CN113343312A - Page tamper-proofing method and system based on front-end point burying technology - Google Patents
Page tamper-proofing method and system based on front-end point burying technology Download PDFInfo
- Publication number
- CN113343312A CN113343312A CN202110708380.4A CN202110708380A CN113343312A CN 113343312 A CN113343312 A CN 113343312A CN 202110708380 A CN202110708380 A CN 202110708380A CN 113343312 A CN113343312 A CN 113343312A
- Authority
- CN
- China
- Prior art keywords
- file
- target file
- hash values
- target
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/178—Techniques for file synchronisation in file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Abstract
The disclosure provides a page tamper-proofing method based on a front-end point-burying technology, which can be applied to the technical field of information security. The method comprises the following steps: acquiring first target file information; performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server; acquiring second target file information through a front end buried point; performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server; tampering identification is carried out on the first target file according to the m first hash values and the m second hash values; and if the first target file is determined to be tampered, restoring the first target file according to the file name and the file path of the first target file. The disclosure also provides a system, a device, a storage medium and a program product for preventing page tampering based on the front-end buried point technology.
Description
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a page tamper-proofing method, system, device, medium, and program product based on a front-end buried point technology.
Background
With the development of the internet, the performance requirements on websites are higher and higher. Page staticizing techniques are often used to improve access efficiency to optimize website performance. The page staticizing means that a dynamically generated JSP (Java Server Pages, JSP) page is changed into a static HTML (HTML) page to be directly accessed by a user.
In one example, the user access resources are generated in advance through timing tasks and are synchronized to a WEB server in a file form. When the user accesses the page, the user preferentially accesses the resources in the WEB server. The file generated by page staticizing is a source file and is stored in the intranet area. And the file synchronized to the WEB server is a target file and is stored in the external network area. Files stored in the external network area are easy to tamper by attack, and resources accessed by a user after tampering are distorted to cause adverse effects.
The existing page tamper-proof technology has the defects of long time consumption, high cost, poor reliability and the like, whether a page is tampered or not cannot be well identified, and recovery after the page is tampered is difficult to achieve.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a page tamper-proofing method, system, device, medium, and program product based on front-end buried point technology.
According to a first aspect of the present disclosure, there is provided a page tamper-proofing method based on a front-end buried point technology, including: acquiring first target file information, wherein the first target file information comprises a first target file, a file name and a file path of the first target file;
performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server;
acquiring second target file information through a front-end buried point, wherein the second target file information comprises a second target file, a file name and a file path of the second target file;
performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server;
tampering identification is carried out on the first target file according to the m first hash values and the m second hash values;
if the first target file is determined to be tampered, restoring the first target file according to the file name and the file path of the first target file;
the first target file is a staticized source file, and the second target file is a file when a user is accessing a page.
According to an embodiment of the present disclosure, the tamper identification of the first target file according to the m first hash values and the m second hash values includes:
removing the duplicate of the second hash value according to the second target file information and the IP information of the WEB server;
generating m groups of hash values according to the m first hash values and the m second hash values after the duplication removal;
comparing a first hash value and a second hash value in the m groups of hash values;
and determining a tampering identification result of the first target file according to the comparison result.
According to an embodiment of the present disclosure, the performing deduplication on the second hash value according to the second target file information and the WEB server IP information includes:
acquiring IP information of a WEB server where the second target file is located;
determining a second target file name and a file path according to the second target file information;
and removing the duplicate of the second hash value according to the second target file name, the file path and the IP information.
According to an embodiment of the present disclosure, the determining a tampering identification result of the first target file according to the comparison result includes:
and if the first hash value and the second hash value are different in any group of hash values, determining that the first target file is tampered.
According to an embodiment of the present disclosure, the restoring the first target file according to the file name and the file path of the first target file includes:
determining an application service interface according to the file name and the file path of the first target file;
calling the application service interface to generate a staticized file;
performing hash calculation on the staticized file for m times to determine m third hash values, and uploading the m third hash values to an anti-tampering server;
and synchronizing the staticized file to a WEB server, and replacing the first target file in a covering manner.
According to an embodiment of the present disclosure, the restoring the first target file according to the file name and the file path of the first target file further includes:
acquiring a source file in a file storage system according to the file name and the file path of the first target file;
and synchronizing the source file to a WEB server, and replacing the first target file in a covering manner.
According to an embodiment of the present disclosure, the acquiring the first target file information includes:
calling a back-end application service interface to generate a first target file;
the first target file is stored in a file storage system, and the first target file is synchronized to a WEB server through a file synchronization server;
and recording the file name and the file path of the first target file.
According to an embodiment of the present disclosure, the obtaining of the second target file information through the front end buried point includes:
setting a JS code in a page in advance;
when a user accesses a page, a second target file corresponding to the page, a file path and a file name of the second target file are obtained through a JS code preset in the page.
A second aspect of the present disclosure provides a page tamper-proofing system based on a front-end buried point technology, including:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring first target file information, and the first target file information comprises a first target file, a file name and a file path of the first target file;
the first calculation module is used for performing hash calculation on the first target file for m times to obtain m first hash values and uploading the m first hash values to the tamper-resistant server;
the second acquisition module is used for acquiring second target file information through a front end buried point, wherein the second target file information comprises a second target file, a file name and a file path of the second target file;
the second calculation module is used for performing hash calculation on the second target file for m times to obtain m second hash values and uploading the m second hash values to the tamper-resistant server;
the identification module is used for carrying out tampering identification on the first target file according to the m first hash values and the m second hash values;
and
the recovery module is used for recovering the first target file according to the file name and the file path of the first target file if the first target file is determined to be tampered;
the first target file is a staticized source file, and the second target file is a file when a user is accessing a page.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described method for page tamper resistance based on front-end-buried point technology.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions, which when executed by a processor, cause the processor to execute the above-mentioned page tamper-proofing method based on the front-end buried point technology.
A fifth aspect of the present disclosure also provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the method for preventing page tampering based on the front-end buried point technology is implemented.
According to the embodiment of the disclosure, m first hash values are obtained by obtaining first target file information and performing hash calculation on the first target file for m times, and are uploaded to a tamper-resistant server; acquiring second target file information through a front end buried point; performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server; tampering identification is carried out on the first target file according to the m first hash values and the m second hash values; if the first target file is determined to be tampered, restoring the first target file according to the file name and the file path of the first target file; through a page staticizing technology and a front-end point burying technology, the hash value of the page file is compared through the tamper-proof server, whether the page is tampered or not is further identified, and quick recovery of the tampered page is achieved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an application scenario diagram of a page tamper-proofing method based on a front-end buried point technology according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a system architecture diagram that may be used for a page tamper-proofing method based on front-end buried point technology in accordance with an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a page tamper-proofing method based on a front-end buried point technology according to an embodiment of the disclosure;
FIG. 4 is a flow chart schematically illustrating another page tamper-proofing method based on a front-end buried point technology according to an embodiment of the disclosure;
FIG. 5 is a block diagram schematically illustrating a structure of a page tamper-proofing system based on a front-end buried point technology according to an embodiment of the present disclosure; and
fig. 6 schematically shows a block diagram of an electronic device adapted to implement a page tamper-proofing method based on front-end buried point technology according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The terms presented in this disclosure are explained first.
Page staticizing: and pre-generating user access resources through a timing task, and synchronizing the user access resources to the WEB server in a file form. When the user accesses the page, the user preferentially accesses the resources in the WEB server.
Embedding points: the buried point analysis is a common data acquisition method for website analysis. The front-end embedded point in the embodiment of the disclosure is to acquire data through JS on the front-end webpage.
Tamper-proofing: the file generated by page staticizing is a source file and is stored in the intranet area. And the file synchronized to the WEB server is a target file and is stored in the external network area. Files stored in the external network area are easy to tamper by attack, and resources accessed by a user after tampering are distorted to cause adverse effects. The tamper-proofing is to identify a tampered file in the WEB server and synchronously restore the file from a source file.
The embodiment of the disclosure provides a page tamper-proofing method based on a front-end buried point technology, which comprises the following steps:
acquiring first target file information, wherein the first target file information comprises a first target file, a file name and a file path of the first target file; performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server; acquiring second target file information through a front-end buried point, wherein the second target file information comprises a second target file, a file name and a file path of the second target file; performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server; tampering identification is carried out on the first target file according to the m first hash values and the m second hash values; if the first target file is determined to be tampered, restoring the first target file according to the file name and the file path of the first target file; the first target file is a staticized source file, and the second target file is a file when a user is accessing a page.
Fig. 1 schematically shows an application scenario diagram of a page tamper-proofing method based on a front-end buried point technology according to an embodiment of the present disclosure. FIG. 2 schematically shows a system architecture diagram that may be used for a page tamper-proofing method based on front-end buried point technology according to an embodiment of the disclosure. It should be noted that the application scenario shown in fig. 1 and the system architecture shown in fig. 2 are only examples of application scenarios and system architectures that may be used with the embodiments of the present disclosure to help those skilled in the art understand the technical content of the present disclosure, but do not mean that the embodiments of the present disclosure may not be used in other devices, systems, environments or scenarios. It should be noted that the page tamper-proofing method and system based on the front-end embedded point technology provided by the embodiment of the present disclosure may be used in related aspects in the information security technology field and the financial field, and may also be used in any field other than the financial field.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the page data being accessed by the user, identify whether the page currently accessed by the user has been tampered, and recover the tampered page (for example, a webpage, information, or data obtained or generated according to the identification result is fed back to the terminal device).
It should be noted that the page tamper-proofing method based on the front-end buried point technology provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the page tamper-proofing system based on the front-end buried point technology provided by the embodiment of the present disclosure can be generally disposed in the server 105. The page tamper-proofing method based on the front-end buried point technology provided by the embodiment of the present disclosure may also be executed by a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the page tamper-proofing system based on the front-end buried point technology provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
As shown in fig. 2, a system architecture 110 according to the embodiment may be used to execute a page tamper-proofing method based on a front-end buried point technology, and the system architecture 110 may include a terminal device 111, a WEB server 112, a tamper-proofing server 113, a bloom filter 114, a staticizing server 115, a file storage system 116, a WEB application server 117, and a file synchronization server 118.
The staticizing server 115 calls an interface of the WEB application server 117 to generate a staticizing file, stores the staticizing file in the file storage system 116, performs hash calculation on the staticizing file, and transmits the hash calculation to the tamper-resistant server 113, wherein the staticizing file is synchronized to the WEB server 112 through the file synchronization server 118.
When a user accesses a website page by using the terminal device 111, accessing a corresponding file from the WEB server, acquiring the file accessed from the WEB server by using a JS (JavaScript) embedded point arranged in a front-end page, performing Hash calculation on the file, uploading calculated parameters to the tamper-resistant server 113, wherein the calculated parameters are repeated because multiple users possibly access the same page at the same time, the tamper-resistant server 113 filters the parameters according to the IP (Internet protocol) of the WEB server, the file name and the file path, the bloom filter 114 compares the filtered Hash values to realize page tamper identification, and if the page is determined to be tampered, recalling the staticizing service to generate a staticizing file and synchronize the staticizing file to the WEB server 112 to finish the recovery of the tampered file.
The page tamper-proofing method based on the front-end buried point technology according to the disclosed embodiment will be described in detail through fig. 3 to 4 based on the scenario described in fig. 1.
Fig. 3 schematically shows a flowchart of a page tamper-proofing method based on a front-end buried point technology according to an embodiment of the present disclosure.
As shown in fig. 3, the page tamper-proofing method based on the front-end burial point technology of this embodiment includes operations S210 to S230, and the page tamper-proofing processing method may be performed by a server.
In operation S210, first target file information is acquired.
According to the embodiment of the disclosure, the first target file information includes a first target file, a file name and a file path of the first target file, wherein the first target file is a staticized source file.
Operation S210 is a process of making a static source file for the static server, in an example, the static server calls a background application service interface, stores the returned data in a file form in the file storage system, that is, the returned data is the first target file, and obtains a file name and a file path of the file at the same time.
In operation S220, m hash calculations are performed on the first target file to obtain m first hash values, and the m first hash values are uploaded to the tamper resistant server.
In one example, after a staticized source file is generated, hash calculation is performed on the file by using a set of salt values (random calculation factors), wherein a set of m salt values is obtained through calculation, m first hash values are obtained through calculation, and the first target file information and the m first hash values are uploaded to the tamper-resistant server and recorded in the bloom filter. Each staticized source file corresponds to m different hash values. In the disclosed embodiment, m takes the value of 3.
Operations S210 and S220 are one-time operations, and when the content of the website page is not updated, the first target file does not need to be updated.
In operation S230, second target file information is acquired through the front end buried point.
According to the embodiment of the disclosure, the second target file information includes a second target file, a file name and a file path of the second target file, where the second target file is a file when the user is performing a page access.
When a user accesses a page, a browser accesses a file in a WEB server, a file which is accessed by the user currently can be obtained through a front-end point burying technology, namely a second target file, if the page is not tampered, the first target file and the second target file are the same, and if the page is tampered, the first target file and the second target file are different.
In operation S240, m second hash values are obtained by performing hash calculation on the second target file m times, and are uploaded to the tamper resistant server.
In the same manner as in operation S220, m second hash values are obtained by performing hash calculation on the second target file m times using the same set of salt values (random calculation factors), and the information of the second target file and the m second hash values are uploaded to the tamper-resistant server.
In operation S250, tamper identification is performed on the first target file according to the m first hash values and the m second hash values.
In one example, a bloom filter in the tamper-resistant server compares m first hash values and m second hash values according to file names of a first target file and a second target file, and if the first hash values and the second hash values are different, it is determined that the first target file is tampered with, if the first target file and the second target file are different; and if the first hash value and the second hash value have the same group, determining that the first target file is not tampered.
In operation S260, if it is determined that the first object file is tampered with, the first object file is restored according to the file name and the file path of the first object file.
In an example, when it is determined that the first target file is tampered, the first target file needs to be restored, specifically, a background application service interface called when the first target file is generated can be obtained through a file name and a file path of the first target file, operation S210 and operation S220 are re-executed to generate a staticized source file, and the staticized source file is synchronized to a WEB server through a file synchronization server, so that the restored after tampering is completed.
According to the embodiment of the disclosure, the front-end embedded point technology and the bloom filter technology are combined, the page information which is accessed by a user is obtained through the front-end embedded point, the hash values of the first target file and the second target file are compared by using the bloom filter, whether the page is tampered or not is identified, the recovery after the page is tampered is completed, the identification time of page tampering is shortened, and automatic and rapid positioning and recovery of the tampered page are realized.
Fig. 4 schematically shows a flowchart of another page tamper-proofing method based on the front-end buried point technology according to an embodiment of the disclosure.
As shown in fig. 4, the page tamper-proofing method based on the front-end buried point technology of this embodiment includes operations S310 to S370.
In operation S310, first target file information is acquired.
According to the embodiment of the disclosure, a backend application service interface is called to generate a first target file. The first target file is stored in a file storage system, and the first target file is synchronized to a WEB server through a file synchronization server; and recording the file name and the file path of the first target file.
In one example, a first target file is stored in a file storage system, and a file synchronization server acquires the first target file from the file storage system, synchronizes the first target file to a WEB server, and waits for an access request of a user.
In operation S320, m hash calculations are performed on the first target file to obtain m first hash values, and the m first hash values are uploaded to the tamper resistant server.
The technical solutions and the technical principles of operation S320 and operation S220 are the same and will not be described again.
In operation S330, second target file information is acquired through the front end buried point.
According to the embodiment of the disclosure, a JS (Javascript, JS) code is preset in a page; when a user accesses a page, a second target file corresponding to the page and a file path and a file name of the second target file are obtained through a JS code preset in the page.
In one example, when a user asks for a page through a browser, the user preferentially accesses a file of a WEB server, and after the page is loaded, a file path and a file name of the file are acquired through JS in the page.
In operation S340, m second hash values are obtained by performing hash calculation on the second target file m times, and are uploaded to the tamper resistant server.
The technical solutions and the technical principles of operation S340 and operation S240 are the same and will not be described again.
In operation S350, the second hash value is deduplicated according to the second target file information and the WEB server IP information.
In an example, since there may be multiple users accessing the same website page at the same time, at this time, the second target file information may be the same, that is, there are a large number of the same second target file names and file paths, in order to increase the tamper identification speed and reduce the usage of computing resources, the parameters uploaded to the tamper resistant server in operation S340 need to be deduplicated, which specifically includes the following steps.
And in the first step, acquiring the IP information of the WEB server where the second target file is located.
In an example, due to distributed deployment of WEB servers, the same file is stored on different WEB servers, and there may be some falsifications of WEB server files, and some of the server files are not falsified, at this time, it is necessary to obtain IP information of the WEB server as an identifier of the WEB server. And when the IP information of the WEB server where the second target file is located is the same, determining that the second target file is from the same WEB server.
In the second step, a second target file name and a file path are determined according to the second target file information.
And in the third step, the second hash value is subjected to duplicate removal according to the second target file name, the file path and the IP information.
In one example, assuming that there are 10 sets of second target file information, 10 sets of hash values are formed corresponding to 10m second hash values, where the 10 sets of hash values may be the same or different, and depending on whether the 10 second target files are from the same WEB server, the 10 second target file names and file paths are the same. If the tampering identification is directly carried out without duplication removal, 10 times of comparison is needed, so that the waste of computing resources is caused, and the identification efficiency is reduced.
And if the IP information of the WEB server where the 8 second target files are located is the same, determining that the 8 second target files are from the same WEB server. And comparing the file names and the file paths of the 8 second target files, if the file names and the file paths of the 6 second target files are determined to be the same, determining that 6 groups of second hash values corresponding to the 6 second target files are also the same, at the moment, only one group of second hash values needs to be taken randomly to complete the duplicate removal of the second hash values, at the moment, only 5 times of comparison is needed, the comparison times are reduced through the past comparison, and the identification efficiency of page tampering is improved.
Operations S350 and S360 are performed by a bloom filter in the tamper resistant server.
In operation S360, tamper identification is performed on the first target file according to the m first hash values and the m second hash values.
According to the embodiment of the disclosure, m groups of hash values are generated according to m first hash values and m second hash values; and comparing the first hash value and the second hash value in the m groups of hash values.
According to the embodiment of the disclosure, the tampering identification result of the first target file is determined according to the comparison result. And if the first hash value and the second hash value are different in any group of hash values, determining that the first target file is tampered.
In one example, the number of the first hash values of the same file name and file path is m, and the number of the second hash values is an integer multiple of m, which is related to the number of WEB servers. Specifically, the m first hash values and the m second hash values are generated into m groups of hash values according to the salt values because the first hash values and the second hash values are obtained by calculating the same group of salt values. And comparing the first hash value and the second hash value in the m groups to obtain a comparison result. And if one group of the m groups of hash values is the same, determining that the first target file and the second target file are the same, and determining that the first target file is not tampered. Otherwise, it is determined that the first target file and the second target file are not the same, it is determined that the first target file is tampered, and then operation S370 is continuously performed.
In operation S370, the first target file is restored according to the file name and the file path of the first target file.
There are two possible implementations of operation S370.
In one possible embodiment:
according to the embodiment of the disclosure, an application service interface is determined according to the file name and the file path of a first target file; calling an application service interface to generate a staticized file; performing hash calculation on the staticized file for m times to determine m third hash values, and uploading the m third hash values to the tamper-resistant server; and synchronizing the staticized file to a WEB server, and replacing the first target file in a covering manner.
In one example, the replacement recovery scheme is to recall a staticized server, create and generate a staticized file, synchronize the staticized file to a WEB server, and perform overlay replacement on a tampered file.
In another possible embodiment:
according to the embodiment of the disclosure, a source file in a file storage system is obtained according to a file name and a file path of a first target file; and synchronizing the source file to the WEB server, and replacing the first target file in a covering manner.
In one example, since the first object file is stored in the file storage system, the source file in the file storage system can be located according to the file name and the file path of the first object file, and the source file is synchronized to the WEB server through the file synchronization server, so that the covering replacement of the tampered file is realized.
According to the embodiment of the disclosure, a front-end embedded point technology and a bloom filter technology are combined, page information which is accessed by a user is obtained through the front-end embedded point, the second hash value is deduplicated through the tamper-proof server, the bloom filter is used for comparing the first hash value of the first target file with the hash value of the second target file, whether the page is tampered or not is identified, recovery after tampering is completed, identification time of page tampering is shortened, and automatic and rapid positioning and recovery of the tampered page are achieved.
Based on the page tamper-proofing method based on the front-end point-burying technology, the disclosure also provides a page tamper-proofing system based on the front-end point-burying technology. The apparatus will be described in detail below with reference to fig. 5.
Fig. 5 schematically shows a block diagram of a page tamper-proofing system based on a front-end buried point technology according to an embodiment of the present disclosure.
As shown in fig. 5, the page tamper-proofing system 500 based on the front-end burial point technology of this embodiment includes a first obtaining module 510, a first calculating module 520, a second obtaining module 530, a second calculating module 540, an identifying module 550, and a restoring module 560.
The first obtaining module 510 is configured to obtain first target file information, where the first target file information includes a first target file, a file name of the first target file, and a file path. In an embodiment, the first obtaining module 510 may be configured to perform the operation S210 described above, which is not described herein again.
The first calculation module 520 is configured to perform hash calculation on the first target file m times to obtain m first hash values, and upload the m first hash values to the tamper-resistant server. In an embodiment, the first calculating module 520 may be configured to perform the operation S220 described above, which is not described herein again.
The second obtaining module 530 is configured to obtain second target file information through the front end buried point, where the second target file information includes a second target file, a file name of the second target file, and a file path. In an embodiment, the second obtaining module 530 may be configured to perform the operation S230 described above, which is not described herein again.
The second calculating module 540 is configured to perform hash calculation on the second target file m times to obtain m second hash values, and upload the m second hash values to the tamper-resistant server. In an embodiment, the second calculating module 540 may be configured to perform the operation S240 described above, and is not described herein again.
The identifying module 550 is configured to tamper and identify the first target file according to the m first hash values and the m second hash values. In an embodiment, the identifying module 550 may be configured to perform the operation S250 described above, which is not described herein again.
The recovery module 560 is configured to recover the first target file according to the file name and the file path of the first target file if it is determined that the first target file is tampered. In an embodiment, the recovery module 560 may be configured to perform the operation S260 described above, which is not described herein again.
According to the embodiment of the present disclosure, any plurality of the first obtaining module 510, the first calculating module 520, the second obtaining module 530, the second calculating module 540, the identifying module 550, and the recovering module 560 may be combined into one module to be implemented, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the first obtaining module 510, the first calculating module 520, the second obtaining module 530, the second calculating module 540, the identifying module 550 and the recovering module 560 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware and firmware, or by a suitable combination of any of them. Alternatively, at least one of the first obtaining module 510, the first calculating module 520, the second obtaining module 530, the second calculating module 540, the identifying module 550 and the recovering module 560 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
Fig. 6 schematically shows a block diagram of an electronic device adapted to implement a page tamper-proofing method based on front-end buried point technology according to an embodiment of the present disclosure.
As shown in fig. 6, an electronic apparatus 900 according to an embodiment of the present disclosure includes a processor 901 which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. Processor 901 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 901 may also include on-board memory for caching purposes. The processor 901 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic apparatus 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other through a bus 904. The processor 901 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the programs may also be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 902 and/or the RAM 903 described above and/or one or more memories other than the ROM 902 and the RAM 903.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the page tamper-proofing method based on the front-end buried point technology provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 901. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, and downloaded and installed through the communication section 909 and/or installed from the removable medium 911. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor 901, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.
Claims (12)
1. A page tamper-proofing method based on a front-end buried point technology comprises the following steps:
acquiring first target file information, wherein the first target file information comprises a first target file, a file name and a file path of the first target file;
performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server;
acquiring second target file information through a front-end buried point, wherein the second target file information comprises a second target file, a file name and a file path of the second target file;
performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server;
tampering identification is carried out on the first target file according to the m first hash values and the m second hash values;
if the first target file is determined to be tampered, restoring the first target file according to the file name and the file path of the first target file;
the first target file is a staticized source file, and the second target file is a file when a user is accessing a page.
2. The method according to claim 1, wherein the tamper identification of the first target file according to the m first hash values and the m second hash values comprises:
removing the duplicate of the second hash value according to the second target file information and the IP information of the WEB server;
generating m groups of hash values according to the m first hash values and the m second hash values after the duplication removal;
comparing a first hash value and a second hash value in the m groups of hash values;
and determining a tampering identification result of the first target file according to the comparison result.
3. The method according to claim 2, wherein the de-duplicating the second hash value according to the second target file information and WEB server IP information comprises:
acquiring IP information of a WEB server where the second target file is located;
determining a second target file name and a file path according to the second target file information;
and removing the duplicate of the second hash value according to the second target file name, the file path and the IP information.
4. The method according to claim 2, wherein the determining the falsification identification result of the first target file according to the comparison result comprises:
and if the first hash value and the second hash value are different in any group of hash values, determining that the first target file is tampered.
5. The method of claim 1, wherein the restoring the first target file according to the file name and the file path of the first target file comprises:
determining an application service interface according to the file name and the file path of the first target file:
calling the application service interface to generate a staticized file;
performing hash calculation on the staticized file for m times to determine m third hash values, and uploading the m third hash values to an anti-tampering server;
and synchronizing the staticized file to a WEB server, and replacing the first target file in a covering manner.
6. The method of claim 1, wherein the restoring the first target file according to the file name and the file path of the first target file further comprises:
acquiring a source file in a file storage system according to the file name and the file path of the first target file;
and synchronizing the source file to a WEB server, and replacing the first target file in a covering manner.
7. The method of claim 1, wherein the obtaining the first target file information comprises:
calling a back-end application service interface to generate a first target file;
the first target file is stored in a file storage system, and the first target file is synchronized to a WEB server through a file synchronization server;
and recording the file name and the file path of the first target file.
8. The method of claim 7, wherein the obtaining second target file information through the front end buried point comprises:
setting a JS code in a page in advance;
when a user accesses a page, a second target file corresponding to the page, a file path and a file name of the second target file are obtained through a JS code preset in the page.
9. A page tamper-proofing system based on a front-end buried point technology comprises:
the device comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring first target file information, and the first target file information comprises a first target file, a file name and a file path of the first target file;
the first calculation module is used for performing hash calculation on the first target file for m times to obtain m first hash values and uploading the m first hash values to the tamper-resistant server;
the second acquisition module is used for acquiring second target file information through a front end buried point, wherein the second target file information comprises a second target file, a file name and a file path of the second target file;
the second calculation module is used for performing hash calculation on the second target file for m times to obtain m second hash values and uploading the m second hash values to the tamper-resistant server;
the identification module is used for carrying out tampering identification on the first target file according to the m first hash values and the m second hash values;
and
the recovery module is used for recovering the first target file according to the file name and the file path of the first target file if the first target file is determined to be tampered;
the first target file is a staticized source file, and the second target file is a file when a user is accessing a page.
10. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-8.
11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 8.
12. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110708380.4A CN113343312A (en) | 2021-06-25 | 2021-06-25 | Page tamper-proofing method and system based on front-end point burying technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110708380.4A CN113343312A (en) | 2021-06-25 | 2021-06-25 | Page tamper-proofing method and system based on front-end point burying technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113343312A true CN113343312A (en) | 2021-09-03 |
Family
ID=77478545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110708380.4A Pending CN113343312A (en) | 2021-06-25 | 2021-06-25 | Page tamper-proofing method and system based on front-end point burying technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343312A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115129677A (en) * | 2022-08-30 | 2022-09-30 | 睿云奇智(青岛)科技有限公司 | Operator document synchronization method and device |
| CN115242775A (en) * | 2022-07-04 | 2022-10-25 | 中国银联股份有限公司 | Resource file acquisition method, device, equipment, medium and product |
-
2021
- 2021-06-25 CN CN202110708380.4A patent/CN113343312A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242775A (en) * | 2022-07-04 | 2022-10-25 | 中国银联股份有限公司 | Resource file acquisition method, device, equipment, medium and product |
| CN115129677A (en) * | 2022-08-30 | 2022-09-30 | 睿云奇智(青岛)科技有限公司 | Operator document synchronization method and device |
| CN115129677B (en) * | 2022-08-30 | 2022-11-22 | 睿云奇智(青岛)科技有限公司 | Operator document synchronization method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107729352B (en) | Page resource loading method and terminal equipment | |
| CN105373448B (en) | The restoration methods and system of fault data in database | |
| JP6488508B2 (en) | Web page access method, apparatus, device, and program | |
| CN110262807B (en) | Cluster creation progress log acquisition system, method and device | |
| EP3161610B1 (en) | Optimized browser rendering process | |
| US11503070B2 (en) | Techniques for classifying a web page based upon functions used to render the web page | |
| US8433906B2 (en) | Method and system for microlocking web content | |
| CN111259282B (en) | URL (Uniform resource locator) duplication removing method, device, electronic equipment and computer readable storage medium | |
| US20220300698A1 (en) | Techniques for web framework detection | |
| CN113343312A (en) | Page tamper-proofing method and system based on front-end point burying technology | |
| CN112965945A (en) | Data storage method and device, electronic equipment and computer readable medium | |
| CN111338834B (en) | Data storage method and device | |
| US9497252B2 (en) | On-demand code version switching | |
| CN110765334A (en) | Data capture method, system, medium and electronic device | |
| CN113505302A (en) | Method, device and system for supporting dynamic acquisition of buried point data and electronic equipment | |
| CN115357761A (en) | Link tracking method and device, electronic equipment and storage medium | |
| CN114153703A (en) | Micro-service exception positioning method and device, electronic equipment and program product | |
| US9253279B2 (en) | Preemptive caching of data | |
| CN113132400B (en) | Business processing method, device, computer system and storage medium | |
| CN112882921B (en) | Fault simulation method and device | |
| US11216490B2 (en) | Method and system for the creation and maintenance of a web presence data store built automatically for all entities with a social media presence | |
| US10671505B2 (en) | System and method for monitoring service | |
| CN111767486A (en) | Method, device, electronic equipment and computer readable medium for displaying page | |
| US20110138009A1 (en) | Methods, Systems and Computer Program Products for Tracking Creations on the Internet | |
| CN115426394A (en) | Communication connection method, communication connection device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |