CN113660292B - Method and device for acquiring information of calling client main body - Google Patents
Method and device for acquiring information of calling client main body Download PDFInfo
- Publication number
- CN113660292B CN113660292B CN202111212724.9A CN202111212724A CN113660292B CN 113660292 B CN113660292 B CN 113660292B CN 202111212724 A CN202111212724 A CN 202111212724A CN 113660292 B CN113660292 B CN 113660292B
- Authority
- CN
- China
- Prior art keywords
- client
- network address
- connection terminal
- remote connection
- hook program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
Abstract
The application discloses a method and a device for acquiring information of a main body of a calling client, wherein the method comprises the following steps: the Hook program determines that the client is called, wherein the Hook program is hooked on the client, and the client is used for accessing the database after being called; the method comprises the steps that a Hook program acquires identification information of a remote connection terminal, wherein the remote connection terminal is a terminal program, and the terminal program is used for remotely calling a client; the Hook program acquires a network address used by the remote connection terminal for calling the client according to the terminal identifier; the Hook program records the called information of the client, wherein the called information at least comprises the following information: a network address. The problem that information of a remote connection terminal for calling a client to access a database cannot be acquired in the prior art is solved, and a caller of the client can be effectively found, so that a basis is provided for risk prevention and processing.
Description
Technical Field
The application relates to the field of data processing, in particular to a method and a device for acquiring information of a main body of a calling client.
Background
With the continuous expansion of data size, the role of database becomes more and more important. When the database is accessed, the database client is required to access the database, and the database also records log files. The log file records clients accessing the database, access time, operations performed, and the like.
Generally, a database may consider a session established through a database client to be secure, in one case, a remote connection terminal logs in a database server through a protocol such as SSH and then accesses the database server by using a data local client, and at this time, it can only record that the remote connection terminal accesses the database server through the local client.
Disclosure of Invention
The embodiment of the application provides a method and a device for acquiring information of a main body of a calling client, so as to at least solve the problem in the prior art that the information of a remote connection terminal for accessing a database by the calling client cannot be acquired.
According to one aspect of the application, an information method for acquiring a main body of a calling client is provided, and the method is characterized by comprising the following steps: determining that a client is called by a Hook program, wherein the Hook program is hooked on the client, and the client is used for accessing a database after being called; the Hook program acquires identification information of a remote connection terminal, wherein the remote connection terminal is a terminal program used for remotely calling the client; the Hook program acquires a network address used by the remote connection terminal for calling the client according to the terminal identification; the Hook program records the information called by the client at this time, wherein the called information at least comprises: the network address.
Further, the called information further includes at least one of: the SQL sentence sent by the remote connection terminal to the database through the client, the time called by the remote connection terminal by the client and the identification information of the remote connection terminal.
Further, before the Hook program determines that the client is invoked, the method further comprises: configuring the corresponding relation between the identification information of the remote connection terminal and the network address used by the remote connection terminal; the step of acquiring the network address used by the remote connection terminal for calling the client according to the terminal identifier by the Hook program comprises the following steps: and the Hook program searches the network address used by the remote connection terminal for calling the client from the corresponding relation according to the terminal identification.
Further, still include: and under the condition that the Hook program fails to acquire the network address used by the remote connection terminal for calling the client according to the terminal identification, the Hook program interrupts the calling of the client through the remote connection terminal.
Further, before the Hook program interrupts the call to the client through the remote connection terminal, the method further includes: the Hook program constructs an error message of the connection failure of the database; and the Hook program returns the constructed error message to the client.
Further, still include: and the Hook program determines whether the SQL statement needs to be audited according to the network address, wherein the SQL statement is the SQL statement sent to the database by the remote connection terminal corresponding to the network address through the client.
Further, the step of determining whether the SQL statement needs to be audited by the Hook program according to the network address includes: under the condition that the network address is a remote network address, the Hook program determines that the SQL statement needs to be audited; and under the condition that the network address is the local network address, the Hook program determines that the SQL statement does not need to be audited.
According to another aspect of the present application, there is also provided an information apparatus for obtaining a subject of a calling client, the apparatus comprising one or more modules for performing the steps of the method described above.
According to another aspect of the present application, there is also provided a processor for executing the Hook program described above.
According to another aspect of the present application, there is also provided a memory for the Hook program described above.
In the embodiment of the application, a Hook program is adopted to determine that a client is called, wherein the Hook program is hooked on the client, and the client is used for accessing a database after being called; the Hook program acquires identification information of a remote connection terminal, wherein the remote connection terminal is a terminal program used for remotely calling the client; the Hook program acquires a network address used by the remote connection terminal for calling the client according to the terminal identification; the Hook program records the information called by the client at this time, wherein the called information at least comprises: the network address. The problem that information of a remote connection terminal for calling a client to access a database cannot be acquired in the prior art is solved, and a caller of the client can be effectively found, so that a basis is provided for risk prevention and processing.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:
fig. 1 is a flowchart of a method for obtaining information of a main body of a calling client according to an embodiment of the present application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.
In this embodiment, a method for obtaining information of a main body of a calling client is provided, and fig. 1 is a flowchart of a method for obtaining information of a main body of a calling client according to an embodiment of the present application, as shown in fig. 1, the method includes the following steps:
step S102, a Hook (Hook) program determines that a client (namely a database client) is called, wherein the Hook program is hooked on the client, and the client is used for accessing the database after being called;
in some cases, the client may access the database through SSH, as an optional implementation, the HOOK program may add a HOOK point through functions such as read, fgets, fwrite in libc library, read the location information read from the last file through the HOOK point, if there is an update, read the cache data obtained from HOOK after the last location, extract information such as time information, ASCII code string, and plaintext data, process the plaintext data string, determine key value information according to whether it is a displayable character and a corresponding ASCII code, and then parse each complete command with a special symbol as an end feature, thereby obtaining a secret key.
Step S104, the Hook program acquires identification information of a remote connection terminal, wherein the remote connection terminal is a terminal program, and the terminal program is used for remotely calling a client;
the remote connection terminal is used for performing remote connection, and some control modes can be adopted for the remote connection, for example, a remote control request message containing an authorized device key sent by an authorizing device is received, and the authorized device key comprises an identity identification code of the authorized device; according to the identity code, sending a remote control notification message to an authorized device corresponding to the identity code, wherein the remote control notification message comprises: the authorized device key and a self-generated remote control link; when a remote control feedback message sent by the authorized equipment through the remote control link is received, the identity of the authorized equipment is checked according to an authorized equipment key carried in the remote control feedback message; when the audit is passed, sending a remote control connection pass message to an authorizing device to establish a remote control connection between the authorizing device and an authorized device through the remote control link. The remote connection terminal is installed to the authorizing device and the authorized device for performing control of the remote connection.
Step S106, the Hook program acquires a network address used by the remote connection terminal for calling the client according to the terminal identification;
in this step, as an optional additional embodiment, the Hook program may obtain the network address used by the remote connection terminal by extracting the content in the captured network data packet in a manner of capturing the network data packet. In the following, another optional embodiment is described, a network address may be obtained according to a correspondence between a terminal identifier and a network address, at this time, whether a network address obtained by packet capturing and a network address obtained by the correspondence are consistent or not may be compared, and if the two network addresses are not consistent, it is determined that a remote connection terminal using the network address is an untrusted remote connection terminal (the processing of the untrusted remote connection terminal is consistent with the processing of the blacklisted client). For an untrusted remote connected terminal, the Hook program interrupts the call to the client by the remote connected terminal. After determining that the remote connection terminal using the network address is untrusted, the identification information of the remote connection terminal and the network address are added to a blacklist. The identification information and network addresses in the black list can be edited by an administrator. When the administrator deletes or changes the identification information and the network address in the blacklist, the change of the administrator is recorded, the name of a login user of the administrator and the changed content are both recorded in a log file, the log file is sent to a pre-configured user after the administrator changes, and the user is used for auditing the operation of the administrator.
Step S108, the Hook program records the called information of the client, wherein the called information at least comprises: a network address.
Through the above steps, a Hook program is configured at the database client (in this embodiment, simply referred to as the client), and since the Hook program is hooked on the client, some operations can be performed with the identity of the client. The Hook program is started along with the starting of the client, and once the remote connection terminal calls the client, the Hook program can acquire the action executed by the remote connection terminal through the client. Therefore, the problem caused by the fact that information of the remote connection terminal for calling the client to access the database cannot be acquired in the prior art is solved through the embodiment, the caller of the client can be effectively found, and therefore a basis is provided for risk prevention processing.
Since the Hook program can monitor the behavior of the client, for better operation, other called information may also be recorded, that is, in an alternative embodiment, the called information may further include at least one of the following: the SQL sentence sent by the remote connection terminal to the database through the client, the time called by the remote connection terminal by the client and the identification information of the remote connection terminal. After the information is recorded, a basis is provided for viewing all operations performed by the remote connection terminal in the future, the called information can be used as data statistics, for example, which remote connection terminal performs the most operations on the database through the client in a preset time period, the contents and objects of the operations, and the like, and the data statistics provide data support for making security measures of the database in the future.
As an optional additional embodiment, the SQL statements sent by the remote connection terminal of the predetermined network address within a period of time may be counted, all SQL statements are traversed, the risky SQL statement is determined therefrom, and the frequency of sending the risky SQL statement by the remote connection terminal of the predetermined network address is counted. And in the case that the frequency is less than a first threshold value, determining that the remote connection terminal using the predetermined network address is a trusted remote connection terminal. The method comprises the steps that the trusted remote connection terminal directly sends SQL sentences sent by a client to a database for execution, and a Hook program only backs up the SQL sentences without intervening in sending the SQL sentences.
As another optional added embodiment, if the frequency of sending the risky SQL statements by the remote connection terminal using the predetermined network address is greater than a second threshold, an alarm message is sent to the administrator, wherein the alarm message is used to indicate that the remote connection terminal of the predetermined network address is blacklisted, and the blacklisted remote connection terminal is rejected when calling the client, for example, the Hook program interrupts the call to the client by the remote connection terminal, wherein the second threshold is greater than the first threshold.
In another case, the Hook program may also interrupt the call of the remote connection terminal to the client, that is, the Hook program fails to acquire the network address used by the remote connection terminal to call the client according to the terminal identifier, and this is generated because in an optional embodiment, the correspondence between the identification information of the remote connection terminal and the network address may be pre-configured, which is equivalent to pre-binding the network address and the identification information, and the acquiring, by the Hook program according to the terminal identifier, the network address used by the remote connection terminal to call the client includes: and the Hook program searches the network address used by the remote connection terminal for calling the client from the corresponding relation according to the terminal identification.
In this optional embodiment, if the Hook program cannot find the network address according to the identifier of the terminal, it indicates that the remote connection terminal using the network address is an untrusted client, and thus the Hook program interrupts the call to the client through the remote connection terminal.
In another optional mode, in order to improve the interactivity, before the Hook program interrupts the call to the client through the remote connection terminal, the Hook program constructs an error message of the connection failure of the database; the Hook program returns the constructed error message to the client. As an alternative embodiment, it is also possible to add to the content of the error message that the network address used by the remote connection terminal is not trusted, which may be a better prompt for the user using the remote connection terminal.
In another optional implementation, the Hook program may determine whether to send the SQL to the program or the service responsible for the audit according to the configuration, and in this optional embodiment, the Hook program may determine whether to audit the SQL statement according to the network address, where the SQL statement is the SQL statement sent by the remote connection terminal corresponding to the network address to the database through the client. For example, in the case that the network address is a remote network address, the Hook program determines that the SQL statement needs to be audited; in the case where the network address is the local network address, the Hook program determines that an audit of the SQL statement is not required.
Besides determining whether auditing is needed according to the network address, the frequency of sending risk SQL statements in the above embodiment can be combined to determine how to audit. For example, for a remote connection terminal corresponding to a network address where the frequency of sending risk SQL statements is lower than the first threshold, it is right to directly backup by calling SQL sent by the client. And for the remote connection terminal corresponding to the network address with the frequency of sending the risk SQL statement being more than or equal to the first threshold and less than or equal to the second threshold, judging by calling the SQL statement sent by the terminal, if the risk SQL statement is matched with a predetermined risk statement keyword, stopping the execution of the statement, sending the SQL statement to a service or a program responsible for risk investigation by the Hook program, and after the investigation is safe, controlling the client to send the SQL statement to the database by the Hook program. If the SQL statement does not comprise the predetermined risk statement keyword, backing up the SQL, and directly sending the SQL statement to the database to be executed as if the SQL statement keyword is executed.
Through the embodiment, the risk level of the remote connection terminal can be determined according to the network address of the remote connection terminal, so that the safety and the efficiency of SQL statement execution can be considered in different modes.
There is also provided in this embodiment an electronic device comprising a memory having a computer program (e.g., the Hook program in the above embodiments) stored therein and a processor configured to execute the computer program to perform the method in the above embodiments.
The programs described above may be run on a processor or may also be stored in memory (or referred to as computer-readable media), which includes both non-transitory and non-transitory, removable and non-removable media, that implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
These computer programs may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks, and corresponding steps may be implemented by different modules. In this embodiment, there is provided an apparatus referred to as an information apparatus for acquiring a subject of a calling client, the apparatus including one or more modules for performing the steps of the method described above. The steps have already been described in the above embodiment of the method, and are not described again in this embodiment.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (8)
1. A method for obtaining information of a main body of a calling client is characterized by comprising the following steps:
determining that a client is called by a Hook program, wherein the Hook program is hooked on the client, and the client is used for accessing a database after being called;
the Hook program acquires identification information of a remote connection terminal, wherein the remote connection terminal is a terminal program used for remotely calling the client;
the Hook program acquires a network address used by the remote connection terminal for calling the client according to the terminal identification; the Hook program can acquire the network address used by the remote connection terminal by extracting the content in the captured network data packet in a network data packet capturing mode; acquiring a network address according to the corresponding relation between the terminal identification and the network address, comparing whether the network address acquired by packet capturing is consistent with the network address acquired through the corresponding relation or not, and if the two network addresses are inconsistent, determining that the remote connection terminal using the network address is an untrusted remote connection terminal; for an untrusted remote connection terminal, the Hook program interrupts the call of the remote connection terminal to the client; after determining that the remote connection terminal using the network address is untrusted, adding identification information of the remote connection terminal and the network address to a blacklist; the identification information and the network address in the blacklist can be edited by an administrator; when the administrator deletes or changes the identification information and the network address in the blacklist, the change of the administrator is recorded, the name of a login user of the administrator and the changed content are both recorded in a log file, and after the administrator changes, the log file is sent to a pre-configured user, and the user is used for auditing the operation of the administrator;
the Hook program records the information called by the client at this time, wherein the called information at least comprises: the network address.
2. The method of claim 1, wherein the called information further comprises at least one of: the SQL sentence sent by the remote connection terminal to the database through the client, the time called by the remote connection terminal by the client and the identification information of the remote connection terminal.
3. The method of claim 1,
before the Hook program determines that the client is invoked, the method further comprises: configuring the corresponding relation between the identification information of the remote connection terminal and the network address used by the remote connection terminal;
the step of acquiring the network address used by the remote connection terminal for calling the client according to the terminal identifier by the Hook program comprises the following steps: and the Hook program searches the network address used by the remote connection terminal for calling the client from the corresponding relation according to the terminal identification.
4. The method of any of claims 1 to 3, further comprising:
and under the condition that the Hook program fails to acquire the network address used by the remote connection terminal for calling the client according to the terminal identification, the Hook program interrupts the calling of the client through the remote connection terminal.
5. The method of claim 4, wherein before the Hook program interrupts the call to the client through the remotely connected terminal, the method further comprises:
the Hook program constructs an error message of the connection failure of the database;
and the Hook program returns the constructed error message to the client.
6. The method of any of claims 1 to 3, further comprising:
and the Hook program determines whether the SQL statement needs to be audited according to the network address, wherein the SQL statement is the SQL statement sent to the database by the remote connection terminal corresponding to the network address through the client.
7. The method of claim 6, wherein the Hook program determining whether an audit of the SQL statement is required based on the network address comprises:
under the condition that the network address is a remote network address, the Hook program determines that the SQL statement needs to be audited;
and under the condition that the network address is the local network address, the Hook program determines that the SQL statement does not need to be audited.
8. An information device for obtaining a subject of a calling client, the device comprising one or more modules for performing the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111212724.9A CN113660292B (en) | 2021-10-19 | 2021-10-19 | Method and device for acquiring information of calling client main body |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111212724.9A CN113660292B (en) | 2021-10-19 | 2021-10-19 | Method and device for acquiring information of calling client main body |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113660292A CN113660292A (en) | 2021-11-16 |
| CN113660292B true CN113660292B (en) | 2022-01-11 |
Family
ID=78494582
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111212724.9A Active CN113660292B (en) | 2021-10-19 | 2021-10-19 | Method and device for acquiring information of calling client main body |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113660292B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112926050B (en) * | 2021-02-05 | 2024-02-09 | 北京亿赛通网络安全技术有限公司 | Method for obtaining SSH encrypted content based on HOOK technology and application thereof |
| CN114465752A (en) * | 2021-12-10 | 2022-05-10 | 奇安信科技集团股份有限公司 | Remote call detection method and device, electronic equipment and storage medium |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100438435C (en) * | 2005-10-12 | 2008-11-26 | 腾讯科技(深圳)有限公司 | Method for limiting browser access network address |
| US20080306815A1 (en) * | 2007-06-06 | 2008-12-11 | Nebuad, Inc. | Method and system for inserting targeted data in available spaces of a webpage |
| CN103327025B (en) * | 2013-06-28 | 2016-08-24 | 北京奇虎科技有限公司 | Method for network access control and device |
| CN103530218A (en) * | 2013-10-09 | 2014-01-22 | 韩金倡 | Monitoring triggering method based on behavior detection |
| CN107273763B (en) * | 2017-06-23 | 2020-12-04 | 上海艺赛旗软件股份有限公司 | Fuzzy replacement method and system for SQL (structured query language) driver layer sensitive data |
| WO2019067689A1 (en) * | 2017-09-27 | 2019-04-04 | Carbon Black, Inc. | Methods for protecting software hooks, and related computer security systems and apparatus |
| US11580068B2 (en) * | 2017-12-15 | 2023-02-14 | Palantir Technologies Inc. | Systems and methods for client-side data analysis |
| CN109271414B (en) * | 2018-12-05 | 2021-08-13 | 北京安华金和科技有限公司 | IPC-based database local communication auditing method |
| CN111552934A (en) * | 2020-04-13 | 2020-08-18 | 中国银联股份有限公司 | Database access method and device |
| CN113378233B (en) * | 2021-08-16 | 2021-11-30 | 北京安华金和科技有限公司 | System and method for preventing database access through direct connection |
-
2021
- 2021-10-19 CN CN202111212724.9A patent/CN113660292B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113660292A (en) | 2021-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113660292B (en) | Method and device for acquiring information of calling client main body | |
| CN111294345B (en) | Vulnerability detection method, device and equipment | |
| CN109922062B (en) | Source code leakage monitoring method and related equipment | |
| CN107347057B (en) | Intrusion detection method, detection rule generation method, device and system | |
| CN109783316B (en) | Method and device for identifying tampering behavior of system security log, storage medium and computer equipment | |
| CN113872965B (en) | SQL injection detection method based on Snort engine | |
| CN112818307A (en) | User operation processing method, system, device and computer readable storage medium | |
| CN112131205A (en) | Database blocking method and device | |
| CN113961940B (en) | Override detection method and device based on authority dynamic update mechanism | |
| CN114756530B (en) | Client information processing method based on bastion machine | |
| CN116232875B (en) | Remote office method, device, equipment and medium | |
| CN113360752A (en) | Message pushing method, device, equipment and readable medium | |
| CN111885088A (en) | Log monitoring method and device based on block chain | |
| CN116841645A (en) | Database flow processing method and system for database audit | |
| CN113536304B (en) | Anti-detour method and equipment based on operation and maintenance audit system | |
| CN115795509A (en) | Weak password event processing method and device, processor and electronic equipment | |
| CN115714660A (en) | Authority configuration method and device | |
| CN115834101A (en) | Login control method, system, storage medium and electronic equipment | |
| CN114793171A (en) | Access request intercepting method and device, storage medium and electronic device | |
| CN114153641A (en) | Audit log dynamic realization method and device based on interceptor technology | |
| CN114567472A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN110990873B (en) | Monitoring method for illegal operation, computer equipment and storage medium | |
| CN107463842B (en) | SQL injection auditing or protecting method and device based on database protocol | |
| CN112817833A (en) | Method and device for monitoring database | |
| CN113037724B (en) | Method and device for detecting illegal access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |