CN114584609A - Pure browser calling method, device, equipment and storage medium - Google Patents

Pure browser calling method, device, equipment and storage medium Download PDF

Info

Publication number
CN114584609A
CN114584609A CN202210149641.8A CN202210149641A CN114584609A CN 114584609 A CN114584609 A CN 114584609A CN 202210149641 A CN202210149641 A CN 202210149641A CN 114584609 A CN114584609 A CN 114584609A
Authority
CN
China
Prior art keywords
information
initial
browser
bastion machine
machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210149641.8A
Other languages
Chinese (zh)
Other versions
CN114584609B (en
Inventor
王霄
操飞飞
于洋
王志彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shengborun High Tech Co ltd
Original Assignee
Beijing Shengborun High Tech Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shengborun High Tech Co ltd filed Critical Beijing Shengborun High Tech Co ltd
Priority to CN202210149641.8A priority Critical patent/CN114584609B/en
Publication of CN114584609A publication Critical patent/CN114584609A/en
Application granted granted Critical
Publication of CN114584609B publication Critical patent/CN114584609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application relates to a pure browser calling method, a pure browser calling device, pure browser calling equipment and a pure browser calling storage medium, wherein the method comprises the following steps: when the application issuing server receives a connection request sent by the bastion machine, the application issuing server acquires browser information on the bastion machine; the application issuing server acquires configuration file information on the bastion machine; the method comprises the steps that a preset plug-in-free browser corresponding to initial type information of a browser of the bastion machine on an application release server is used; the application issuing server acquires standard configuration file information and sends the standard configuration file information to the bastion machine; the fort machine replaces the initial configuration file information in the fort machine with the standard configuration file information; the application issuing server acquires initial path information of a browser on the bastion machine; and the bastion machine starts the browser according to the initial path information acquired by the application release server. The application has the technical effects that: the influence of the personalized plug-in on the configuration of the action flow is reduced, so that the action flow can accurately find the position of the component, and the browser can stably run.

Description

Pure browser calling method, device, equipment and storage medium
Technical Field
The present application relates to the field of browser invoking technologies, and in particular, to a method, an apparatus, a device, and a storage medium for invoking a clean browser.
Background
The bastion machine is used for monitoring and recording the operation behaviors of operation and maintenance personnel on devices such as servers, network devices, security devices, databases and the like in the network by using various technical means in order to ensure that the network and data are not invaded and damaged by external and internal users under a specific network environment.
The bastion machine provides an action flow configuration scheme aiming at the access and audit of an application system class, and the action flow is a series of operation steps correspondingly made when the system is triggered aiming at a certain trigger condition; for the operation and maintenance and audit of the CS application system, the implementation mode of the bastion machine is realized by calling an application release server, which is commonly called as a trigger and a front-end processor.
In the process of invoking the action flow by the bastion machine, the inventor thinks that the process has at least the following problems: the plug-in of the browser can change the storage position of the action flow component, and the plug-in of each browser is personalized based on the operation habit of a user, so that the action flow which is automatically executed can not accurately find the position of the component due to the plug-in of the browser, the normal operation of the action flow is influenced, and the problem that the call of the bastion machine is wrong is caused.
Disclosure of Invention
In order to solve the problem that the plug-in of the browser influences the normal operation of the action flow and causes the fault of the call of the bastion machine, the pure browser calling method, the pure browser calling device, the pure browser calling equipment and the pure browser calling storage medium are provided by the application.
In a first aspect, the present application provides a clean browser invoking method, which adopts the following technical scheme: the method comprises the following steps:
when an application issuing server receives a connection request sent by a bastion machine, the application issuing server acquires browser information on the bastion machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of the browser;
if the browser type library preset on the application issuing server contains the browser type information which is the same as the initial type information, the application issuing server acquires the configuration file information on the bastion machine;
the preset plug-in-free browser corresponding to the initial type information of the browser of the bastion machine on the application release server;
the application release server acquires standard configuration file information corresponding to the plug-in-free browser and sends the standard configuration file information to the bastion machine;
the fort machine replaces the initial configuration file information in the fort machine with the standard configuration file information;
the application issuing server acquires initial path information of a browser on the bastion machine, wherein the initial path information is path information of starting the browser by the bastion machine;
and when the bastion machine starts the browser, the bastion machine starts the browser according to the initial path information acquired by the application issuing server.
According to the technical scheme, in the process of configuring the action flow, when an application issuing server receives a connection request sent by the bastion machine, the administrator firstly obtains browser information on the bastion machine, obtains an initial configuration file through the browser information, replaces the initial configuration file with a preset standard configuration file, obtains a starting path of the browser on the bastion machine, and when the bastion machine is started each time, replaces the initial configuration file stored with plug-in information with the standard configuration file without the plug-in information, so that the browsers started by the bastion machine are all pure browsers, the influence of personalized plug-ins on the action flow configuration is reduced, the action flow can accurately find the positions of the components, and the browsers can stably run.
Preferably, after the application distribution server obtains the initial path information of the browser on the bastion machine, the method further includes:
the application issuing server acquires time information;
the application issuing server acquires action path information including initial path information and time information,
the action path information is a path for starting user data set by adopting time information;
the application issuing server sets the action path information as initial path information;
the application release server acquires the starting path information of the browser on the bastion machine;
the application issuing server assigns the starting path information;
the application issuing server acquires the initial configuration file information, wherein the initial configuration file information is replaced initial configuration file information;
and the application release server specifies the initial configuration file information, and the bastion machine starts the browser according to the assigned starting path information.
According to the technical scheme, the starting path information of the bastion machine and the time information of the system are bound with each other, so that browsers started at different time periods are new browsers, the situation that plug-ins exist in the used browsers due to the fact that the used browsers are started in the using process of the browsers, further, the action flow configuration is inaccurate, the browsers are difficult to guarantee stable operation every time, and the operation stability of the browsers is improved.
Preferably, before the time when the application publishing server receives the connection request sent by the bastion machine, the method further comprises the following steps:
when the bastion machine receives a login instruction, the bastion machine acquires initial identity information of an operation and maintenance person, wherein the initial identity information comprises initial account information and initial password information;
the bastion machine inquires standard identity information which is the same as the initial identity information in a preset standard identity information base, wherein the standard identity information comprises standard account information and standard password information;
the bastion machine compares the standard identity information with preset identity information;
if the standard identity information matched with the initial identity information exists, the bastion machine respectively compares the standard account information with the initial account information, the standard password information and the initial password information;
if the initial account information is the same as the standard account information, the initial password information and the standard password information, allowing the operation and maintenance personnel to log in by the bastion machine; otherwise, the fortress machine sends prompt information of wrong account number and password to the fortress machine of the operation and maintenance personnel and sends identity alarm information to the intelligent terminal of the administrator.
According to the technical scheme, when the fortress machine receives a login instruction, the initial identity information of the operation and maintenance personnel is obtained firstly, and whether the identity information of the current operation and maintenance personnel is legal or not is judged by comparing the initial identity information with the preset identity information; when the initial identity information of the operation and maintenance personnel is detected to be incorrect with the preset identity information, the prompt information of the wrong account number and password is sent to the fortress machine of the operation and maintenance personnel, and the identity alarm information is sent to the intelligent terminal of the administrator, so that the operation and maintenance personnel are difficult to use illegal accounts to conduct illegal operation, and meanwhile, the administrator can be timely informed of relevant illegal identities, and the safety degree of the operation and maintenance personnel for the operation and maintenance of the system is improved.
Preferably, the fortress machine acquires the operation and maintenance change personnel needing to modify the authority and the change authority information corresponding to the operation and maintenance change personnel;
the fortress machine inquires initial identity information corresponding to the operation and maintenance personnel in a preset operation and maintenance personnel library, wherein the operation and maintenance personnel library stores different operation and maintenance personnel and initial identity information corresponding to the operation and maintenance personnel;
and the fortress machine replaces the initial authority information in the initial identity information corresponding to the operation and maintenance personnel with the changed authority information.
Through the technical scheme, the administrator can change the operation range of the operation and maintenance personnel through a mode of modifying the authority information of the operation and maintenance personnel, so that the operation and maintenance personnel can carry out the operation exceeding the preset authority under the extreme condition by acquiring the permission of the administrator, and the flexibility of the bastion machine for checking the authority of the operation and maintenance personnel is improved.
Preferably, after the bastion machine replaces the initial authority information in the initial identity information corresponding to the changed operation and maintenance staff with the changed authority information, the bastion machine further includes:
the fortress machine acquires initial authority information in initial identity information corresponding to operation and maintenance personnel;
the fortress inquires preset authority information corresponding to operation and maintenance personnel in a preset identity authority database, wherein the identity authority database comprises different operation and maintenance personnel and preset authority information corresponding to the operation and maintenance personnel;
the bastion machine compares the initial permission information with preset permission information;
if the initial authority information is different from the preset authority information, the bastion machine sets the initial authority information as the preset authority information and sends prompt information of authority change related to operation and maintenance personnel to an intelligent terminal of an administrator.
Through the technical scheme, after the administrator modifies the authority information of the operation and maintenance personnel, the bastion machine can automatically acquire the changed operation and maintenance personnel and the corresponding changed authority information, and the information of the operation and maintenance personnel with the changed authority can be automatically updated by comparing the initial authority information in the initial identity information of the operation and maintenance personnel with the preset authority information, so that the possibility that the bastion machine cannot determine the authority information of the operation and maintenance personnel to cause illegal operation due to the fact that the administrator forgets to modify the preset initial authority information is reduced.
Preferably, after the bastion machine compares the standard identity information with the preset identity information, the bastion machine further comprises:
the bastion machine acquires the actual IP address information of the bastion machine;
the bastion machine compares the actual IP address information with preset standard IP address information;
if the actual IP address information is different from the standard IP address information, the bastion machine stores the initial account information into a preset temporary blacklist library, and the bastion machine sends alarm information matched with the initial account information in the temporary blacklist library to intelligent equipment of an administrator.
Through the technical scheme, after the identity of the operation and maintenance personnel is checked, the bastion machine can monitor the login IP address of the operation and maintenance personnel by checking the preset standard IP address information and the actual IP address information and has the right to pull the account number of the illegal personnel as the check result into the temporary blacklist, so that the possibility that the illegal user illegally logs in an illegal area after obtaining the identity information of the operation and maintenance personnel and finally performs illegal operation is reduced, the supervision strength of the bastion machine on the illegal operation of the operation and maintenance personnel is further improved, and the stability of the bastion machine in the system maintenance process is improved because the bastion machine is not easy to perform illegal operation.
Preferably, before the bastion machine stores the initial account information into a preset temporary blacklist library, the bastion machine further comprises:
counting the times of the simultaneous occurrence of the actual IP address and the initial identity information of the operation and maintenance personnel by the fortress machine;
the bastion machine compares the counted times with preset knot times;
if the counted times are larger than the critical times, the bastion machine stores the actual IP address and the initial identity information of the operation and maintenance personnel into a preset temporary white list library and sends the actual IP address and the initial identity information to the intelligent equipment of the administrator;
when the confirmation information of the administrator is received, the bastion machine adds the actual IP address to the standard IP address information.
Through the technical scheme, the times of simultaneous occurrence of the actual IP address and the initial identity information of the operation and maintenance personnel are counted, when the counted times are larger than the preset critical times, the actual IP address and the initial identity information of the operation and maintenance personnel are sent to the intelligent equipment of the administrator together, so that the administrator can change the properties of the illegal address and the illegal identity information which simultaneously occur for many times, the operation and maintenance personnel can maintain the system in an uncontrollable condition in a remote login mode, the capacity of the fortress machine for processing the extreme condition is improved, and the flexibility of the fortress machine is improved.
In a second aspect, the present application provides a pure browser invoking device, which adopts the following technical solution: the device comprises:
the browser information acquisition module is used for acquiring browser information on the bastion machine by the application issuing server when the application issuing server receives a connection request sent by the bastion machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of the browser;
the configuration file acquisition module is used for acquiring the configuration file information on the bastion machine if a browser type library preset on the application release server contains browser type information which is the same as the initial type information;
the standard configuration acquisition module is used for sending standard configuration file information corresponding to a preset plug-in-free browser corresponding to the initial type information of the browser of the bastion machine on the application release server to the bastion machine;
the configuration file replacing module is used for replacing the initial configuration file information in the fort machine with the standard configuration file information by the fort machine;
the browser starting module is used for acquiring initial path information of a browser on the bastion machine by the application issuing server, wherein the initial path information is the path information of the bastion machine for starting the browser;
according to the technical scheme, in the process of configuring the action flow, when an application release server receives a connection request sent by the bastion machine, an administrator firstly obtains browser information on the bastion machine, obtains an initial configuration file through the browser information, replaces the initial configuration file with a preset standard configuration file, obtains a starting path of the browser on the bastion machine, and when the bastion machine is started each time, the initial configuration file storing plug-in information is replaced with the standard configuration file without the plug-in information, so that the browsers started by the bastion machine are pure browsers, the influence of personalized plug-ins on the action flow configuration is reduced, the action flow can accurately find the positions of the components, and the browsers can stably run.
In a third aspect, the present application provides a computer device, which adopts the following technical solution: comprising a memory and a processor, said memory having stored thereon a computer program that can be loaded by the processor and that executes any of the clean browser call methods described above.
According to the technical scheme, in the process of configuring the action flow, when an application release server receives a connection request sent by the bastion machine, an administrator firstly obtains browser information on the bastion machine, obtains an initial configuration file through the browser information, replaces the initial configuration file with a preset standard configuration file, obtains a starting path of the browser on the bastion machine, and when the bastion machine is started each time, the initial configuration file storing plug-in information is replaced with the standard configuration file without the plug-in information, so that the browsers started by the bastion machine are pure browsers, the influence of personalized plug-ins on the action flow configuration is reduced, the action flow can accurately find the positions of the components, and the browsers can stably run.
In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions: a computer program is stored which can be loaded by a processor and which can perform any of the clean browser invocation methods described above.
According to the technical scheme, in the process of configuring the action flow, when an application release server receives a connection request sent by the bastion machine, an administrator firstly obtains browser information on the bastion machine, obtains an initial configuration file through the browser information, replaces the initial configuration file with a preset standard configuration file, obtains a starting path of the browser on the bastion machine, and when the bastion machine is started each time, the initial configuration file storing plug-in information is replaced with the standard configuration file without the plug-in information, so that the browsers started by the bastion machine are pure browsers, the influence of personalized plug-ins on the action flow configuration is reduced, the action flow can accurately find the positions of the components, and the browsers can stably run.
In summary, the present application includes at least one of the following beneficial technical effects:
1. in the process of configuring the action flow, when an application release server receives a connection request sent by a bastion machine, browser information on the bastion machine is firstly acquired, an initial configuration file is acquired through the browser information, a preset standard configuration file is replaced by the initial configuration file, a starting path of the browser on the bastion machine is acquired, and when the bastion machine is started each time, the initial configuration file storing plug-in information is replaced by the standard configuration file without the plug-in information, so that the browsers started by the bastion machine are pure browsers, the influence of personalized plug-ins on the action flow configuration is reduced, the action flow can accurately find the positions of the components, and the browsers can stably operate;
2. the method has the advantages that the starting path information of the bastion machine and the time information of the system are bound with each other, so that browsers started in different time periods are new browsers, plug-ins in the used browsers caused by starting the used browsers in the using process of the browsers are reduced, further, the action flow configuration is inaccurate, the browsers are difficult to ensure stable operation every time, and the operation stability of the browsers is improved.
Drawings
Fig. 1 is a flowchart of a clean browser invoking method in an embodiment of the present application.
Fig. 2 is a block diagram of a clean browser calling device in the embodiment of the present application.
Reference numerals: 201. a browser information acquisition module; 202. a configuration file acquisition module; 203. a standard configuration acquisition module; 204. a configuration file replacement module; 205. and a browser starting module.
Detailed Description
The present application is described in further detail below with reference to figures 1-2.
The embodiment of the application discloses a clean browser calling method, which is applied to a bastion machine to call a clean browser to access CS type resources, firstly, an action flow called by an operation and maintenance person is configured in an application release server through an administrator, then the application release server grants the authority of the browser capable of being called to the corresponding operation and maintenance person, after the operation and maintenance person starts the browser, the browser on the bastion machine is automatically converted into the clean browser according to the action flow set on the application release server, when the operation and maintenance person uses the browser to carry out data operation and maintenance, the situation that the browser called by the bastion machine contains personalized plug-in units, so that the action flow is difficult to accurately configure components is avoided, and the stability of the bastion machine for carrying out data maintenance is influenced.
As shown in fig. 1, the method comprises the steps of:
s10, the application publishing server obtains the browser type.
When the application issuing server receives a connection request sent by the bastion machine, the application issuing server acquires browser information on the bastion machine, the browser information comprises initial type information, initial path information and initial configuration file information of the browser, and the initial type information can be a fire fox browser or a google browser.
And S11, the application issuing server acquires the configuration file information on the bastion machine.
The application issuing server compares the type of the browser on the bastion machine with the type of the browser on the application issuing server, if the application issuing server comprises the browser with the same type as the browser on the bastion machine, the application issuing server inquires configuration file information on the bastion machine, the configuration file information comprises plug-in information of the browser, the bastion machine starts an exe file of the browser according to a path in the process of starting the browser, and then the bastion machine carries out personalized plug-in configuration on the started browser by reading the configuration file. For example, the browser type on the bastion machine is a fire fox browser, and the browser type on the application release server is a google browser, so that the application release server does not need to query the configuration file of the fire fox browser; when the browser type on the fortress machine is a google browser, the application issuing server comprises a fire fox browser and a google browser, and the application issuing server acquires a configuration file of the google browser on the fortress machine.
And S12, the application issuing server sends the standard configuration file to the bastion machine.
The method comprises the steps that firstly, an application publishing server obtains the type of a browser on the application publishing server, the application publishing server obtains the browser with the same type as the browser on the bastion machine, the application publishing server sends a standard configuration file preset on the application publishing server to the bastion machine, and the standard configuration file is a configuration file contained in a corresponding pure browser. For example, if the browser type on the fortress machine is a google browser, the application issuing server firstly obtains a standard configuration file of the google browser on the application issuing server, the standard configuration file is a configuration file corresponding to the google browser in a pure state, and the application issuing server sends the standard configuration file to the fortress machine from the application issuing server.
S13, the application publishing server replaces the initial configuration file with the standard configuration file.
The method includes the steps that the operation and maintenance personnel still need to start a browser with the plug-in, the operation and maintenance personnel store an initial configuration file in a personalized configuration file library preset in the fortress, when the operation and maintenance personnel need to restart the browser with the plug-in, the operation and maintenance personnel can replace the standard configuration file with the initial configuration file on the fortress, and the operation and maintenance personnel start the browser with the personalized plug-in a mode of restarting the browser on the fortress.
And S14, the application issuing server acquires the initial path information on the bastion machine.
The initial path information is the path information of a browser started by the bastion machine, and the bastion machine sends the initial path information to the application release server.
And S15, the bastion machine starts the browser according to the initial path information.
When the application issuing server receives an instruction of starting the browser by the bastion machine, the bastion machine starts the browser according to the received initial path information and the standard configuration file so as to complete the configuration of the action flow of the browser. When an operation and maintenance person starts the browser through the bastion machine, the bastion machine directly replaces the browser on the bastion machine with a pure browser according to the configured action flow, the accuracy degree of the bastion machine configuration action flow influenced by the plug-in the browser is reduced, and therefore the stability of the action flow is improved.
In one embodiment, considering that when an operation and maintenance person carries out operation and maintenance operation, browsers on the bastion machine call browsers are replaced by clean browsers through action flows, the clean browsers are browsers without plug-ins, paths of user data of the bastion machine for calling the browsers each time are the same, and in order to ensure that the user data of the browser called by the bastion machine last time cannot influence the next browser calling by the bastion machine, starting paths of the browser user data called by the bastion machine each time need to be distinguished; after an application publishing server obtains initial path information of browser user information on a bastion machine, the application publishing server obtains current time information of a system, the application publishing server obtains initial path information of browser user data on the bastion machine, the application publishing server generates action path information through the time information and the initial path information of the system, the action path information is the initial path information and the current system time information, the application publishing server replaces the initial path information with the action path information, the application publishing server assigns a starting program of the browser to the initial path information, the application publishing server operates the assigned browser through an initial configuration file after the initial configuration file is appointed to be replaced, when the bastion machine calls the browser, the browsers called browsers in each time period are different, and the browsers called by the bastion machine in each time period are all brand-new browsers without user data, the influence of the browsers called in different time periods when the browser is called by the bastion machine is reduced, and the stability of the browser called by the bastion machine is further improved. For example, the current time is X month X day X point X minutes X seconds X milliseconds, the initial path information of the browser is C \ browser data \ chrome, the action path information of the browser is C \ browser data \ chrome & @ X month & @ X day & @ X time & @ X minutes & @ X seconds & @ X milliseconds, after the application publishing server replaces the initial path information with the action path information, the application publishing server sets a path for starting user data of the browser in a time mode, so that each time the browser is called, the user data corresponding to the browser is brand new.
In one embodiment, in consideration of adjustment of system parameters during operation and maintenance of the system, in order to ensure stable operation of the system, identity information of operation and maintenance personnel needs to be verified; before an application issuing server receives a connection request sent by a bastion machine, when the bastion machine receives a login instruction, the bastion machine acquires login identity information of an operation and maintenance person, wherein the login identity information comprises initial account information and initial password information; otherwise, the fort machine sends prompt information of wrong account number password to the fort machine of the operation and maintenance personnel and sends identity alarm information to the intelligent terminal of the administrator, so that the possibility that illegal personnel log in the fort machine and make illegal operation is reduced, and the safety performance of the fort machine is improved. For example, the initial account information of the operation and maintenance personnel is yunwei007, yunwei001-yunwei010 is stored in the preset standard identity information base, the login of the operation and maintenance personnel is allowed by comparing whether the registered password of yunwei007 is the same as the preset password of yunwei007, and if so, the operation and maintenance personnel is allowed to log in; otherwise, the prompt message of 'account password error' is sent to the fortress machine of the operation and maintenance personnel, and meanwhile, the alarm message of 'illegal identity login detection' is sent to the intelligent terminal of the administrator.
In one embodiment, in consideration of the fact that operation and maintenance personnel need to perform unauthorized operation in order to ensure normal operation of a system under extreme conditions, an administrator can modify the authority information of the operation and maintenance personnel; when the authority information of the operation and maintenance personnel needs to be modified, the fortress machine firstly acquires the modified operation and maintenance personnel needing to modify the authority and the modified authority information corresponding to the modified operation and maintenance personnel, inquires the initial identity information corresponding to the modified operation and maintenance personnel in a preset operation and maintenance personnel library, stores different operation and maintenance personnel and the initial identity information corresponding to the operation and maintenance personnel in the operation and maintenance personnel library, and replaces the initial authority information in the initial identity information corresponding to the operation and maintenance personnel with the modified authority information. For example, the authority information of the operation and maintenance person a is level 1, the authority information of the operation and maintenance person B is level 3, and when the operation and maintenance person B cannot maintain the system due to ineffectiveness, the administrator can obtain the initial authority information in the initial identity information of the operation and maintenance person B, and modify the level 1 in the initial authority information into the level 3, so that the operation and maintenance person can perform unauthorized operation under special conditions, and the flexibility of operation and maintenance of the fort machine is improved.
It is worth mentioning that in consideration of special conditions, operation and maintenance personnel can perform unauthorized operation, workers need to add timeliness limitation to the modification authority information in order to prevent the operation and maintenance personnel from performing unauthorized operation outside the special conditions, when the bastion machine modifies the authority information, the bastion machine obtains the change time information, adds the limitation time information to the change authority information, and replaces the initial authority information in the initial identity information corresponding to the operation and maintenance personnel with the change authority information; the bastion machine acquires the limitation application information when identifying the initial authority information, starts timing after receiving a request of operation and maintenance personnel for operation and maintenance operation, and replaces the initial authority information after the operation and maintenance personnel is replaced by the initial authority information before the replacement when the timing time information reaches the limitation time information, so that after the administrator replaces the authority of the operation and maintenance personnel, the override duration of the operation and maintenance personnel can be automatically limited by increasing the limitation time information. For example, the administrator replaces the level 1 of the initial authority information of the operation and maintenance person a with the level 3, adds the limited time information 36h, starts to time after receiving the operation and maintenance operation of the operation and maintenance person, and replaces the initial authority information of the operation and maintenance person from the level 3 to the level 1 when the time reaches 36 h.
The correspondence between the operation and maintenance personnel and the initial identity information is shown in table 1:
Figure BDA0003509806700000091
table 1;
in one embodiment, considering the situation that illegal login of non-operation and maintenance personnel is possible, the bastion machine needs to verify the identity information of the operation and maintenance personnel, after replacing the initial authority information in the initial identity information corresponding to the operation and maintenance personnel with the changed authority information, the bastion machine obtains the initial authority information in the initial identity information corresponding to the operation and maintenance personnel, queries the preset authority information corresponding to the operation and maintenance personnel in a preset identity authority database, wherein the identity authority database comprises different operation and maintenance personnel and preset authority information corresponding to the operation and maintenance personnel, compares the initial authority information with the preset authority information, and if the initial authority information is different from the preset authority information, the bastion machine sets the initial authority information as the preset authority information and sends prompt information of the authority change related to the operation and maintenance personnel to the intelligent terminal of a manager, the administrator can timely know the prompt information of the authority change of the operation and maintenance personnel, the preset authority information can be automatically modified after the administrator modifies the authority information of the operation and maintenance personnel, the possibility that the bastion machine works abnormally due to the fact that the preset authority information is not modified after the administrator modifies the authority information of the operation and maintenance personnel is reduced, and therefore the stability of the bastion machine in the operation process is improved. For example, the initial authority information in the initial identity information of the operation and maintenance personnel A is level 2, the preset authority information is level 2, after the administrator modifies the initial authority information into level 3, the bastion machine can compare the initial authority level with the preset authority level in the operation process, and after the fact that the initial authority level is different from the preset authority level is inquired, the preset authority level is replaced by the level 3, so that the bastion machine can automatically modify the preset authority information.
In one embodiment, considering that the initial identity information of the operation and maintenance personnel is leaked to cause other personnel to log in illegally and then operate illegally on the bastion machine, the bastion machine needs to compare the login address information of the operation and maintenance personnel, before the initial account information is the same as the standard account information and the initial password information is the same as the standard password information, the bastion machine acquires the actual IP address of the login bastion machine, the bastion machine compares the actual IP address with the preset standard IP address, if the actual IP address is different from the preset IP address, the bastion machine stores the initial account information into a preset temporary blacklist library, and sends alarm information matched with the initial account information in the temporary blacklist library to intelligent equipment of an administrator, so that the possibility that other personnel log in the bastion machine in different places and then perform illegal operation on the bastion machine is reduced, and the bastion machine can check the logged IP address information of the operation and maintenance personnel. For example, the actual IP address information of the operation and maintenance person a is 192.168.3.8, the preset IP address information of the operation and maintenance person a is 192.168.30.85, the initial account information of the operation and maintenance person a is stored in the temporary blacklist library, and an alarm message such as "detection of illegal login of the operation and maintenance person a" is sent to the intelligent terminal of the worker.
It is worth mentioning that in consideration of special conditions, the operation and maintenance personnel A can only log in through other address information, the manager can change and count the actual IP address information which appears for a plurality of times simultaneously and the initial identity information of the operation and maintenance personnel, if the actual IP address information is different from the standard IP address information, the bastion machine counts the times of the simultaneous appearance of the actual IP address information and the initial identity information of the operation and maintenance personnel, the bastion machine compares the counted times with the preset critical times, if the counted times are greater than the critical times, the bastion machine stores the actual IP address information and the initial identity information of the operation and maintenance personnel into a preset temporary white list library and sends the bastion list library to the intelligent equipment of the manager, and after receiving the confirmation information of the manager, the bastion machine adds the actual IP address information into the standard IP address information, so that the possibility that the operation and maintenance personnel need to log in to carry out operation in different places under special conditions is reduced, therefore, the flexibility degree of checking the actual IP address information by the bastion machine is improved. For example, the actual IP address information 192.168.22.36 of the operation and maintenance person a is different from the preset IP address information 192.168.88.66, the critical times are set to 5 times, the number of times that the initial identity information of the operation and maintenance person a and the actual IP address information 192.168.88.66 appear simultaneously is 6 times, the initial identity information of the operation and maintenance person a and the actual IP address information 192.168.88.66 are added to the temporary white list library, the initial identity information of the operation and maintenance person a and the actual IP address information 192.168.88.66 are sent to the intelligent terminal of the administrator, and after confirmation information of the administrator such as "login permission" is received, the actual IP address information 192.168.88.66 is added to the standard IP address information 192.168.22.36, so that the standard IP address information is 192.168.22.36 or 192.168.88.66.
The implementation principle of the embodiment of the application is as follows: the method comprises the steps that firstly, an administrator configures action flow for a browser, acquires browser type information, sets a data path for starting a user in a time mode, acquires starting path information, assigns the starting path information, uses appointed initial configuration file information after receiving a starting instruction, and starts the browser according to the assigned starting path information to ensure that the browser started each time is a pure browser without plug-ins and without user data.
Based on the method, the embodiment of the application also discloses a pure browser calling device.
As shown in fig. 2, the apparatus includes the following modules:
the browser information acquiring module 201 is used for acquiring browser information on the bastion machine by the application issuing server when the application issuing server receives a connection request sent by the bastion machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of the browser;
the configuration file acquisition module 202 is used for acquiring configuration file information on the bastion machine if a browser type library preset on the application release server contains browser type information which is the same as the initial type information;
the standard configuration acquisition module 203 is used for sending standard configuration file information corresponding to a preset plug-in-free browser corresponding to the initial type information of the browser of the bastion machine on the application release server to the bastion machine;
the configuration file replacing module 204 is used for replacing the initial configuration file information in the bastion machine with the standard configuration file information;
the browser starting module 205 is used for acquiring initial path information of a browser on the bastion machine by using the issuing server, wherein the initial path information is the path information of the bastion machine for starting the browser;
the embodiment of the application also discloses computer equipment.
Specifically, the computer device comprises a memory and a processor, wherein the memory stores a computer program which can be loaded by the processor and executes the pure browser calling method.
The embodiment of the application also discloses a computer readable storage medium.
Specifically, the computer-readable storage medium stores a computer program that can be loaded by a processor and executes the clean browser calling method as described above, and includes, for example: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The present embodiment is only for explaining the present invention, and it is not limited to the present invention, and those skilled in the art can make modifications of the present embodiment without inventive contribution as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present invention.

Claims (10)

1. A clean browser invocation method, characterized in that said method comprises:
when an application issuing server receives a connection request sent by a bastion machine, the application issuing server acquires browser information on the bastion machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of the browser;
if the browser type library preset on the application issuing server contains the browser type information which is the same as the initial type information, the application issuing server acquires the configuration file information on the bastion machine;
the preset plug-in-free browser corresponding to the initial type information of the browser of the bastion machine on the application release server;
the application release server acquires standard configuration file information corresponding to the plug-in-free browser and sends the standard configuration file information to the bastion machine;
the fort machine replaces the initial configuration file information in the fort machine with the standard configuration file information;
the application issuing server acquires initial path information of a browser on the bastion machine, wherein the initial path information is path information of starting the browser by the bastion machine;
and when the bastion machine starts the browser, the bastion machine starts the browser according to the initial path information acquired by the application issuing server.
2. The method of claim 1, wherein after the application publishing server obtains initial path information of the browser on the bastion machine, the method further comprises:
the application issuing server acquires time information;
the application issuing server acquires action path information, wherein the action path information comprises initial path information and time information, and the action path information is a path which adopts time information to set user data starting;
the application issuing server sets the action path information as initial path information;
the application release server acquires the starting path information of the browser on the bastion machine;
the application issuing server assigns the starting path information;
the application issuing server acquires the initial configuration file information, wherein the initial configuration file information is replaced initial configuration file information;
and the application release server specifies the initial configuration file information, and the bastion machine starts the browser according to the assigned starting path information.
3. The method as claimed in claim 1, before the time when the application publishing server receives the connection request sent by the bastion machine, further comprising:
when the bastion machine receives a login instruction, the bastion machine acquires initial identity information of an operation and maintenance person, wherein the initial identity information comprises initial account information and initial password information;
the bastion machine inquires standard identity information which is the same as the initial identity information in a preset standard identity information base, wherein the standard identity information comprises standard account information and standard password information;
the bastion machine compares the standard identity information with preset identity information;
if the standard identity information matched with the initial identity information exists, the bastion machine respectively compares the standard account information with the initial account information, the standard password information and the initial password information;
if the initial account information is the same as the standard account information, the initial password information and the standard password information, allowing the operation and maintenance personnel to log in by the bastion machine; otherwise, the fortress machine sends prompt information of wrong account number and password to the fortress machine of the operation and maintenance personnel and sends identity alarm information to the intelligent terminal of the administrator.
4. The method of claim 3, further comprising:
the fortress machine acquires the change operation and maintenance personnel needing to modify the authority and the change authority information corresponding to the change operation and maintenance personnel;
the fortress machine inquires initial identity information corresponding to the operation and maintenance personnel in a preset operation and maintenance personnel library, wherein the operation and maintenance personnel library stores different operation and maintenance personnel and initial identity information corresponding to the operation and maintenance personnel;
and the fortress machine replaces the initial permission information in the initial identity information corresponding to the operation and maintenance personnel with the change permission information.
5. The method according to claim 4, wherein after the bastion machine replaces the initial authority information in the initial identity information corresponding to the changed operation and maintenance personnel with the changed authority information, the method further comprises the following steps:
the fortress machine acquires initial authority information in initial identity information corresponding to operation and maintenance personnel;
the fortress machine inquires preset authority information corresponding to operation and maintenance personnel in a preset identity authority database, wherein the identity authority database comprises different operation and maintenance personnel and preset authority information corresponding to the operation and maintenance personnel;
the bastion machine compares the initial authority information with preset authority information;
if the initial authority information is different from the preset authority information, the bastion machine sets the initial authority information as the preset authority information and sends prompt information of authority change related to operation and maintenance personnel to an intelligent terminal of an administrator.
6. The method of claim 3, wherein after the bastion machine compares the standard identity information with the preset identity information, the method further comprises:
the bastion machine acquires the actual IP address information of the bastion machine;
the bastion machine compares the actual IP address information with preset standard IP address information;
if the actual IP address information is different from the standard IP address information, the bastion machine stores the initial account information into a preset temporary blacklist library, and the bastion machine sends alarm information matched with the initial account information in the temporary blacklist library to intelligent equipment of an administrator.
7. The method as claimed in claim 6, wherein before the bastion machine stores the initial account information into a preset temporary blacklist library, the method further comprises:
the bastion machine counts the times of the simultaneous occurrence of the actual IP address and the initial identity information of the operation and maintenance personnel;
the bastion machine compares the counted times with preset knot times;
if the counted times are larger than the critical times, the bastion machine stores the actual IP address and the initial identity information of the operation and maintenance personnel into a preset temporary white list library and sends the actual IP address and the initial identity information to the intelligent equipment of the administrator;
when the confirmation information of the administrator is received, the bastion machine adds the actual IP address to the standard IP address information.
8. A clean browser invocation device, said device comprising:
the system comprises a browser information acquisition module (201) and a service processing module, wherein the browser information acquisition module is used for acquiring browser information on the bastion machine by an application issuing server when the application issuing server receives a connection request sent by the bastion machine, and the browser information comprises initial type information, initial path information and initial configuration file information of a browser;
a configuration file acquisition module (202) for acquiring the configuration file information on the bastion machine if a browser type library preset on the application release server contains the browser type information same as the initial type information;
the standard configuration acquisition module (203) is used for sending standard configuration file information corresponding to a preset plug-in-free browser corresponding to the initial type information of the browser of the bastion machine on the application release server to the bastion machine;
a configuration file replacing module (204) for replacing the standard configuration file information by the fort machine for the initial configuration file information in the fort machine;
and the browser starting module (205) is used for acquiring initial path information of the browser on the bastion machine by the application issuing server, wherein the initial path information is the path information of the bastion machine starting browser.
9. A computer device comprising a memory and a processor, the memory having stored thereon a computer program that can be loaded by the processor and that executes the method according to any of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which can be loaded by a processor and which executes the method of any one of claims 1 to 7.
CN202210149641.8A 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium Active CN114584609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210149641.8A CN114584609B (en) 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210149641.8A CN114584609B (en) 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114584609A true CN114584609A (en) 2022-06-03
CN114584609B CN114584609B (en) 2024-02-27

Family

ID=81770755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210149641.8A Active CN114584609B (en) 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114584609B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219330A (en) * 2014-09-29 2014-12-17 北京神州绿盟信息安全科技股份有限公司 Method and system for auditing screen record based on WEB proxy
CN112838951A (en) * 2020-12-31 2021-05-25 恒安嘉新(北京)科技股份公司 Operation and maintenance method, device and system of terminal equipment and storage medium
CN112954040A (en) * 2021-02-04 2021-06-11 深圳融安网络科技有限公司 Method, system, device and storage medium for embedding application release server
CN113961892A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Account security control method and system, readable storage medium and computer equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219330A (en) * 2014-09-29 2014-12-17 北京神州绿盟信息安全科技股份有限公司 Method and system for auditing screen record based on WEB proxy
CN112838951A (en) * 2020-12-31 2021-05-25 恒安嘉新(北京)科技股份公司 Operation and maintenance method, device and system of terminal equipment and storage medium
CN112954040A (en) * 2021-02-04 2021-06-11 深圳融安网络科技有限公司 Method, system, device and storage medium for embedding application release server
CN113961892A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Account security control method and system, readable storage medium and computer equipment

Also Published As

Publication number Publication date
CN114584609B (en) 2024-02-27

Similar Documents

Publication Publication Date Title
CN110213356B (en) Login processing method based on data processing and related equipment
CN109885554A (en) Method of Database Secure Audit method, system and computer readable storage medium
CN110417778B (en) Access request processing method and device
CN107196951A (en) The implementation method and firewall system of a kind of HDFS systems fire wall
US20100097213A1 (en) Security infrastructure
CN108769073A (en) A kind of information processing method and equipment
CN108989150A (en) A kind of login method for detecting abnormality and device
CN110290138B (en) Restricted login method and system suitable for test database
EP3835978A1 (en) Software license manager
CN103581185A (en) Cloud searching and killing method, device and system for resisting anti-antivirus test
CN103001946A (en) Website security detection method, website security detection equipment and website security detection system
CN110290114A (en) A kind of loophole automation means of defence and system based on warning information
CN107124420A (en) Auth method and device
CN111639314A (en) Container login system, method, server and storage medium
CN110049028A (en) Monitor method, apparatus, computer equipment and the storage medium of domain control administrator
US11593463B2 (en) Execution type software license management
CN113868669A (en) Vulnerability detection method and system
CN108650123B (en) Fault information recording method, device, equipment and storage medium
CN111625700B (en) Anti-grabbing method, device, equipment and computer storage medium
US11983252B2 (en) Software license manager security
CN111526109A (en) Method and device for automatically detecting running state of web threat recognition defense system
CN116232875B (en) Remote office method, device, equipment and medium
CN105791308B (en) Method, device and system for actively identifying domain user login event information
CN114584609A (en) Pure browser calling method, device, equipment and storage medium
CN110516170B (en) Method and device for checking abnormal web access

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant