CN113722639B - Website access verification method, device, electronic equipment and readable storage medium - Google Patents
Website access verification method, device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN113722639B CN113722639B CN202110984559.2A CN202110984559A CN113722639B CN 113722639 B CN113722639 B CN 113722639B CN 202110984559 A CN202110984559 A CN 202110984559A CN 113722639 B CN113722639 B CN 113722639B
- Authority
- CN
- China
- Prior art keywords
- website
- preset protection
- codes
- format
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/42—Syntactic analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the invention provides a website access verification method, a device, electronic equipment and a readable storage medium, wherein the format of partial source codes in a target website is converted from an original format into the format of preset protection codes in advance, the preset protection codes are combined with the partial source codes of the target website, when the target website is accessed, the preset protection codes can be loaded to carry out safety verification on the target website, and under the condition that the safety verification result is failure, the target website can be determined not to be a safety website, at the moment, the non-reduction operation can be carried out on the partial source codes through the preset protection codes in the process of loading the target website, and the partial source codes cannot be normally loaded, so that the target website is not fully loaded, the effect of protecting the safety website is achieved, the information safety is ensured, and the files of the safety website are not required to be modified when the domain name and the IP of the safety website are not required to be bound each time, so that the operation is simple and the cost is low.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a website access verification method, a device, an electronic apparatus, and a readable storage medium.
Background
Websites are tools for users to provide or obtain web services to or from other objects, and as network resources are enriched, the act of raking up stations is increasing.
The raking station is also called as a simulated station, and refers to downloading resources such as HTML (Hyper Text Markup Language ), JS (JavaScript, javaScript language), CSS (Cascading Style Sheets, cascading style sheet) and the like of the total station in a specified website, and building similar simulated station behaviors through the resources, wherein the behaviors may cause potential safety hazards.
At present, the 'domain name/IP binding' technology is often adopted for preventing the station-raking behavior, specifically comprising binding the domain name of the current website in the JS file of the website, and not executing website loading when the domain names are inconsistent so as to prevent station-raking. However, when the domain name/IP binding changes the domain name and IP of the website, the JS file needs to be modified in time to ensure the protection effect of the website, so that the operation is complicated and the cost is high.
Disclosure of Invention
The embodiment of the invention aims to provide a website access verification method, a website access verification device, electronic equipment and a readable storage medium, so that the website access verification method, the device, the electronic equipment and the readable storage medium are simple and convenient to operate, low-cost station-raking protection is realized, and the protection effect on websites is improved.
The specific technical scheme is as follows:
in a first aspect of the embodiment of the present invention, there is provided a website access verification method, which may include:
when a target website is accessed, loading a preset protection code, wherein the preset protection code is combined with part of source codes of the target website, and the format of the part of source codes is converted from an original format into the format of the preset protection code in advance;
performing security verification on the target website by executing the preset protection code;
and under the condition that the result of the security verification is failure, executing non-restoring operation on the part of source codes through the preset protection codes in the process of loading the target website.
Optionally, the performing, by the preset protection code, a non-restore operation on the portion of source code includes:
outputting a messy code through the preset protection code; or alternatively, the first and second heat exchangers may be,
and outputting the partial source code through the preset protection code.
Optionally, the format of the preset protection code is a dynamic execution format, and the performing security verification on the target website by executing the preset protection code includes:
and acquiring a verification file from the file directory of the target website by executing the preset protection code in the dynamic execution format, and performing the security verification.
Optionally, after the security verification is performed on the target website by executing the preset protection code, the method further includes:
and under the condition that the security verification result is successful, in the process of loading the target website, restoring the part of source codes into the original format through the preset protection codes and outputting the restored source codes.
Optionally, before loading the preset protection code when the target website is accessed, the method further includes:
converting the format of part of source codes of the original website from the original format so that the format of the part of source codes is the same as the format of the preset protection codes;
and merging the preset protection code with the partial source code.
Optionally, after the merging the preset protection code with the partial source code, the method further includes:
and creating a verification file in the file directory of the original website, wherein the verification file is used for being obtained from the file directory by executing the preset protection code in a dynamic execution format.
Optionally, after the merging the preset protection code with the partial source code, the method further includes:
and mixing the combined preset protection codes with the preset protection codes.
In a second aspect of the embodiment of the present invention, there is also provided a website access verification apparatus, which may include:
the website access module is used for loading preset protection codes when a target website is accessed, wherein the preset protection codes are combined with part of source codes of the target website, and the format of the part of source codes is converted from an original format into the format of the preset protection codes in advance;
the website verification module is used for carrying out security verification on the target website by executing the preset protection code;
and the website loading module is used for executing non-restoring operation on the partial source codes through the preset protection codes in the process of loading the target website under the condition that the security verification result is failure.
Optionally, the website loading module is specifically configured to output a messy code through the preset protection code; or alternatively, the first and second heat exchangers may be,
the website loading module is specifically configured to not output the part of source code through the preset protection code.
Optionally, the format of the preset protection code is a dynamic execution format, and the website verification module is specifically configured to obtain, by executing the preset protection code in the dynamic execution format, a verification file from a file directory of the target website, and perform the security verification.
Optionally, the website loading module is further configured to restore the partial source code to the original format through the preset protection code and output the restored partial source code in the process of loading the target website when the security verification result is successful.
Optionally, the apparatus further comprises:
the code conversion module is used for carrying out format conversion on part of source codes of the original website from an original format so that the format of the part of source codes is the same as that of the preset protection codes;
and the code merging module is used for merging the preset protection code with the partial source code.
Optionally, the apparatus further comprises:
and the verification file module is used for creating a verification file in the file directory of the original website, and the verification file is used for acquiring the preset protection code in a dynamic execution format from the file directory.
Optionally, the apparatus further comprises:
and the code confusion module is used for carrying out confusion on the combined preset protection codes and the preset protection codes.
In yet another aspect of the embodiment of the present invention, there is also provided an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing any one of the website access verification methods when executing the programs stored in the memory.
In yet another aspect of the embodiments of the present invention, there is also provided a readable storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform any one of the website access verification methods described above.
In yet another aspect of an embodiment of the present invention, there is also provided a computer program product containing instructions that, when run on a computer, cause the computer to perform any of the website access verification methods described above.
In the embodiment of the invention, the format of part of source codes in the target website is converted from the original format into the format of the preset protection codes in advance, the preset protection codes are combined with the part of source codes of the target website, when the target website is accessed, the preset protection codes can be loaded to carry out security verification on the target website, and under the condition that the security verification result is failure, the target website can be determined not to be a security website, at the moment, the part of source codes can be subjected to non-restoration operation through the preset protection codes in the process of loading the target website, and the part of source codes cannot be normally loaded because the part of source codes are not restored, so that the target website is not fully loaded, the effect of protecting the security website is achieved, the information security is ensured, and the domain name and the IP of the security website are not required to be bound, and the file of the security website is not required to be modified when the domain name and the IP are replaced each time, so that the operation is simple and the cost is low.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
FIG. 1 is a flow chart of steps of a method for verifying website access according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating steps of another method for verifying website access according to an embodiment of the present invention;
FIG. 3 is a logic diagram of a website code processing tool provided by an embodiment of the present invention;
FIG. 4 is a block diagram of a website access verification device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.
Fig. 1 is a flowchart of steps of a website access verification method according to an embodiment of the present invention, where, as shown in fig. 1, the method may include:
step 101, loading a preset protection code when a target website is accessed, wherein the preset protection code is combined with a part of source codes of the target website, and the format of the part of source codes is converted from an original format into the format of the preset protection code in advance.
In the embodiment of the invention, the target website can be any website such as a video website, a shopping website, a news website and a blog website, the preset protection code is configured in the code of the target website and is combined with a part of source codes of the target website, the format of the preset protection code is different from the original format of the part of source codes of the target website, the part of source codes are converted into the format of the preset protection code from the original format, and the target website can not be completely loaded under the condition that the format of the part of source codes is not the original format, wherein the part of source codes can be codes which are appointed by a user in advance from the source codes of the target website, or can be codes with random length and random position selected from the source codes.
In the embodiment of the invention, the target website may be the original website to be protected or the simulated website of the original website, so that part of source codes of the original website can be converted from the original format into the format of the preset protection codes in advance and combined with the preset protection codes, and the preset protection codes are downloaded when the original website is taken off, so that the simulated website built based on the downloaded codes also comprises the preset protection codes, and therefore, when the target website is accessed, the built-in preset protection codes can be directly loaded.
And 102, performing security verification on the target website by executing the preset protection code.
In the embodiment of the invention, the preset protection code can be executed to perform security verification on the target website, and the security verification can be to determine whether the target website is the original website according to the execution result of the preset protection code, wherein the security verification can be to compare the execution result of the preset protection code when the target website is accessed with the execution result of the preset protection code when the original website is accessed.
And 103, under the condition that the security verification result is failure, executing non-restoring operation on the part of source codes through the preset protection codes in the process of loading the target website.
In the embodiment of the invention, when the execution results of the preset protection codes are inconsistent, the security risk of the target website compared with the original website can be determined, for example, the target website can be an imitation station or the target website can be a tampered website of the source code, at this time, in the process of loading the resources and files of the target website, the non-restoring operation can be performed on part of the source code through the preset protection codes, wherein the non-restoring operation refers to other operations of not restoring the format of the part of the source code to the original format, so that the target website cannot be completely loaded, the user can be prevented from accessing the imitation station under the condition of no knowledge, and the information security of the original website can be protected.
In the embodiment of the invention, the format of part of source codes in the target website is converted from the original format into the format of the preset protection codes in advance, the preset protection codes are combined with the part of source codes of the target website, when the target website is accessed, the preset protection codes can be loaded to carry out security verification on the target website, and under the condition that the security verification result is failure, the target website can be determined not to be a security website, at the moment, the part of source codes can be subjected to non-restoration operation through the preset protection codes in the process of loading the target website, and the part of source codes cannot be normally loaded because the part of source codes are not restored, so that the target website is not fully loaded, the effect of protecting the security website is achieved, the information security is ensured, and the domain name and the IP of the security website are not required to be bound, and the file of the security website is not required to be modified when the domain name and the IP are replaced each time, so that the operation is simple and the cost is low.
Fig. 2 is a flowchart of steps of another website access verification method according to an embodiment of the present invention, where, as shown in fig. 2, the method may include:
step 201, converting a part of source codes of an original website from an original format to make the format of the part of source codes identical to the format of the preset protection codes.
In the embodiment of the present invention, the original website may be any website of a video website, a shopping website, a news website, a blog website, etc. to be protected, and the partial source code of the original website may be converted from the original format into the same format as the preset protection code, alternatively, the format of the partial source code may be a static language format used to define the content, style, layout, etc. of the document of the target website, such as HTML, CSS, etc., and the preset protection code may be a dynamic execution format used to define the interaction of the target website, such as JS, etc., and the format of converting the partial source code into the preset protection code may correspond to the related description referred to in step 101, so that the description is omitted herein for avoiding repetition.
And 202, merging the preset protection code with the partial source code.
In the embodiment of the invention, the preset protection code and the partial source code in the same format can be combined, so that after the safety verification of the preset protection code, the corresponding operation is executed on the partial source code according to the safety verification result, and the effects of limiting access to the target website and protecting information safety are achieved.
Optionally, the original format is HTML, the format of the preset protection code is JS, and the steps 201 to 202 specifically include:
and S11, analyzing the HTML code in a grammar manner so as to insert the preset protection code into the HTML code, and outputting the partial source code in the HTML code by adopting JS.
And step S12, merging the partial source codes output by adopting JS with the preset protection codes.
In the embodiment of the invention, the original format of the source code of the original website can be HTML, the format of the preset protection code can be JS, at this time, the HTML code can be subjected to grammar analysis, and the execution logic of the HTML code can be determined according to the grammar analysis, so that the preset protection code can be inserted into the HTML code under the condition of not damaging the integrity of the HTML code, part of the source code in the HTML code can be a part of the source code designated by a user or a part of the source code selected randomly, the part of the source code is output by adopting JS to be converted into the format of the preset protection code and combined with the preset protection code in the same format, and the deployment of the preset protection code by the original website is completed.
Step 203, confusing the combined preset protection code with the preset protection code.
In the embodiment of the invention, after the part of source codes after format conversion are combined with the preset protection codes in the same format, the mixed preset protection codes and part of source codes can be mixed to lose readability, so that potential safety hazards caused by logic, functions and the like corresponding to the preset protection codes and part of source codes are prevented from being statically analyzed and determined according to the static analysis, the safety of the target website codes is enhanced, and optionally, a JS confusion tool with an open source such as JScrambler, jshaman, webpack can be used for mixing the mixed preset protection codes and part of source codes, which is not particularly limited.
And 204, creating a verification file in the file directory of the original website, wherein the verification file is used for being obtained from the file directory by executing the preset protection code in a dynamic execution format.
In the embodiment of the invention, the preset protection code can be in a dynamic execution format, and because the raking station can obtain static resources defined under a static language format and can not obtain interactive contents defined by the dynamic execution format, an authentication file can be created in a file directory of an original website, the authentication file is obtained from the file directory by executing the preset protection code, the raking station can download the preset protection code, but cannot download the authentication file which needs to execute the preset protection code to dynamically obtain, the authentication file exists in the file directory of the original website, and the authentication file does not exist in the file directory of an imitation station.
In the embodiment of the invention, the file content of the verification file can be empty or can be filled with any data so as to distinguish different verification files, the embodiment of the invention does not particularly limit the name and content of the verification file, for example, the authentication file may be a "-file-, a file-, a file-file, etc.
In the embodiment of the present invention, the steps 201 to 204 may also be implemented by a code tool, and fig. 3 is a logic diagram of a website code processing tool provided in the embodiment of the present invention, as shown in fig. 3, the execution logic of steps 201 to 204 may be written as a corresponding website code processing tool, where the website code processing tool may receive the input HTML code of the original website, and further the website code processing tool may automatically execute "parse the HTML code of the original website", "insert a preset protection code into the HTML code of the original website", "format convert part of the source code in the HTML code of the original website", "merge part of the source code with the preset protection code", "mix the merged part of the source code with the preset protection code", "generate a verification file in a root directory of the original website", etc., so as to directly output the code after the original website code processing tool inputs the source code of the original website, which can implement access verification, and further improve the efficiency of protecting the source code of the original website.
Step 205, loading a preset protection code when a target website is accessed, wherein the preset protection code is combined with a part of source codes of the target website, and the format of the part of source codes is converted from an original format into the format of the preset protection code in advance.
In the embodiment of the present invention, step 205 may correspond to the description of step 101, and is not repeated here.
And 206, acquiring a verification file from the file directory of the target website by executing the preset protection code in the dynamic execution format, and performing the security verification.
In the embodiment of the invention, after the preset protection code is loaded, the verification file can be obtained from the file directory of the target website by executing the preset protection code in the dynamic execution format, and according to the processing procedure, under the condition that the verification file is successfully obtained, the execution result of the preset protection code can be determined to be consistent with the execution result of the original website; under the condition that the acquisition of the verification file fails, the execution result of the preset protection code is inconsistent with the execution result of the original website, and at the moment, the target website has potential safety hazards.
For example, when the target website is accessed, the preset protection code is automatically executed to initiate an XMLHttpRequest request to access the root directory of the target website, so as to obtain the preset verification file.
Step 207, executing non-restoring operation on the part of source codes through the preset protection codes in the process of loading the target website under the condition that the security verification result is failure.
In the embodiment of the present invention, step 207 may correspond to the related description of step 103, and is not repeated here.
Optionally, in step 207, performing a non-restore operation on the portion of source code through the preset protection code includes:
and S21, outputting the messy codes through the preset protection codes.
Or, step S22, not outputting the partial source code through the preset protection code.
In the embodiment of the invention, the non-restoring operation is performed on the partial source code, that is, the random code different from the partial source code is output through the preset protection code, so that the HTML code of the target website cannot be completely executed, or the preset protection code does not output the partial source code, for example, the preset protection code does not call document.
Step 208, in the process of loading the target website, restoring the partial source code into the original format through the preset protection code and outputting the restored source code if the security verification result is successful.
In the embodiment of the invention, the verification file dynamically requested by the preset protection code in the scraping station is not automatically downloaded, so that when the verification file exists in the file directory of the target website, the target website is considered not to be an imitation station, the safety verification result of the access to the target website is safe, at the moment, the target website can be loaded according to the access request of the target website, and the dynamic execution format of the part of source code is restored to the original format through the preset protection code, thereby being capable of completely executing the part of source code and other codes of the target website and ensuring the safety and the integrity of the target website.
For example, in the case where "-file" exists in the root directory of the target website, the preset protection code calls document.
In the embodiment of the invention, the format of part of source codes in the target website is converted from the original format into the format of the preset protection codes in advance, the preset protection codes are combined with the part of source codes of the target website, when the target website is accessed, the preset protection codes can be loaded to carry out security verification on the target website, and under the condition that the security verification result is failure, the target website can be determined not to be a security website, at the moment, the part of source codes can be subjected to non-restoration operation through the preset protection codes in the process of loading the target website, and the part of source codes cannot be normally loaded because the part of source codes are not restored, so that the target website is not fully loaded, the effect of protecting the security website is achieved, the information security is ensured, and the domain name and the IP of the security website are not required to be bound, and the file of the security website is not required to be modified when the domain name and the IP are replaced each time, so that the operation is simple and the cost is low.
Fig. 4 is a block diagram of a website access verification apparatus 30 according to an embodiment of the present invention, as shown in fig. 4, the apparatus may include:
the website access module 301 is configured to load a preset protection code when a target website is accessed, where the preset protection code is combined with a part of source codes of the target website, and a format of the part of source codes is converted from an original format into a format of the preset protection code in advance;
the website verification module 302 is configured to perform security verification on the target website by executing the preset protection code;
and the website loading module 303 is configured to execute a non-restore operation on the portion of the source code through the preset protection code in a process of loading the target website if the security verification result is failure.
Optionally, the website loading module 303 is specifically configured to output a messy code through the preset protection code; or alternatively, the first and second heat exchangers may be,
the website loading module 303 is specifically configured to not output the part of source code through the preset protection code.
Optionally, the format of the preset protection code is a dynamic execution format, and the website verification module 302 is specifically configured to obtain, by executing the preset protection code in the dynamic execution format, a verification file from a file directory of the target website, and perform the security verification.
Optionally, the website loading module 303 is further configured to restore the partial source code to the original format through the preset protection code and output the restored partial source code in the process of loading the target website if the security verification result is successful.
Optionally, the apparatus further comprises:
the code conversion module is used for carrying out format conversion on part of source codes of the original website from an original format so that the format of the part of source codes is the same as that of the preset protection codes;
and the code merging module is used for merging the preset protection code with the partial source code.
Optionally, the apparatus further comprises:
and the verification file module is used for creating a verification file in the file directory of the original website, and the verification file is used for acquiring the preset protection code in a dynamic execution format from the file directory.
Optionally, the apparatus further comprises:
and the code confusion module is used for carrying out confusion on the combined preset protection codes and the preset protection codes.
In the embodiment of the invention, the format of part of source codes in the target website is converted from the original format into the format of the preset protection codes in advance, the preset protection codes are combined with the part of source codes of the target website, when the target website is accessed, the preset protection codes can be loaded to carry out security verification on the target website, and under the condition that the security verification result is failure, the target website can be determined not to be a security website, at the moment, the non-restoring operation can be carried out on the part of source codes through the preset protection codes in the process of loading the target website, and the part of source codes cannot be normally loaded because the part of source codes are not restored, so that the target website is incompletely loaded, the effect of protecting the security website is achieved, the information security is ensured, and the domain name and IP of the security website are not required to be bound, and the file of the security website is not required to be modified during each domain name and IP replacement, so that the operation is simple and the cost is low.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention, as shown in fig. 5, the electronic device includes a processor 401, a communication interface 402, a memory 403, and a communication bus 404, where the processor 401, the communication interface 402, and the memory 403 complete communication with each other through the communication bus 404,
a memory 403 for storing a computer program;
the processor 401, when executing the program stored in the memory 403, implements the following steps:
when a target website is accessed, loading a preset protection code, wherein the preset protection code is combined with part of source codes of the target website, and the format of the part of source codes is converted from an original format into the format of the preset protection code in advance;
performing security verification on the target website by executing the preset protection code;
and under the condition that the result of the security verification is failure, executing non-restoring operation on the part of source codes through the preset protection codes in the process of loading the target website.
Optionally, the performing, by the preset protection code, a non-restore operation on the portion of source code includes:
outputting a messy code through the preset protection code; or alternatively, the first and second heat exchangers may be,
and outputting the partial source code through the preset protection code.
Optionally, the format of the preset protection code is a dynamic execution format, and the performing security verification on the target website by executing the preset protection code includes:
and acquiring a verification file from the file directory of the target website by executing the preset protection code in the dynamic execution format, and performing the security verification.
Optionally, after the security verification is performed on the target website by executing the preset protection code, the method further includes:
and under the condition that the security verification result is successful, in the process of loading the target website, restoring the part of source codes into the original format through the preset protection codes and outputting the restored source codes.
Optionally, before loading the preset protection code when the target website is accessed, the method further includes:
converting the format of part of source codes of the original website from the original format so that the format of the part of source codes is the same as the format of the preset protection codes;
and merging the preset protection code with the partial source code.
Optionally, after the merging the preset protection code with the partial source code, the method further includes:
and creating a verification file in the file directory of the original website, wherein the verification file is used for being obtained from the file directory by executing the preset protection code in a dynamic execution format.
Optionally, after the merging the preset protection code with the partial source code, the method further includes:
and mixing the combined preset protection codes with the preset protection codes.
In the embodiment of the invention, the format of part of source codes in the target website is converted from the original format into the format of the preset protection codes in advance, the preset protection codes are combined with the part of source codes of the target website, when the target website is accessed, the preset protection codes can be loaded to carry out security verification on the target website, and under the condition that the security verification result is failure, the target website can be determined not to be a security website, at the moment, the non-restoring operation can be carried out on the part of source codes through the preset protection codes in the process of loading the target website, and the part of source codes cannot be normally loaded because the part of source codes are not restored, so that the target website is incompletely loaded, the effect of protecting the security website is achieved, the information security is ensured, and the domain name and IP of the security website are not required to be bound, and the file of the security website is not required to be modified during each domain name and IP replacement, so that the operation is simple and the cost is low.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, there is also provided a readable storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform the website access verification method of any one of the above embodiments.
In yet another embodiment of the present invention, a computer program product containing instructions that, when run on a computer, cause the computer to perform the website access verification method of any of the above embodiments is also provided.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a readable storage medium or transmitted from one readable storage medium to another readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.
Claims (8)
1. A method for authenticating access to a web site, the method comprising:
when a target website is accessed, loading a preset protection code, wherein the preset protection code is combined with part of source codes of the target website, the format of the part of source codes is converted from an original format into the format of the preset protection code in advance, and the format of the preset protection code is a dynamic execution format;
acquiring a verification file from a file directory of the target website by executing the preset protection code in the dynamic execution format, and performing security verification;
under the condition that the result of the security verification is failure, in the process of loading the target website, non-restoring operation is carried out on the part of source codes through the preset protection codes;
after merging the preset protection code with the partial source code, the method further comprises:
and creating a verification file in a file directory of the original website, wherein the verification file is used for being obtained from the file directory by executing the preset protection code in a dynamic execution format.
2. The method of claim 1, wherein the performing, by the preset protection code, a non-restore operation on the portion of source code comprises:
outputting a messy code through the preset protection code; or alternatively, the first and second heat exchangers may be,
and outputting the partial source code through the preset protection code.
3. The method of claim 1, wherein after the security verification of the target website by executing the preset protection code, further comprising:
and under the condition that the security verification result is successful, in the process of loading the target website, restoring the part of source codes into the original format through the preset protection codes and outputting the restored source codes.
4. The method of claim 1, wherein before loading the preset protection code when the target website is accessed, further comprising:
converting the format of part of source codes of the original website from the original format so that the format of the part of source codes is the same as the format of the preset protection codes;
and merging the preset protection code with the partial source code.
5. The method of claim 4, wherein after the merging the preset protection code with the partial source code, further comprising:
and mixing the combined preset protection codes with the preset protection codes.
6. A website access authentication apparatus, the apparatus comprising:
the website access module is used for loading preset protection codes when a target website is accessed, wherein the preset protection codes are combined with part of source codes of the target website, the format of the part of source codes is converted from an original format into the format of the preset protection codes in advance, and the format of the preset protection codes is a dynamic execution format;
the website verification module is used for acquiring verification files from the file catalogue of the target website through executing the preset protection codes in the dynamic execution format to perform security verification;
the website loading module is used for executing non-reduction operation on the partial source codes through the preset protection codes in the process of loading the target website under the condition that the security verification result is failure;
wherein, the website access verification device further comprises:
and the verification file module is used for creating a verification file in a file directory of the original website, and the verification file is used for acquiring the preset protection code in a dynamic execution format from the file directory.
7. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
the processor is configured to implement the steps of the website access verification method according to any one of claims 1 to 5 when executing the program stored in the memory.
8. A readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor performs the steps of the website access authentication method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110984559.2A CN113722639B (en) | 2021-08-25 | 2021-08-25 | Website access verification method, device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110984559.2A CN113722639B (en) | 2021-08-25 | 2021-08-25 | Website access verification method, device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113722639A CN113722639A (en) | 2021-11-30 |
| CN113722639B true CN113722639B (en) | 2023-08-25 |
Family
ID=78678036
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110984559.2A Active CN113722639B (en) | 2021-08-25 | 2021-08-25 | Website access verification method, device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113722639B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7921353B1 (en) * | 2007-04-09 | 2011-04-05 | Oracle America, Inc. | Method and system for providing client-server injection framework using asynchronous JavaScript and XML |
| WO2017023203A1 (en) * | 2015-08-03 | 2017-02-09 | Mastercard Asia/Pacific Pte Ltd | Method and system for website verification |
| CN107104924A (en) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | The verification method and device of website backdoor file |
| CN107577944A (en) * | 2017-09-08 | 2018-01-12 | 杭州安恒信息技术有限公司 | Website malicious code detecting method and device based on code syntax analyzer |
| WO2018099219A1 (en) * | 2016-11-29 | 2018-06-07 | 中国银联股份有限公司 | Method and device for detecting phishing website |
| CN110413930A (en) * | 2019-07-31 | 2019-11-05 | 杭州安恒信息技术股份有限公司 | A kind of data analysing method, device, equipment and readable storage medium storing program for executing |
| CN110704298A (en) * | 2019-08-23 | 2020-01-17 | 北京奇艺世纪科技有限公司 | Code verification method and device, terminal equipment and storage medium |
| CN112307404A (en) * | 2020-11-12 | 2021-02-02 | 山东云海国创云计算装备产业创新中心有限公司 | Document website setting method, device, equipment and medium based on source file |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10733358B2 (en) * | 2012-09-17 | 2020-08-04 | Salesforce.Com, Inc. | Method and system for site migration |
-
2021
- 2021-08-25 CN CN202110984559.2A patent/CN113722639B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7921353B1 (en) * | 2007-04-09 | 2011-04-05 | Oracle America, Inc. | Method and system for providing client-server injection framework using asynchronous JavaScript and XML |
| WO2017023203A1 (en) * | 2015-08-03 | 2017-02-09 | Mastercard Asia/Pacific Pte Ltd | Method and system for website verification |
| CN107104924A (en) * | 2016-02-22 | 2017-08-29 | 阿里巴巴集团控股有限公司 | The verification method and device of website backdoor file |
| WO2018099219A1 (en) * | 2016-11-29 | 2018-06-07 | 中国银联股份有限公司 | Method and device for detecting phishing website |
| CN107577944A (en) * | 2017-09-08 | 2018-01-12 | 杭州安恒信息技术有限公司 | Website malicious code detecting method and device based on code syntax analyzer |
| CN110413930A (en) * | 2019-07-31 | 2019-11-05 | 杭州安恒信息技术股份有限公司 | A kind of data analysing method, device, equipment and readable storage medium storing program for executing |
| CN110704298A (en) * | 2019-08-23 | 2020-01-17 | 北京奇艺世纪科技有限公司 | Code verification method and device, terminal equipment and storage medium |
| CN112307404A (en) * | 2020-11-12 | 2021-02-02 | 山东云海国创云计算装备产业创新中心有限公司 | Document website setting method, device, equipment and medium based on source file |
Non-Patent Citations (1)
| Title |
|---|
| 跨站点脚本攻击XSS的攻击原理与防护;苏鹏;;电子科学技术(01);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113722639A (en) | 2021-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110221872B (en) | Page jump method and device, electronic equipment and storage medium | |
| CN102567516B (en) | Script loading method and device | |
| US8621613B1 (en) | Detecting malware in content items | |
| CN110046310B (en) | Method and device for analyzing jump link in page | |
| CN109902247B (en) | Page rendering method and device and electronic equipment | |
| CN112738085B (en) | File security verification method, device, equipment and storage medium | |
| CN110968359A (en) | Method and device for starting browser plug-in | |
| US10129278B2 (en) | Detecting malware in content items | |
| CN108536489B (en) | Method, apparatus, and computer-readable storage medium for matching resource environments | |
| CN104036194A (en) | Vulnerability detection method and device for revealing private data in application program | |
| CN113595997A (en) | File uploading safety detection method and device and electronic equipment | |
| CN112199567A (en) | Distributed data acquisition method, system, server and storage medium | |
| CN110928571A (en) | Business program development method and device | |
| CN107391182B (en) | Generation method, device, server and storage medium of theme installation package | |
| CN112379965B (en) | Sandbox file mapping system, client device, mapping end device, sandbox file mapping method and electronic equipment | |
| CN108509228B (en) | Page loading method, terminal equipment and computer readable storage medium | |
| CN114117498A (en) | Desensitization data realization method, device, system, equipment and storage medium | |
| CN104052630A (en) | Method and system for executing verification on website | |
| CN113722639B (en) | Website access verification method, device, electronic equipment and readable storage medium | |
| CN112256696A (en) | Form data processing method, device, equipment and storage medium | |
| CN108965108B (en) | Message pushing method and related equipment | |
| CN111338928A (en) | Chrome-based browser testing method and device | |
| CN110298146B (en) | Application processing and running method and device | |
| CN111368231A (en) | Method and device for testing heterogeneous redundant architecture website | |
| CN110209391B (en) | Plug-in package generation method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |