CN113934700A - Shared folder access control method, access method and access control system - Google Patents

Shared folder access control method, access method and access control system Download PDF

Info

Publication number
CN113934700A
CN113934700A CN202111215810.5A CN202111215810A CN113934700A CN 113934700 A CN113934700 A CN 113934700A CN 202111215810 A CN202111215810 A CN 202111215810A CN 113934700 A CN113934700 A CN 113934700A
Authority
CN
China
Prior art keywords
access
password
shared folder
client
shared
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111215810.5A
Other languages
Chinese (zh)
Inventor
李义刚
张芮
杨浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Tongxin Software Technology Co ltd
Original Assignee
Chengdu Tongxin Software Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Tongxin Software Technology Co ltd filed Critical Chengdu Tongxin Software Technology Co ltd
Priority to CN202111215810.5A priority Critical patent/CN113934700A/en
Publication of CN113934700A publication Critical patent/CN113934700A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Abstract

The invention discloses a shared folder access control method, an access method and an access control system, wherein the method comprises the following steps: respectively encrypting one or more shared folders to generate a shared password corresponding to each shared folder; receiving an access request of a client to a target shared folder, and acquiring an access password of the client; comparing the access password with a sharing password corresponding to the target sharing folder so as to verify the access password; and if the access password passes the verification, allowing the target shared folder to be mounted on the client so that the client can access the target shared folder. According to the technical scheme of the invention, different shared folders can be respectively subjected to access control, and the remote file sharing safety is favorably improved.

Description

Shared folder access control method, access method and access control system
Technical Field
The invention relates to the technical field of computers, in particular to a shared folder access control method, a shared folder access method and an access control system.
Background
At present, the mainstream file managers support sharing and accessing remote shared files, and for files with higher requirements on confidentiality and security, security check needs to be performed on access of the shared directories.
In the existing folder sharing scheme, only the password is set for the IP of the sharing server, different sharing directories accessing the same sharing server can be verified only once, and the safety of each sharing directory cannot be verified respectively when the different sharing directories are accessed. That is, the client can access all shared directories on the shared server using the same password, resulting in poor security. For example, when the server side is provided with a shared folder A, a shared folder B and a shared folder C respectively during non-anonymous access, when the client side inputs smb:// IP (shared server IP) to request to access the shared folder A, the client side needs to input a user name and a password of the shared server IP, and logs in and mounts the folder A by checking and remembering the password of the shared server IP. When the same client inputs smb:// ip again to request to access the shared folder B of the server, the folder B can be directly mounted and successfully accessed without inputting the user name and the password again, so that some important files in the folder B are possibly leaked to unrelated third-party personnel, and the safety is poor. In addition, after logging off and uninstalling any one of the mounted shared folders a, B and C, the client will clear the password of the previously memorized shared server IP, and when another shared directory needs to be accessed again, the password needs to be input again, which results in poor user experience.
For this reason, a shared folder access control method is needed to solve the problems in the above technical solutions.
Disclosure of Invention
To this end, the present invention provides a shared folder access control method, a shared folder access method and an access control system in an attempt to solve or at least alleviate the above-presented problems.
According to one aspect of the invention, the shared folder access control method is executed on a server and comprises the following steps: respectively encrypting one or more shared folders to generate a shared password corresponding to each shared folder; receiving an access request of a client to a target shared folder, and acquiring an access password of the client; comparing the access password with a sharing password corresponding to the target sharing folder so as to verify the access password; and if the access password passes the verification, allowing the target shared folder to be mounted on the client so that the client can access the target shared folder.
Optionally, in the shared folder access control method according to the present invention, the step of obtaining an access password of the client includes: sending an acquisition request for an access password to a client; and receiving a request for accessing the target shared folder based on the access password returned by the client, and acquiring the access password.
Optionally, in the shared folder access control method according to the present invention, before obtaining an access password of the client, the method includes: and judging whether the target shared folder is encrypted or not, and if so, acquiring an access password of the client.
Optionally, in the shared folder access control method according to the present invention, after generating the sharing password corresponding to each shared folder, the method includes the steps of: the name and shared password of each shared folder are stored based on a key-value pair manner.
Optionally, in the shared folder access control method according to the present invention, storing the name and the shared password of each shared folder based on a key-value pair manner includes: the name of the shared folder is used as Key, the corresponding shared password of the shared folder is used as Value, the name of the shared folder and the shared password are stored in a password file of the server in an associated mode, and the corresponding shared password is obtained from the password file based on the name of the shared folder.
Optionally, in the method for controlling access to a shared folder according to the present invention, the method further includes: and receiving an encryption canceling request for the shared folder, and deleting the key value pair corresponding to the name of the shared folder.
According to one aspect of the invention, a shared folder access method is provided, which is executed at a client and comprises the following steps: responding to the operation of a target shared folder in a shared directory, and sending an access request of the target shared folder to a server; judging whether an access password corresponding to the target shared folder exists at the client; if the access password exists, the access password is provided for the server, so that the server compares the access password with the sharing password corresponding to the target sharing folder to verify the access password; and after the access password passes the verification, mounting the target shared folder so as to access the target shared folder.
Optionally, in the shared folder access method according to the present invention, before determining whether the client has an access password corresponding to the target shared folder, the method includes: and receiving an acquisition request for the access password sent by the server.
Optionally, in the shared folder access method according to the present invention, before responding to an operation on a target shared folder under the shared directory, further comprising the steps of: access to the shared directory in the server is requested based on the server IP.
Optionally, in the shared folder access method according to the present invention, the client is adapted to store the server IP and the name of the shared folder in association with the corresponding access password based on a key-value pair manner.
Optionally, in the shared folder access method according to the present invention, the step of determining whether the client has an access password corresponding to the target shared folder includes: inquiring whether a corresponding access password exists or not based on the IP of the server and the name of the target shared folder; and if the IP does not exist, acquiring an access password input by the user, providing the access password to the server, and storing the IP of the server and the name of the shared folder in an associated manner with the access password.
According to an aspect of the present invention, there is provided an access control system including: a server adapted to execute the shared folder access control method as described above; and the client is connected with the server and is suitable for executing the shared folder access method.
Optionally, in the access control system according to the invention, the client is adapted to communicate with the server via the SMB protocol.
According to an aspect of the present invention, there is provided a computing device comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be executed by the at least one processor, the program instructions comprising instructions for performing the shared folder access control method as described above.
According to an aspect of the present invention, there is provided a readable storage medium storing program instructions which, when read and executed by a computing device, cause the computing device to perform the method as described above.
According to the technical scheme, the shared folder access control scheme is provided, each shared folder in the remote server is encrypted to generate a corresponding shared password, and when the client accesses the shared folders of the server, the client accesses each shared folder based on the corresponding access password, so that different shared folders can be respectively accessed and controlled, the remote file sharing safety is improved, and potential safety hazards caused by accessing all files based on the passwords corresponding to the server IP are avoided.
In addition, the invention can store, modify and delete the sharing password of each sharing folder, thereby facilitating the management of the access authority of each sharing folder.
In addition, the access password of the shared folder is stored in the client, so that the access password corresponding to the shared folder can be directly obtained from the local password file of the client when the shared folder is accessed next time, the access efficiency is improved, and the user experience is high.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a schematic diagram of an access control system 100 according to one embodiment of the invention;
FIG. 2 shows a schematic diagram of a computing device 200, according to one embodiment of the invention; and
FIG. 3 illustrates a flow diagram of a shared folder access control method 300 according to one embodiment of the invention; and
FIG. 4 illustrates a flow diagram of a shared folder access method 400 according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 shows a schematic diagram of an access control system 100 according to one embodiment of the invention.
As shown in fig. 1, the access control system 100 includes one or more servers 120, and one or more clients 110 connected to each server 120. Wherein each client 110 may establish a telecommunication connection with one or more servers 120 over a network.
In one embodiment, the client 110 may communicate with the remote server 120 via an smb (server Message block) communication protocol.
The server 120 is used to provide a plurality of shared folders and control access to the shared folders by clients. The invention is not limited to the specific implementation of the server. For example, the server 120 may be implemented as a computing device such as a desktop computer, a notebook computer, a processor chip, a mobile phone, a tablet computer, etc., but is not limited thereto, and may also be an application program residing on the computing device.
The client 110 may request access to a shared folder in the server. It should be noted that the present invention is not limited to a particular device type of the client. For example, the client may be implemented as a desktop computer, a notebook computer, a mobile phone, a tablet computer, or other computing device.
According to one embodiment of the invention, a shared directory (e.g., a root directory of servers) is included in each server 120. The shared directory includes one or more shared folders, and each shared folder may contain one or more files (or folders).
In one embodiment, the client 110, server 120 each include a respective file manager. The client 110 may request access to the shared directory in the target server based on the server IP. For example, in one implementation, a user requests access to a shared directory in a server corresponding to an IP by entering smb:// IP at the file manager interface of the client 110. Thereafter, the user may select any one of the target shared folders in the shared directory of the server to request access to one or more files in the target shared folder.
The client 110 may send an access request to the server 120 for one or more files in the target shared folder via the SMB protocol.
After receiving the access request of the client 110 to the target shared folder, the server 120 may first determine whether the target shared folder is encrypted, and if so, it indicates that the client 110 needs to access the target shared folder based on the access password, that is, the server 120 needs to obtain the access password of the client 110. Further, for the target shared folder, the server 120 sends an acquisition request for the access password to the client 110, and requests the client 110 to access the target shared folder based on the access password, thereby acquiring the access password provided by the client 110.
The server 120 checks whether the access password provided by the client is correct by comparing the access password with the sharing password corresponding to the target sharing folder. And if the access password is correct, the access password passes the verification. After the access password is verified, the target shared folder is mounted on the client 110 so that the client user can access one or more files in the target shared folder.
In one embodiment, the server 120 is adapted to perform a shared folder access control method 300 in accordance with the present invention. The client 110 is adapted to perform a shared folder access method 400 in accordance with the present invention, the shared folder access control method 300, the shared folder access method 400 of the present invention being described in more detail below.
In one embodiment, the server 120 and the client 110 may each be implemented as a computing device 200 such that the shared folder access control method 300 and the shared folder access method 400 of the present invention may be performed in the computing device 200.
FIG. 2 shows a schematic diagram of a computing device 200, according to one embodiment of the invention.
As shown in FIG. 2, in a basic configuration 202, a computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, the processor 204 may be any type of processing, including but not limited to: a microprocessor (UP), a microcontroller (UC), a digital information processor (DSP), or any combination thereof. The processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. Example processor cores 214 may include Arithmetic Logic Units (ALUs), Floating Point Units (FPUs), digital signal processing cores (DSP cores), or any combination thereof. The example memory controller 218 may be used with the processor 204, or in some implementations the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 206 may include an operating system 220, one or more applications 222, and program data 224. The application 222 is actually a plurality of program instructions that direct the processor 204 to perform corresponding operations. In some embodiments, application 222 may be arranged to cause processor 204 to operate with program data 224 on an operating system.
Computing device 200 also includes storage device 232, storage device 232 including removable storage 236 and non-removable storage 238.
Computing device 200 may also include a storage interface bus 234. The storage interface bus 234 enables communication from the storage devices 232 (e.g., removable storage 236 and non-removable storage 238) to the basic configuration 202 via the bus/interface controller 230. At least a portion of the operating system 220, applications 222, and data 224 may be stored on removable storage 236 and/or non-removable storage 238, and loaded into system memory 206 via storage interface bus 234 and executed by the one or more processors 204 when the computing device 200 is powered on or the applications 222 are to be executed.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The example output device 242 includes a graphics processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network controller 260, which may be arranged to facilitate communications with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in a manner that encodes information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
In an embodiment in accordance with the invention, the computing device 200 is configured to perform a shared folder access control method 300 and/or a shared folder access method 400 in accordance with the invention. Among other applications of the computing device 200 are program instructions for performing the shared folder access control method 300 and/or the shared folder access method 400 of the present invention, which may direct a processor to perform the shared folder access control method 300, the shared folder access method 400 of the present invention. Computing device 200 can implement controlling client access to shared folders by performing the shared folder access control method 300 of the present invention.
FIG. 3 illustrates a flow diagram of a shared folder access control method 300 according to one embodiment of the invention. The shared folder access control method 300 may be performed in a server 120 (e.g., the aforementioned computing device 200). In particular, the shared folder access control method 300 may be performed in a file manager of the server 120.
In embodiments of the present invention, the server 120 may be communicatively coupled to one or more clients 110 and control access to shared folders by the clients 110. The server 120 includes a plurality of shared folders, which can be accessed by one or more clients 110, wherein a corresponding shared password may be set for each of one or more shared folders with higher security requirements, so as to restrict access to the shared folders by the clients.
As shown in FIG. 3, the shared folder access control method 300 begins at step S310.
In step S310, one or more shared folders are encrypted, and a shared password corresponding to each shared folder is generated. Here, the shared folder may be encrypted based on, for example, an RSA algorithm, but it should be noted that the present invention is not limited to a specific encryption method for the shared folder.
In one implementation, the user may set a sharing password corresponding to the current shared folder on a file manager interface of the server 120. Specifically, the user may request the file manager of the server 120 to perform encryption processing on the current shared folder at the file manager interface of the server 120 to generate a shared password corresponding to the current file manager, so as to implement password setting on the shared folder.
In one embodiment, after the shared password corresponding to each shared folder is generated, the name of each shared folder and the shared password may be stored in a storage device local to the server based on the key-value pair, so that the access password of the client is verified by acquiring the shared password locally from the server when the access password is subsequently verified.
Specifically, the name of the shared folder may be used as a Key, the shared password corresponding to the shared folder may be used as a Value, and the name of the shared folder and the shared password may be stored in association in the password file of the server based on the Key-Value pair Key and the Value, so as to obtain the corresponding shared password from the password file based on the name of the shared folder. In this way, the name of the shared folder can be used as a Key to query the corresponding Value in the password file, so as to obtain the shared password corresponding to the name of the shared folder.
Subsequently, in step S320, an access request of the client 110 to the target shared folder is received, and an access password of the client 110 is acquired.
Here, after receiving the access request of the client 110 to the target shared folder, it may be determined whether the target shared folder is encrypted, and if so, it indicates that the client 110 is required to access the target shared folder based on the access password, that is, the server 120 needs to obtain the access password of the client 110. Further, for the target shared folder, the server 120 sends a request for obtaining the access password to the client 110, and receives a request for accessing the target shared folder based on the access password returned by the client 110, so as to obtain the access password provided by the client 110.
In one implementation, after the server 120 sends the client 110 an acquisition request for the access password, a corresponding popup is displayed on the client 110 so as to acquire the access password input by the client based on the popup.
In addition, if the target shared folder is not encrypted, the access password of the client 110 does not need to be acquired, and the target folder is allowed to be directly mounted on the client 110 so that the client 110 user can access one or more files in the target shared folder.
Subsequently, in step S330, the sharing password corresponding to the target sharing folder is locally obtained from the server, and the access password is compared with the sharing password corresponding to the target sharing folder, so as to verify whether the access password is correct.
It can be understood that if the access password is the same as the sharing password corresponding to the target shared folder, the access password is determined to be correct, and the access password is verified to be passed. And if the access password is not the same as the sharing password corresponding to the target sharing folder, determining that the access password is incorrect and failing to verify the access password.
In one embodiment, a query may be made for a shared password (Value corresponding to Key) corresponding to the target shared folder from a password file stored locally by the server based on the name of the target shared folder (as Key).
In step S340, if the access password provided by the server to the client 110 is verified, it indicates that the client 110 has the access right to the target shared folder, and the target shared folder is allowed to be mounted on the client 110. In this way, the client 110 may successfully access one or more files in the target shared folder.
In one embodiment, the server 120 may also cancel the password setting of the shared folder. Specifically, the server 120 deletes the key-value pair corresponding to the name of the shared folder from the password file when receiving a request for canceling encryption of one or more shared folders from a user. For example, the user may delete the sharing password corresponding to the current shared folder on the file manager interface of the server 120. In other words, the user may request the file manager of the server 120 to decrypt the current shared folder at the file manager interface of the server 120, and then the file manager of the server 120 deletes the shared password of the current shared folder by reading the password file and deleting the key-value pair corresponding to the name of the shared folder from the password file, and cancels the password setting of the current shared folder, and then any client 110 does not need to access the decrypted shared folder by accessing the password.
In addition, the user may request the file manager of the server 120 to clear the sharing password for all shared folders at the file manager interface of the server 120. The server 120 clears the shared password set for all shared folders by deleting the password file stored locally. In this way, it can be achieved that access restrictions to all shared folders are removed, allowing one or more clients 110 to access all shared folders in the server 120.
The user may also request the server 120 to modify the shared password of the shared folder at the file manager interface of the server 120. The file manager of the server 120 modifies the shared password of the shared folder by reading the password file and modifying the Value in the key Value pair corresponding to the name in the password file based on the name of the shared folder to be modified.
FIG. 4 illustrates a flow diagram of a shared folder access method 400 according to one embodiment of the invention. The shared folder access method 400 may be performed in a client 110 (e.g., the aforementioned computing device 200). In particular, the shared folder access method 400 may be performed in a file manager of the client 110.
According to one embodiment of the invention, a client 110 may connect to one or more servers 120 to access shared folders in one or more servers 120.
As shown in FIG. 4, the shared folder access method 400 begins at step S410.
Before executing step S410, the server IP input by the user at the file manager interface of the client terminal 110 is obtained, and the shared directory (e.g., the root directory of the server) in the target server is accessed based on the server IP request.
For example, in one implementation, a user requests access to a shared directory in a server corresponding to an IP by entering smb:// IP at the file manager interface of the client 110. Here, one or more shared folders are contained under the shared directory. Thereafter, the user may select any one of the target shared folders in the shared directory of the server to request access to one or more files in the target shared folder. For example, the user may request the server 120 to access the target shared folder by operating the mouse to double-click the target shared folder, opening the menu bar based on a right button, and pressing an Enter key after selecting the target shared folder.
In step S410, the client 110 sends an access request to the target shared folder to the server in response to a user operation on the target shared folder in the shared directory to request access to one or more files in the target shared folder. In one implementation, the client 110 may send an access request to the target shared folder to the server via the SMB protocol.
Here, as described in the foregoing method 300, after receiving the access request of the client 110 to the target shared folder, the server 120 may first determine whether the encryption processing is performed on the target shared folder, and if so, it indicates that the client 110 is required to access the target shared folder based on the access password, that is, the server 120 needs to obtain the access password of the client 110. Further, for the target shared folder, the server 120 sends an acquisition request for the access password to the client 110 so as to acquire the access password provided by the client 110.
Next, in step S420, after receiving the acquisition request for the access password sent by the server 120, the client 110 determines whether the access password corresponding to the target shared folder in the server 120 exists locally at the client.
In step S430, if the client locally has an access password corresponding to the target shared folder in the server 120, the client 110 requests access to the target shared folder from the server 120 based on the access password, that is, the client 110 provides the access password to the server. Subsequently, the server 120 compares the obtained access password with the sharing password corresponding to the target sharing folder, so as to verify whether the access password provided by the client 110 is correct. Here, if the access password is the same as the sharing password corresponding to the target sharing folder, the access password is determined to be correct, and the access password is verified. And if the access password is not the same as the sharing password corresponding to the target sharing folder, determining that the access password is incorrect and failing to verify the access password.
Finally, in step S440, after the access password is verified, the target shared folder is mounted on the client 110, so that the client user can access one or more files in the target shared folder.
According to one embodiment, the client 110 may store the server IP and the name of the shared folder in association with the corresponding access password based on a key-value pair manner. Specifically, the server IP and the name of the target shared folder may be stored together as a Key, the access password corresponding to the shared folder may be as a Value, and the server IP and the name of the shared folder may be stored in the password file local to the client 110 in association with the corresponding access password based on the Key-Value pair Key and the Value. In this way, the access password may be obtained locally from the client 110 based on the server IP and the name of the target shared folder.
Based on this, in step S420, when determining whether there is an access password corresponding to the target shared folder in the server 120 locally, the client 110 may query whether there is a corresponding access password in the password file local to the client based on the server IP and the name of the target shared folder, that is, query whether there is a corresponding Key-Value pair and Value therein using the server IP and the name of the target shared folder as keys. If the access password exists, the access password corresponding to the server IP and the name of the target shared folder can be directly obtained from the client locally, and the access password stored locally by the client is provided to the server 120.
If not, the user is required to input an access password on the file manager interface of the client 110, and the client 110 provides the access password to the server to request access to the target shared folder by acquiring the access password input by the user. And, after the user enters the access password, the user may request to remember the access password at the file manager interface, i.e., request the file manager to store the access password locally at the client. Based on the storage request of the user for the access password, the file manager of the client 110 may store the server IP and the name of the destination shared folder as Key, the access password input by the user as Value, and the name of the server IP and the name of the destination shared folder in association with the access password in the password file local to the client 110 based on the Key-Value pair Key and Value.
In this way, when the shared folder is accessed again, the access password corresponding to the shared folder can be directly obtained from the password file local to the client, and the access password is provided to the server 120 to request to access the shared folder in the server 120. Therefore, the user is prevented from inputting the access password again at the client 110, and the access efficiency is improved.
In one embodiment, a user may request, at the file manager interface of the client 110, an access password to delete one or more shared folders in the server 120. Based on the user's delete request for the access password, the file manager of the client 110 deletes the shared folder access password stored locally at the client 110 by reading the local password file and deleting the key-value pair corresponding to the server IP and the name of the target shared folder from the password file.
In addition, the user may request at the file manager interface of the client 110 to delete the access password for all shared folders under any one of the servers 120. The file manager of the client 110 clears the access passwords for all shared folders under the server 120 by reading the local password file and deleting all key-value pairs corresponding to the server IP from the password file.
The user may also request at the file manager interface of the client 110 an access password to delete all shared folders. The client 110 clears the access password for all shared folders by deleting the locally stored password file.
Additionally, the user may also request the client 110 to modify the access password of the shared folder under any one of the servers 120 at the file manager interface of the client 110. The file manager of the client 110 modifies the access password of the shared folder by reading the password file and modifying the Value in the corresponding key Value pair in the password file based on the server IP and the name of the target shared folder.
According to the shared folder access control method 300, each shared folder in the remote server is encrypted to generate a corresponding shared password, and when the client accesses the shared folders of the server, each shared folder needs to be accessed based on the corresponding access password, so that different shared folders can be respectively accessed, the remote file sharing safety is improved, and potential safety hazards caused by accessing all files based on the passwords corresponding to the server IP are avoided. In addition, the invention can store, modify and delete the sharing password of each sharing folder, thereby facilitating the management of the access authority of each sharing folder.
In addition, the access password of the shared folder is stored in the client, so that the access password corresponding to the shared folder can be directly obtained from the local password file of the client when the shared folder is accessed next time, the access efficiency is improved, and the user experience is high.
B8, the method according to B7, wherein before determining whether the client has an access password corresponding to the target shared folder, the method comprises the following steps: and receiving an acquisition request for the access password sent by the server.
B9, the method as in B7 or B8, wherein before responding to the operation on the target shared folder under the shared directory, further comprising the steps of: access to the shared directory in the server is requested based on the server IP.
B10, the method according to B9, wherein the client is suitable for storing the names of the server IP and the shared folder and the corresponding access password in an associated mode based on the key value pair mode.
B11, the method according to B10, wherein the step of determining whether the client has an access password corresponding to the target shared folder comprises: inquiring whether a corresponding access password exists or not based on the IP of the server and the name of the target shared folder; and if the IP does not exist, acquiring an access password input by the user, providing the access password to the server, and storing the IP of the server and the name of the shared folder in an associated manner with the access password.
C13, the system as in C12, wherein the client is adapted to communicate with the server through SMB protocol.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the mobile terminal generally includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to execute the shared folder access control method of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense with respect to the scope of the invention, as defined in the appended claims.

Claims (10)

1. A shared folder access control method is executed on a server and comprises the following steps:
respectively encrypting one or more shared folders to generate a shared password corresponding to each shared folder;
receiving an access request of a client to a target shared folder, and acquiring an access password of the client;
comparing the access password with a sharing password corresponding to the target sharing folder so as to verify the access password; and
and if the access password passes the verification, allowing the target shared folder to be mounted on the client so that the client can access the target shared folder.
2. The method of claim 1, wherein the step of obtaining an access password of the client comprises:
sending an acquisition request for an access password to a client;
and receiving a request for accessing the target shared folder based on the access password returned by the client, and acquiring the access password.
3. The method of claim 1 or 2, wherein before obtaining the access password of the client, comprising the steps of:
and judging whether the target shared folder is encrypted or not, and if so, acquiring an access password of the client.
4. The method of any one of claims 1-3, wherein after generating the sharing password corresponding to each shared folder, comprising the steps of:
the name and shared password of each shared folder are stored based on a key-value pair manner.
5. The method of claim 4, wherein storing the name and sharing password for each shared folder based on a key-value pair manner comprises:
the name of the shared folder is used as Key, the corresponding shared password of the shared folder is used as Value, the name of the shared folder and the shared password are stored in a password file of the server in an associated mode, and the corresponding shared password is obtained from the password file based on the name of the shared folder.
6. The method of claim 4 or 5, further comprising the steps of:
and receiving an encryption canceling request for the shared folder, and deleting the key value pair corresponding to the name of the shared folder.
7. A shared folder access method, executed on a client, includes the steps:
responding to the operation of a target shared folder in a shared directory, and sending an access request of the target shared folder to a server;
judging whether an access password corresponding to the target shared folder exists at the client;
if the access password exists, the access password is provided for the server, so that the server compares the access password with the sharing password corresponding to the target sharing folder to verify the access password;
and after the access password passes the verification, mounting the target shared folder so as to access the target shared folder.
8. An access control system comprising:
a server adapted to perform the shared folder access control method of any one of claims 1-6; and
a client, connected to the server, adapted to perform the shared folder access method of claim 7.
9. A computing device, comprising:
at least one processor; and
a memory storing program instructions, wherein the program instructions are configured to be adapted to be executed by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 1-7.
10. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method of any of claims 1-7.
CN202111215810.5A 2021-10-19 2021-10-19 Shared folder access control method, access method and access control system Pending CN113934700A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111215810.5A CN113934700A (en) 2021-10-19 2021-10-19 Shared folder access control method, access method and access control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111215810.5A CN113934700A (en) 2021-10-19 2021-10-19 Shared folder access control method, access method and access control system

Publications (1)

Publication Number Publication Date
CN113934700A true CN113934700A (en) 2022-01-14

Family

ID=79280452

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111215810.5A Pending CN113934700A (en) 2021-10-19 2021-10-19 Shared folder access control method, access method and access control system

Country Status (1)

Country Link
CN (1) CN113934700A (en)

Similar Documents

Publication Publication Date Title
CN108810006B (en) Resource access method, device, equipment and storage medium
EP3458982B1 (en) Systems and methods for digital identity management and permission controls within distributed network nodes
EP3639465B1 (en) Improved hardware security module management
EP3500972B1 (en) Protection feature for data stored at storage service
EP2731046B1 (en) Client computer for querying a database stored on a server via a network
CA3006893C (en) Digital identity network interface system
US20190319947A1 (en) Access to Data Stored in a cloud
CN108073823B (en) Data processing method, device and system
CN103930881A (en) Hosted storage locking
TW201901515A (en) Blocking unauthorized application methods and devices using the method
CN114422258A (en) Single sign-on method, medium and electronic equipment based on multiple authentication protocols
CN113051598B (en) File access control method, file encryption method and computing device
CN114615031A (en) File storage method and device, electronic equipment and storage medium
WO2021169469A1 (en) Voiceprint data processing method and apparatus, computer device, and storage medium
CN114189553A (en) Flow playback method, system and computing equipment
CN113536361B (en) Method and device for realizing trusted reference library and computing equipment
US20030163707A1 (en) Information management apparatus and method
WO2022193494A1 (en) Permission control method, server, terminal, storage medium, and computer program
CN113934700A (en) Shared folder access control method, access method and access control system
CN111835523B (en) Data request method, system and computing device
CN111935716B (en) Authentication method, authentication system and computing device
CN114448722A (en) Cross-browser login method and device, computer equipment and storage medium
CN112804237A (en) User identity authentication device, computing equipment and system
US20150007293A1 (en) User authentication utilizing patterns
JP3974070B2 (en) User authentication device, terminal device, program, and computer system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination