CN114553571A - Server management method and device, electronic equipment and storage medium - Google Patents

Server management method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114553571A
CN114553571A CN202210183797.8A CN202210183797A CN114553571A CN 114553571 A CN114553571 A CN 114553571A CN 202210183797 A CN202210183797 A CN 202210183797A CN 114553571 A CN114553571 A CN 114553571A
Authority
CN
China
Prior art keywords
target
login
server
authority
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210183797.8A
Other languages
Chinese (zh)
Inventor
李保昌
迟爽
邓强
骆更
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210183797.8A priority Critical patent/CN114553571A/en
Publication of CN114553571A publication Critical patent/CN114553571A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present disclosure provides a server management method, which can be applied to the technical field of computers, the financial field or other fields. The method comprises the following steps: responding to a received login request from a terminal device, and acquiring a server identifier and login information carried in the login request; determining a target server according to the server identifier; determining the authority of the terminal equipment to the target server based on the login information to obtain target authority information; under the condition that the terminal equipment is determined to have the login authority of the target server based on the target authority information, acquiring a target login information ciphertext of the target server from a storage module; and logging in the target server using the target login information ciphertext to establish a communication link with the target server, wherein the terminal device logs in the target server through the communication link. In addition, the present disclosure also provides a server management apparatus, an electronic device, and a storage medium.

Description

Server management method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of computer technology and the field of finance, and more particularly, to a server management method, apparatus, electronic device, storage medium, and computer program product.
Background
With the development of enterprises, the volume of various projects is gradually increased, and multi-person cooperative development projects become a mainstream mode of project development. When a plurality of persons collaborate to develop a project, the developer inevitably operates the server.
In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: the server password is mastered by multiple operators, and a large leakage risk exists.
Disclosure of Invention
In view of the above, the present disclosure provides a server management method, a server management apparatus, an electronic device, a readable storage medium, and a computer program product.
One aspect of the present disclosure provides a server management method, including: responding to a received login request from a terminal device, and acquiring a server identifier and login information carried in the login request; determining a target server according to the server identifier; determining the authority of the terminal equipment to the target server based on the login information to obtain target authority information; under the condition that the terminal equipment is determined to have the login authority of the target server based on the target authority information, acquiring a target login information ciphertext of the target server from a storage module; and using the target login information ciphertext to log in the target server to establish a communication link with the target server, wherein the terminal device logs in the target server through the communication link.
According to an embodiment of the present disclosure, the determining the authority of the terminal device to the target server based on the login information to obtain target authority information includes: inputting the login information into a permission model to obtain the role to which the terminal equipment belongs and permission information corresponding to the role; and extracting the authority information related to the target server from the authority information corresponding to the role to obtain the target authority information.
According to the embodiment of the disclosure, the login request also carries login time information, and the role is configured with an authority period; the method further comprises the following steps: determining a target permission period of the role configuration for the target server; extracting authority information associated with the target server from authority information corresponding to the role to obtain the target authority information when the login time indicated by the login time information is within the target authority period; and returning feedback information indicating that login is refused to the terminal equipment under the condition that the login time indicated by the login time information is out of the target authority period.
According to an embodiment of the present disclosure, the method further includes: in response to receiving an operation instruction from the terminal device, determining control authority information of the terminal device based on the target authority information; under the condition that the terminal equipment is determined to have the control authority of the target server based on the control authority information, acquiring a preset instruction list from the storage module; matching the operation instruction with a plurality of instructions in the preset instruction list to obtain a matching result; and when the matching result indicates that the operation instruction does not match with the plurality of instructions in the preset instruction list, sending the operation instruction to the target server through the communication link, wherein the target server executes the operation instruction.
According to an embodiment of the present disclosure, the method further includes: and returning feedback information indicating that the execution is refused to the terminal equipment under the condition that the terminal equipment is determined not to have the control authority of the target server based on the control authority information.
According to an embodiment of the present disclosure, the method further includes: determining the authority level of the terminal equipment based on the control authority information under the condition that the matching result shows that the operation instruction is matched with at least one instruction in a plurality of instructions in the preset instruction list; under the condition that the authority level meets a preset authority condition, the operation instruction is sent to the target server through the communication link, wherein the target server executes the operation instruction and returns warning information related to the operation instruction to the terminal equipment; and returning feedback information representing refusing to execute to the terminal equipment under the condition that the authority level does not meet the preset authority condition.
According to an embodiment of the present disclosure, the method further includes: setting a timing task; responding to the triggering of the timing task, and generating a login key of the target server according to a preset key setting rule; encrypting the login key by using a preset encryption method to obtain a current login information ciphertext; and storing the current login information ciphertext into the storage module to replace the target login information ciphertext with the current login information ciphertext.
According to an embodiment of the present disclosure, the method further includes: and returning feedback information indicating that login is refused to the terminal equipment under the condition that the terminal equipment is determined not to have the login authority of the target server based on the target authority information.
According to an embodiment of the present disclosure, the target server includes a server applying a Linux operating system or an AIX operating system.
Another aspect of the present disclosure provides a server management apparatus including: the first acquisition module is used for responding to a login request received from the terminal equipment and acquiring a server identifier and login information carried in the login request; the first determining module is used for determining a target server according to the server identifier; a second determining module, configured to determine, based on the login information, a right of the terminal device to the target server, so as to obtain target right information; a second obtaining module, configured to obtain a target login information ciphertext of the target server from a storage module when it is determined that the terminal device has the login authority of the target server based on the target authority information; and a login module configured to log in the target server using the target login information ciphertext to establish a communication link with the target server, wherein the terminal device logs in the target server through the communication link.
Another aspect of the present disclosure provides an electronic device including: one or more processors; a memory for storing one or more instructions, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program product comprising computer executable instructions for implementing the method as described above when executed.
According to the embodiment of the present disclosure, after receiving a login request, it is determined whether the terminal device has login authority of the target server according to the login information, and in case the terminal device has the login authority, a communication link with the target server is established using a target login information ciphertext of the target server so that the terminal device can login the target server through the communication link. Through the login control of the server, the technical problem that in the related technology, the server password is mastered by multiple operators and a large leakage risk exists is at least partially solved, and therefore the safety of the server is effectively improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:
fig. 1 schematically illustrates an exemplary system architecture to which the server management method and apparatus may be applied, according to an embodiment of the present disclosure.
Fig. 2 schematically shows a flow chart of a server management method according to an embodiment of the present disclosure.
Fig. 3 schematically shows a flow chart of a server management method according to another embodiment of the present disclosure.
Fig. 4A schematically shows a schematic diagram of a user management system according to an embodiment of the present disclosure.
Fig. 4B schematically shows a schematic diagram of a user management system according to another embodiment of the present disclosure.
Fig. 5 schematically shows a block diagram of a server management apparatus according to an embodiment of the present disclosure.
Fig. 6 schematically shows a block diagram of an electronic device adapted to implement a server management method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
In a production environment, such as a production environment using Linux and AIX, many production events such as server failures and anomalies are caused by improper operation of personnel.
In the related art, the occurrence of such production events is often reduced by managing the server, for example, setting up a security administrator to master a password, managing users and passwords by a manual management manner; or the login control of the target server is limited through a network strategy, so that the target server can be logged in only through part of controllable servers; for another example, the Linux/AIX kernel or configuration is modified by installing the client, thereby limiting the operator to log in only through the client deployed in the operating system.
The above schemes all have defects in practical application, for example, the scheme of adopting manual management or login control through a network strategy cannot avoid that an operator grasps the password of the server, so that a large leakage risk exists; for another example, the method of installing the client is very intrusive to the server, and there is a risk of compatibility.
In view of the above, embodiments of the present disclosure provide a server management method, a server management apparatus, an electronic device, a readable storage medium, and a computer program product. The method comprises the following steps: responding to a received login request from a terminal device, and acquiring a server identifier and login information carried in the login request; determining a target server according to the server identifier; determining the authority of the terminal equipment to the target server based on the login information to obtain target authority information; under the condition that the terminal equipment is determined to have the login authority of the target server based on the target authority information, acquiring a target login information ciphertext of the target server from a storage module; and logging in the target server using the target login information ciphertext to establish a communication link with the target server, wherein the terminal device logs in the target server through the communication link.
It should be noted that the server management method and apparatus determined by the embodiments of the present disclosure may be used in the field of computer technology or in the field of finance, and may also be used in any field other than the field of computer technology and the field of finance. The application fields of the server management method and the server management device determined by the embodiment of the disclosure are not limited.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.
Fig. 1 schematically illustrates an exemplary system architecture to which the server management method and apparatus may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, barrier machine 104, and servers 105, 106.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting data communication, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The terminal devices 101, 102, 103 may have various communication client applications installed thereon, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, and/or social platform software.
Data communication can be performed between the terminal devices 101, 102, 103 and the barrier machine 104, and between the barrier machine 104 and the servers 105, 106 via the network. The network can include various connection types, such as wired and/or wireless communication links, and so forth.
The barrier machines 104 may be various electronic devices that provide management functions such as login, instructions, etc., including but not limited to computers, servers, cloud servers, etc.
The servers 105, 106 may be servers providing various services, and the servers 105, 106 may be within the same local area network.
It should be noted that the server management method provided by the embodiment of the present disclosure may be generally executed by the barrier machine 104. Accordingly, the server management apparatus provided by the embodiments of the present disclosure may be generally disposed in the barrier machine 104. The server management method provided by the embodiment of the present disclosure may also be executed by other terminal devices, servers, or server clusters that are different from the barrier machines 104 and that are capable of communicating with the barrier machines 104. Accordingly, the server management apparatus provided in the embodiment of the present disclosure may be provided in another terminal device, server, or server cluster different from the barrier machine 104 and capable of communicating with the barrier machine 104.
For example, the operator may initiate a login request to any of the servers 105, 106 (e.g., without limitation, server 105) on any of the terminal devices 101, 102, 103 (e.g., without limitation, terminal device 101), which may be transmitted over the network into the barrier machine 104. Then, the barrier machine 104 may locally execute the server management method provided by the embodiment of the present disclosure, or send the login request to another terminal device, a server, or a server cluster, and execute the server management method provided by the embodiment of the present disclosure by another terminal device, a server, or a server cluster that receives the image to be processed.
It should be understood that the number of terminal devices, barrier machines and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, ramators, and servers, as desired for implementation.
Fig. 2 schematically shows a flow chart of a server management method according to an embodiment of the present disclosure.
As shown in fig. 2, the method includes operations S201 to S205.
It should be noted that, unless explicitly stated that there is an execution sequence between different operations or there is an execution sequence between different operations in technical implementation, the execution sequence between multiple operations may not be sequential, or multiple operations may be executed simultaneously in the flowchart in this disclosure.
In operation S201, in response to receiving a login request from a terminal device, a server identifier and login information carried in the login request are obtained.
In operation S202, a target server is determined according to the server identification.
In operation S203, the authority of the terminal device to the target server is determined based on the login information, and target authority information is obtained.
In operation S204, in the case where it is determined that the terminal device has the login authority of the target server based on the target authority information, a target login information ciphertext of the target server is acquired from the storage module.
In operation S205, the target server is logged in using the target login information ciphertext to establish a communication link with the target server. The terminal device logs in the target server through the communication link.
The server management method provided by the embodiment of the present disclosure may be executed by a barrier machine or a proxy server located between the terminal device and the target server, where a user management system is configured in the barrier machine or the proxy server, and the user management system is configured to implement the method of operations S201 to S205.
According to an embodiment of the present disclosure, the terminal device may be an electronic device directly used by an operator, and the operator may initiate a request for login, control, and the like through the terminal device. Terminal devices include, but are not limited to, cell phones, computers, and the like.
According to an embodiment of the present disclosure, the login information may be information such as a user name and a password that needs to be used when an operator logs in the user management system. The user management system may verify the identity of the operator based on the login information and determine whether to allow the operator to log in to the target server.
According to the embodiment of the present disclosure, the server identifier may be a unique identification code of the server, or may be a code that can uniquely correspond to the server, such as a server number based on an arbitrary rule.
According to embodiments of the present disclosure, the target server may be any type of server capable of providing computing services, including but not limited to a file server, a database server, an application server, a WEB server, and the like.
According to the embodiment of the disclosure, when determining the authority of the terminal device to the target server based on the login information, the authority may be determined according to a pre-made form such as an authority relationship form, for example, ACL (Access Control List), DAC (decentralized Access Control), and the like; alternatively, the determination of the rights may be performed using various types of rights management models, for example, a Role-Based Access Control (RBAC) model, an Access Control Based on Attribute (Attribute-Based Access Control) model, and the like, and is not limited herein.
According to the embodiment of the present disclosure, the storage module may be a hard disk memory inside the barrier machine or the proxy server, may also be a database configured inside the barrier machine or the proxy server, and may also be a memory or a database configured outside the barrier machine or the proxy server, which is not limited herein.
According to the embodiment of the disclosure, the target login information ciphertext of the target server may be obtained by encrypting the login user name and/or the password of the target server, and the adopted encryption method may include a symmetric encryption algorithm, an asymmetric encryption algorithm, a hash algorithm and the like. Alternatively, when the adopted encryption method is an asymmetric encryption algorithm, the public key may be configured in the user management system to encrypt the login user name and/or the password of the target server, and the private key may be configured in the target server to decrypt the ciphertext. Alternatively, when the adopted encryption method is a hash algorithm, the adopted hash algorithm is matched with an algorithm adopted in the target server for password verification, and the step of decrypting the ciphertext can be directly skipped when the target server is logged in, so that the ciphertext is directly subjected to password verification.
According to the embodiment of the disclosure, the terminal device may establish a communication link with the user management system by sending a login request to the user management system, and after the user management system establishes the communication link with the target server, the terminal device may login the target server through the two communication links.
According to the embodiment of the present disclosure, after receiving a login request, it is determined whether the terminal device has login authority of the target server according to the login information, and in case the terminal device has the login authority, a communication link with the target server is established using a target login information ciphertext of the target server so that the terminal device can login the target server through the communication link. Through the login control of the server, the technical problem that in the related technology, the server password is mastered by multiple operators and a large leakage risk exists is at least partially solved, and therefore the safety of the server is effectively improved.
The method shown in fig. 2 is further described with reference to fig. 3 and fig. 4A to 4B in conjunction with specific embodiments.
According to an embodiment of the present disclosure, the target server may be a server applying a Linux operating system or an AIX operating system.
According to an embodiment of the present disclosure, operation S203 may include the operations of:
and inputting the login information into the authority model to obtain the role to which the terminal equipment belongs and the authority information corresponding to the role. And extracting the authority information associated with the target server from the authority information corresponding to the role to obtain target authority information.
According to an embodiment of the disclosure, the rights model may be any one of RBAC0, RBAC1, RBAC2, RBAC3 in the RBAC model, or an extended model of any one of the above models. In the privilege model, each role is configured with corresponding privilege information, which can be configured to have different privileges for different servers.
According to an embodiment of the present disclosure, the target authority information may be represented as that the terminal device has a login authority of the target server, that the terminal device does not have the login authority of the target server, or the like. Alternatively, in a case where it is determined that the terminal device does not have the login authority of the target server based on the target authority information, the user management system may return feedback information indicating that the login is denied to the terminal device.
According to the embodiment of the disclosure, the method for controlling the login authority of the target server based on the login information in the user management system is adopted to replace the method for controlling the login authority in the target server, so that direct operation of an operator on the target server can be reduced, and the possibility of failure of the server due to improper operation can be reduced.
In some embodiments, operation S203 may further include the operations of:
and determining a target permission period of the role configuration for the target server. And under the condition that the login time represented by the login time information is within the target authority period, extracting authority information related to the target server from the authority information corresponding to the role to obtain target authority information. And returning feedback information indicating that login is rejected to the terminal device when the login time indicated by the login time information is outside the target permission period.
According to the embodiment of the disclosure, the login time information may be loaded in the login request, and the login time information may be transmitted to the user management system after the login request is sent to the user management system.
According to the embodiment of the disclosure, in the authority model, the authority information corresponding to each role can be configured to have different authorities for different servers at different time periods.
According to an embodiment of the present disclosure, the authority period may be a period in which a role has authority over a server. The target authority period may be a period in which a role corresponding to the terminal device has an authority for the target server.
According to the embodiment of the disclosure, time-interval authority control of the target server can be realized by configuring the authority time interval for the role, so that the flexibility of server management is improved.
In some embodiments, the target login information ciphertext of the target server stored in the storage module may also be modified periodically, which specifically includes the following operations: and setting a timing task. And responding to the trigger timing task, and generating a login key of the target server according to a preset key setting rule. And encrypting the login key by using a preset encryption method to obtain the current login information ciphertext. And storing the current login information ciphertext into the storage module to replace the target login information ciphertext with the current login information ciphertext.
According to an embodiment of the present disclosure, a timed task may refer to a task that is automatically performed at intervals of a certain time. The implementation manner of the timing task is not limited herein, for example, in a JAVA environment, the timing task may be implemented by a combination of while + sleep, a Timer class, a scheduled executeurservice interface, and the like.
According to the embodiment of the present disclosure, the preset key setting rule may be set according to a specific application scenario, and is not limited herein, for example, "a 12-16-bit character string is generated, where the character string includes at least one upper case letter, at least one lower case letter, at least one number, and at least one character".
According to the embodiment of the present disclosure, the preset encryption method may be set according to a specific application scenario, for example, a symmetric encryption method, an asymmetric encryption method, a hash algorithm, and the like.
According to the embodiment of the disclosure, the server key is replaced and encrypted periodically, so that the leakage of the server key can be effectively avoided, and the safety of the server is improved.
In some embodiments, the user management system is configured with an emergency instruction, and when an operator sends the emergency instruction to the user management system through the terminal device, the user management system may directly provide the plaintext password of the target server to the terminal device, so as to provide a standby mode for directly logging in the target server in case that the target server cannot be normally logged in due to a fault of the user management system or the like.
Fig. 3 schematically shows a flow chart of a server management method according to another embodiment of the present disclosure.
As shown in fig. 3, the method includes operations S301 to S304.
In operation S301, in response to receiving an operation instruction from the terminal device, control authority information of the terminal device is determined based on the target authority information.
In operation S302, in the case where it is determined that the terminal device has the control authority of the target server based on the control authority information, a preset instruction list is acquired from the storage module.
In operation S303, the operation instruction is matched with a plurality of instructions in the preset instruction list, so as to obtain a matching result.
In operation S304, in case that the matching result indicates that the operation instruction does not match any of the plurality of instructions in the preset instruction list, the operation instruction is transmitted to the target server through the communication link, wherein the target server executes the operation instruction.
According to an embodiment of the present disclosure, operations S301 to S304 are performed after the method of operation S205 is completed, i.e., after the terminal device logs in to the target server through the communication link, the method of operations S301 to S304 may be performed.
According to embodiments of the present disclosure, the operation instructions may include various types of control instructions for the server, including, but not limited to, instructions to create/delete/modify virtual machines in the server, instructions to view/modify/delete data in the server, instructions to modify the server configuration, and the like.
According to an embodiment of the present disclosure, the target authority information may also indicate whether the terminal device has a control authority of the target server. In the case where it is determined that the terminal device does not have the control authority of the target server based on the control authority information, the user management system may return feedback information indicating that execution is denied to the terminal device.
According to an embodiment of the disclosure, the preset instruction list may include a plurality of preset instructions, and the preset instructions may be instructions identified by a developer and may affect normal operation of the server. For example, the preset instruction may include, but is not limited to, an instruction to shut down a snapshot function of the virtual machine, an instruction to perform a stress test, an instruction to refer to a database, an instruction to modify a configuration of the server, and the like. When the operation instruction matches with an instruction in the preset instruction list, it may be considered that the execution of the operation instruction may affect the normal operation of the server, and at this time, the user management system may return feedback information indicating that the execution is rejected to the terminal device. When the operation instruction is not matched with the instruction in the preset instruction list, it may be considered that the execution of the operation instruction does not affect the normal operation of the server, and at this time, the user management system may send the operation instruction to the target server, and the target server executes the operation instruction.
According to the embodiment of the disclosure, after the terminal device logs in the target server, the possibility of server failure caused by improper operation of an operator can be effectively reduced by adopting a mode of controlling the operation instruction input by the terminal device, and the safety of the server is improved. Meanwhile, the control authority management mode is configured on the barrier machine or the proxy server, so that the method is non-invasive to the server and cannot be influenced by the compatibility of the server.
In some embodiments, the target permission information is also configured with a permission level of the control permission. In the case that the matching result obtained by completing operation S304 indicates that the operation instruction matches at least one instruction in the plurality of instructions in the preset instruction list, the following operations may be further included: and determining the authority level of the terminal equipment based on the control authority information. And under the condition that the authority level meets the preset authority condition, sending the operation instruction to the target server through the communication link, wherein the target server executes the operation instruction and returns warning information associated with the operation instruction to the terminal equipment. And returning feedback information representing that the execution is refused to the terminal equipment under the condition that the authority level does not meet the preset authority condition.
For example, the permission levels may include a high permission level and a low permission level, and when it is determined that the terminal device has the high permission level according to the target permission information, execution of any operation instruction sent by the terminal device may be allowed; and when the terminal equipment is determined to have a low authority level according to the target authority information, only allowing the terminal equipment to send the instruction which is not matched with the preset instruction list to execute.
According to the embodiment of the disclosure, the flexibility of server management and the safety of the server can be effectively improved by configuring the authority level of the control authority.
Fig. 4A schematically shows a schematic diagram of a user management system according to an embodiment of the present disclosure.
As shown in fig. 4A, the user management system 400A may be composed of a network module 401, a control module 402, an agent module 403, and a storage module 404. Each module of the user management system 400A may be deployed independently, and also support merged deployment, and data transmission between each module may support encrypted transmission.
The network module 401 may provide management functions of the control server, including but not limited to operator management, preset instruction list management, authority model management, server information entry \ import, plaintext password download, and the like. The network module 401 may also provide an operator interface for an operator to provide access to the login server.
The control module 402 can control login and operation, for example, according to a preset instruction list, a permission model and other functions, perform operations such as releasing, warning, and refusing to execute login information and input instructions of an operator; for another example, according to the setting of the network module 401, operations such as modifying the user password of the operating system of the target server, obtaining the total number of users on the target server, and the like are performed.
The proxy module 403 may log in to the target server according to the information of the target server IP, the operating system username, the password, etc. provided by the control module 402. The agent module 403 may be deployed in the same network area as the target server, and when there are multiple network areas or machine rooms, one agent module 403 is deployed in each network area or machine room.
The storage module 404 may store information such as personnel management information, server information, preset instruction list information, and operation logs, which may be stored in an encrypted manner.
When an operator logs in and operates the target server 420 through the terminal device 410, the operator inputs an operating system user through a network entry provided by the network module 401, and clicks to log in; then, the login request reaches the control module 402, the control module 402 selects a proper agent module 403, and finally the server login is completed, and the result is displayed back to the operator; all commands input by the operator are executed and displayed back through the link.
The user management system 400A composed of the network module 401, the control module 402, the agent module 403, and the storage module 404 may execute the server management method, which is specifically referred to as a server management method part and is not described herein again.
Fig. 4B schematically shows a schematic diagram of a user management system according to another embodiment of the present disclosure.
As shown in fig. 4B, the user management system 400B may further include a log module 405 on the basis of the user management system 400A.
The log module 405 may provide a function of recording an operation log of the operator, for example, record all operation instructions input by the operator, and highlight instructions that may affect normal operation of the server in all the operation instructions. When the server fails, the operation and maintenance personnel can determine the failure reason of the server more quickly by analyzing the information recorded in the log module 405, and the operation and maintenance efficiency is improved. The operation log recorded in the log module 405 may be stored in the storage module 404.
Fig. 5 schematically shows a block diagram of a server management apparatus according to an embodiment of the present disclosure.
As shown in fig. 5, the server management apparatus 500 includes a first obtaining module 510, a first determining module 520, a second determining module 530, a second obtaining module 540, and a logging module 550.
The first obtaining module 510 is configured to, in response to receiving a login request from a terminal device, obtain a server identifier and login information carried in the login request.
The first determining module 520 is configured to determine the target server according to the server identifier.
A second determining module 530, configured to determine, based on the login information, a right of the terminal device to the target server, to obtain target right information.
And a second obtaining module 540, configured to obtain the target login information ciphertext of the target server from the storage module, when it is determined that the terminal device has the login authority of the target server based on the target authority information.
A login module 550, configured to log in the target server using the target login information ciphertext to establish a communication link with the target server, where the terminal device logs in the target server through the communication link.
According to the embodiment of the present disclosure, after receiving a login request, it is determined whether the terminal device has login authority of the target server according to the login information, and in case the terminal device has the login authority, a communication link with the target server is established using a target login information ciphertext of the target server so that the terminal device can login the target server through the communication link. Through the login control of the server, the technical problem that in the related technology, the server password is mastered by multiple operators and a large leakage risk exists is at least partially solved, and therefore the safety of the server is effectively improved.
According to an embodiment of the present disclosure, the second determining module 530 includes a first determining unit and a second determining unit.
And the first determining unit is used for inputting the login information into the authority model to obtain the role to which the terminal equipment belongs and the authority information corresponding to the role.
And the second determining unit is used for extracting the authority information associated with the target server from the authority information corresponding to the role to obtain the target authority information.
According to the embodiment of the disclosure, the login request also carries login time information, and the role is configured with an authority period.
According to an embodiment of the present disclosure, the server management apparatus 500 further includes a third determining module, an extracting module, and a first feedback module.
And the third determining module is used for determining the target permission period of the role configuration for the target server.
And the extraction module is used for extracting the authority information associated with the target server from the authority information corresponding to the role to obtain the target authority information under the condition that the login time represented by the login time information is within the target authority period.
And the first feedback module is used for returning feedback information representing that login is refused to the terminal equipment under the condition that the login time represented by the login time information is out of the target authority period.
According to an embodiment of the present disclosure, the server management apparatus 500 further includes a fourth determining module, a third obtaining module, a matching module, and a first sending module.
And the fourth determination module is used for responding to the received operation instruction of the terminal equipment and determining the control authority information of the terminal equipment based on the target authority information.
And the third acquisition module is used for acquiring the preset instruction list from the storage module under the condition that the terminal equipment is determined to have the control authority of the target server based on the control authority information.
And the matching module is used for matching the operation instruction with a plurality of instructions in the preset instruction list to obtain a matching result.
And the first sending module is used for sending the operation instruction to the target server through the communication link under the condition that the matching result shows that the operation instruction is not matched with the plurality of instructions in the preset instruction list, wherein the target server executes the operation instruction.
According to an embodiment of the present disclosure, the server management apparatus 500 further includes a second feedback module.
And the second feedback module is used for returning feedback information representing that the execution is refused to the terminal equipment under the condition that the terminal equipment is determined not to have the control authority of the target server based on the control authority information.
According to an embodiment of the present disclosure, the server management apparatus 500 further includes a fifth determining module, a second sending module, and a third feedback module.
And the fifth determining module is used for determining the authority level of the terminal device based on the control authority information under the condition that the matching result shows that the operation instruction is matched with at least one instruction in the plurality of instructions in the preset instruction list.
And the second sending module is used for sending the operation instruction to the target server through the communication link under the condition that the permission level meets the preset permission condition, wherein the target server executes the operation instruction and returns the warning information associated with the operation instruction to the terminal equipment.
And the third feedback module is used for returning feedback information representing that execution is refused to the terminal equipment under the condition that the permission level does not meet the preset permission condition.
According to an embodiment of the present disclosure, the server management apparatus 500 further includes a setting module, a generating module, an encrypting module, and a logging module.
And the setting module is used for setting the timing task.
And the generation module is used for responding to the trigger timing task and generating a login key of the target server according to a preset key setting rule.
And the encryption module is used for encrypting the login key by using a preset encryption method to obtain a current login information ciphertext.
And the storage module is used for storing the current login information ciphertext into the storage module so as to replace the target login information ciphertext with the current login information ciphertext.
According to an embodiment of the present disclosure, the server management apparatus 500 further includes a fourth feedback module.
And the fourth feedback module is used for returning feedback information which represents that the terminal equipment refuses to log in to the terminal equipment under the condition that the terminal equipment is determined not to have the login authority of the target server based on the target authority information.
According to an embodiment of the present disclosure, the target server includes a server applying a Linux operating system or an AIX operating system.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the first obtaining module 510, the first determining module 520, the second determining module 530, the second obtaining module 540 and the logging module 550 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the first obtaining module 510, the first determining module 520, the second determining module 530, the second obtaining module 540, and the logging module 550 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the first obtaining module 510, the first determining module 520, the second determining module 530, the second obtaining module 540 and the logging module 550 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
It should be noted that, the server management apparatus part in the embodiment of the present disclosure corresponds to the server management method part in the embodiment of the present disclosure, and the description of the server management apparatus part specifically refers to the server management method part, which is not described herein again.
Fig. 6 schematically shows a block diagram of an electronic device adapted to implement a server management method according to an embodiment of the present disclosure. The electronic device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 6, a computer electronic device 600 according to an embodiment of the present disclosure includes a processor 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. Processor 601 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 601 may also include onboard memory for caching purposes. The processor 601 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 603, various programs and data necessary for the operation of the electronic apparatus 600 are stored. The processor 601, the ROM 602, and the RAM 603 are connected to each other via a bus 604. The processor 601 performs various operations of the method flows according to the embodiments of the present disclosure by executing programs in the ROM 602 and/or RAM 603. It is to be noted that the programs may also be stored in one or more memories other than the ROM 602 and RAM 603. The processor 601 may also perform various operations of the method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 600 may also include input/output (I/O) interface 605, input/output (I/O) interface 605 also connected to bus 604, according to an embodiment of the disclosure. The electronic device 600 may also include one or more of the following components connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
According to an embodiment of the present disclosure, the method flow according to an embodiment of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609 and/or installed from the removable medium 611. The computer program, when executed by the processor 601, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 602 and/or RAM 603 described above and/or one or more memories other than the ROM 602 and RAM 603.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being adapted to cause the electronic device to carry out the server management method provided by the embodiments of the present disclosure.
The computer program, when executed by the processor 601, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, downloaded and installed through the communication section 609, and/or installed from the removable medium 611. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (13)

1. A server management method, comprising:
responding to a received login request from a terminal device, and acquiring a server identifier and login information carried in the login request;
determining a target server according to the server identifier;
determining the authority of the terminal equipment to the target server based on the login information to obtain target authority information;
under the condition that the terminal equipment is determined to have the login authority of the target server based on the target authority information, acquiring a target login information ciphertext of the target server from a storage module; and
and logging in the target server by using the target login information ciphertext to establish a communication link with the target server, wherein the terminal equipment logs in the target server through the communication link.
2. The method of claim 1, wherein the determining the authority of the terminal device to the target server based on the login information to obtain target authority information comprises:
inputting the login information into a permission model to obtain the role to which the terminal equipment belongs and permission information corresponding to the role; and
and extracting the authority information associated with the target server from the authority information corresponding to the role to obtain the target authority information.
3. The method of claim 2, wherein the login request further carries login time information, and the role is configured with an authority period;
the method further comprises the following steps:
determining a target permission period of the role configuration for the target server;
under the condition that the login time represented by the login time information is within the target authority period, authority information related to the target server is extracted from the authority information corresponding to the role, and the target authority information is obtained; and
and returning feedback information representing that login is refused to the terminal equipment under the condition that the login time represented by the login time information is out of the target authority period.
4. The method of claim 1, further comprising:
in response to receiving an operation instruction from the terminal device, determining control authority information of the terminal device based on the target authority information;
under the condition that the terminal equipment is determined to have the control authority of the target server based on the control authority information, acquiring a preset instruction list from the storage module;
matching the operation instruction with a plurality of instructions in the preset instruction list to obtain a matching result; and
and under the condition that the matching result shows that the operation instruction is not matched with the plurality of instructions in the preset instruction list, sending the operation instruction to the target server through the communication link, wherein the target server executes the operation instruction.
5. The method of claim 4, further comprising:
and returning feedback information representing refusal of execution to the terminal equipment under the condition that the terminal equipment is determined not to have the control authority of the target server based on the control authority information.
6. The method of claim 4, further comprising:
determining the authority level of the terminal equipment based on the control authority information under the condition that the matching result shows that the operation instruction is matched with at least one instruction in a plurality of instructions in the preset instruction list;
under the condition that the authority level meets a preset authority condition, the operation instruction is sent to the target server through the communication link, wherein the target server executes the operation instruction and returns warning information associated with the operation instruction to the terminal equipment; and
and returning feedback information representing refusing to execute to the terminal equipment under the condition that the permission level does not meet the preset permission condition.
7. The method of claim 1, further comprising:
setting a timing task;
responding to the triggering of the timing task, and generating a login key of the target server according to a preset key setting rule;
encrypting the login key by using a preset encryption method to obtain a current login information ciphertext; and
and storing the current login information ciphertext into the storage module so as to replace the target login information ciphertext with the current login information ciphertext.
8. The method of claim 1, further comprising:
and returning feedback information representing that login is refused to the terminal equipment under the condition that the terminal equipment is determined not to have the login authority of the target server based on the target authority information.
9. The method of any of claims 1-8, wherein the target server comprises a server that applies a Linux operating system or an AIX operating system.
10. A server management apparatus comprising:
the first acquisition module is used for responding to a login request received from a terminal device and acquiring a server identifier and login information carried in the login request;
the first determining module is used for determining a target server according to the server identifier;
the second determining module is used for determining the authority of the terminal equipment to the target server based on the login information to obtain target authority information;
the second acquisition module is used for acquiring a target login information ciphertext of the target server from the storage module under the condition that the terminal equipment is determined to have the login authority of the target server based on the target authority information; and
and the login module is used for logging in the target server by using the target login information ciphertext so as to establish a communication link with the target server, wherein the terminal equipment logs in the target server through the communication link.
11. An electronic device, comprising:
one or more processors;
a memory to store one or more instructions that,
wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-9.
12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 9.
13. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 9 when executed.
CN202210183797.8A 2022-02-25 2022-02-25 Server management method and device, electronic equipment and storage medium Pending CN114553571A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210183797.8A CN114553571A (en) 2022-02-25 2022-02-25 Server management method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210183797.8A CN114553571A (en) 2022-02-25 2022-02-25 Server management method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114553571A true CN114553571A (en) 2022-05-27

Family

ID=81678853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210183797.8A Pending CN114553571A (en) 2022-02-25 2022-02-25 Server management method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114553571A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150382A (en) * 2022-07-25 2022-10-04 浪潮卓数大数据产业发展有限公司 VNC-based method, equipment and medium for server to remotely execute command
CN115460052A (en) * 2022-09-15 2022-12-09 中国工商银行股份有限公司 Remote instruction processing method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109670768A (en) * 2018-09-27 2019-04-23 深圳壹账通智能科技有限公司 Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain
CN110351228A (en) * 2018-04-04 2019-10-18 阿里巴巴集团控股有限公司 Remote entry method, device and system
CN110719276A (en) * 2019-09-30 2020-01-21 北京网瑞达科技有限公司 Network equipment safety access system based on cache password and working method thereof
CN110781512A (en) * 2019-09-11 2020-02-11 亚信科技(中国)有限公司 Server user permission control method, device and system and springboard machine

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351228A (en) * 2018-04-04 2019-10-18 阿里巴巴集团控股有限公司 Remote entry method, device and system
CN109670768A (en) * 2018-09-27 2019-04-23 深圳壹账通智能科技有限公司 Right management method, device, platform and the readable storage medium storing program for executing in multi-service domain
CN110781512A (en) * 2019-09-11 2020-02-11 亚信科技(中国)有限公司 Server user permission control method, device and system and springboard machine
CN110719276A (en) * 2019-09-30 2020-01-21 北京网瑞达科技有限公司 Network equipment safety access system based on cache password and working method thereof

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150382A (en) * 2022-07-25 2022-10-04 浪潮卓数大数据产业发展有限公司 VNC-based method, equipment and medium for server to remotely execute command
CN115150382B (en) * 2022-07-25 2024-04-12 浪潮卓数大数据产业发展有限公司 Method, equipment and medium for remotely executing command by server based on VNC
CN115460052A (en) * 2022-09-15 2022-12-09 中国工商银行股份有限公司 Remote instruction processing method and device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
US10375116B2 (en) System and method to provide server control for access to mobile client data
CN105340309B (en) Application with multiple operator schemes
Kalloniatis et al. Towards the design of secure and privacy-oriented information systems in the cloud: Identifying the major concepts
US20160248798A1 (en) Method and apparatus for automating threat model generation and pattern identification
WO2019138127A1 (en) Method and system for managing access to artifacts in a cloud computing environment
CN110892691A (en) Secure execution platform cluster
CN104904178A (en) Providing virtualized private network tunnels
CN105308923A (en) Data management for an application with multiple operation modes
US8959623B2 (en) Protecting virtual machine console from misuse, hijacking or eavesdropping in cloud environments
CN1981277A (en) Quarantine system
CN114553571A (en) Server management method and device, electronic equipment and storage medium
Doelitzscher Security audit compliance for cloud computing
TW202225966A (en) Systems and methods for self-protecting and self-refreshing workspaces
US10848491B2 (en) Automatically detecting a violation in a privileged access session
CN114268494A (en) Secure access method, system, device and medium
US11637842B2 (en) Detection of security intrusion in a computing system
Bulusu et al. A study on cloud computing security challenges
US20210194904A1 (en) Security management of an autonomous vehicle
US9268917B1 (en) Method and system for managing identity changes to shared accounts
Gupta An edge-computing based Industrial Gateway for Industry 4.0 using ARM TrustZone technology
WO2024006135A1 (en) Quorum-based authorization to secure sensitive cloud assets
Madsen Zero-trust–An Introduction
Morrow et al. Cloud security best practices derived from mission thread analysis
US11822648B2 (en) Systems and methods for remote anomaly data scanner for cyber-physical systems
Sianipar et al. Construction of agent-based trust in cloud infrastructure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination