communication method and system of distributed data server
CN116527401B (en) * 2023-06-30 2023-09-01 诚罡科技(天津)有限公司 Secure communication method and system of distributed data server

Similar Documents

Publication Publication Date Title
CN113221180A (en) Database security access system and method
CN109409045B (en) Safety protection method and device for automatic login account of browser
CN102377756B (en) Service access method and system, authentication method and system, client and authentication server
CN109413000B (en) Anti-stealing-link method and anti-stealing-link network relation system
KR100745044B1 (en) Apparatus and method for protecting access of phishing site
US11379591B2 (en) Methods and devices for user authorization
CN111083132A (en) Safe access method and system for web application with sensitive data
CN112511484B (en) U shield safety control management system
CN111177741A (en) Pre-authorization data access method and device based on enterprise browser
CN110881186B (en) Illegal device identification method and device, electronic device and readable storage medium
US9432357B2 (en) Computer network security management system and method
CN110049028A (en) Monitor method, apparatus, computer equipment and the storage medium of domain control administrator
CN106878335A (en) A kind of method and system for login authentication
CN108696540A (en) A kind of authorizing secure system and its authorization method
CN111131303A (en) Request data verification system and method
CN112995227B (en) One-stop information service platform based on three-party credit management
CN107332862A (en) A kind of identity identifying method, front end processor and identity authorization system
CN107426213A (en) The method and system that a kind of limitation SSR management platforms log in
CN116894259A (en) Safety access control system of database
CN109756483B (en) Safety protection method aiming at MELASEC protocol
CN114036480B (en) Security access control method and system for private application and readable storage medium
CN110958236A (en) Dynamic authorization method of operation and maintenance auditing system based on risk factor insight
CN111131273A (en) Internet access control system for network engineering
CN114640536A (en) Data access monitoring method
CN111556024B (en) Reverse access control system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20221111

Address after: Room 305, No. 188, Zhugushi Road, Wulian, Central City, Longgang Street, Longgang District, Shenzhen, Guangdong 518100

Applicant after: Jiaqiao (Shenzhen) Investment Co.,Ltd.

Address before: D-1908, 19th floor, building 222, Wangjing Xiyuan, Chaoyang District, Beijing

Applicant before: Yongqi (Beijing) Technology Co.,Ltd.

TA01 Transfer of patent application right