CN114584609B - Pure browser calling method, device, equipment and storage medium - Google Patents

Pure browser calling method, device, equipment and storage medium Download PDF

Info

Publication number
CN114584609B
CN114584609B CN202210149641.8A CN202210149641A CN114584609B CN 114584609 B CN114584609 B CN 114584609B CN 202210149641 A CN202210149641 A CN 202210149641A CN 114584609 B CN114584609 B CN 114584609B
Authority
CN
China
Prior art keywords
information
initial
browser
machine
fort machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210149641.8A
Other languages
Chinese (zh)
Other versions
CN114584609A (en
Inventor
王霄
操飞飞
于洋
王志彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shengborun High Tech Co ltd
Original Assignee
Beijing Shengborun High Tech Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shengborun High Tech Co ltd filed Critical Beijing Shengborun High Tech Co ltd
Priority to CN202210149641.8A priority Critical patent/CN114584609B/en
Publication of CN114584609A publication Critical patent/CN114584609A/en
Application granted granted Critical
Publication of CN114584609B publication Critical patent/CN114584609B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application relates to a pure browser calling method, a pure browser calling device, pure browser calling equipment and a pure browser storage medium, wherein the pure browser calling method comprises the following steps: when an application release server receives a connection request sent by a fort machine, the application release server acquires browser information on the fort machine; the application release server acquires configuration file information on the fort machine; a preset plug-in-free browser corresponding to the initial type information of the browser of the fort machine on the application release server; the application release server acquires standard configuration file information and sends the standard configuration file information to the fort machine; the bastion machine replaces the initial configuration file information in the bastion machine with the standard configuration file information; the application release server acquires initial path information of a browser on the fort machine; the bastion machine starts the browser according to the initial path information acquired by the application release server. The technical effect that this application had is: the influence of the personalized plug-in on the configuration of the action flow is reduced, so that the action flow can accurately find the position of the component, and the browser can stably run.

Description

Pure browser calling method, device, equipment and storage medium
Technical Field
The present disclosure relates to the technical field of browser invocation, and in particular, to a pure browser invocation method, device, apparatus, and storage medium.
Background
The fort machine is used for monitoring and recording the operation behaviors of operation and maintenance personnel on devices such as servers, network devices, security devices, databases and the like in a network by using various technical means under a specific network environment in order to ensure that the network and data are not invaded and damaged by external and internal users.
The bastion machine provides an action flow configuration scheme for access and audit of application system classes, and the action flow is a series of operation steps correspondingly made when the system is triggered for a certain trigger condition; for the operation and audit of CS application systems, the implementation mode of the fort machine is to call an application release server, commonly called as a 'trigger jump and a front end processor'.
In the process of calling the action stream for the fort machine, the inventor considers that the process has at least the following problems: the plug-in of the browser can change the storage position of the action flow component, and the plug-in of each browser is personalized based on the operation habit of a user, so that the action flow automatically executed can possibly not accurately find the position of the component due to the plug-in of the browser, the normal operation of the action flow is influenced, and the problem of error calling of the fort is caused.
Disclosure of Invention
In order to solve the problem that the normal operation of an action flow is influenced by a plug-in of a browser and the call error of a fort machine is caused, the pure browser call method, device and equipment and storage medium are provided.
In a first aspect, the present application provides a pure browser invocation method, which adopts the following technical scheme: the method comprises the following steps:
when an application release server receives a connection request sent by a fort machine, the application release server acquires browser information on the fort machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of a browser;
if the browser type library preset on the application release server contains browser type information which is the same as the initial type information, the application release server acquires configuration file information on the fort machine;
a preset plug-in-free browser corresponding to the initial type information of the browser of the fort machine on the application release server is selected;
the application release server acquires standard configuration file information corresponding to the plug-in-free browser and sends the standard configuration file information to the fort machine;
the bastion machine replaces the initial configuration file information in the bastion machine with the standard configuration file information;
the application release server acquires initial path information of a browser on the bastion machine, wherein the initial path information is the path information of starting the browser by the bastion machine;
when the bastion machine starts the browser, the bastion machine starts the browser according to the initial path information acquired by the application release server.
According to the technical scheme, when the connection request sent by the fort machine is received by the application issuing server in the process of configuring the action flow, an administrator firstly obtains the browser information on the fort machine, obtains the initial configuration file through the browser information, replaces the initial configuration file with the preset standard configuration file, obtains the starting path of the browser on the fort machine, and firstly replaces the initial configuration file storing the plug-in information with the standard configuration file without the plug-in information when the fort machine is started each time, so that the browser started by the fort machine is a pure browser, the influence of personalized plug-in on the configuration of the action flow is reduced, the action flow can accurately find the position of the component, and the browser can stably run.
Preferably, after the application publishing server obtains the initial path information of the browser on the fort, the method further comprises:
the application release server acquires time information;
the application distribution server acquires action path information including initial path information and time information,
the action path information is a path for starting user data set by adopting time information;
the application issuing server sets the action path information as initial path information;
the application release server acquires the starting path information of the browser on the fort machine;
the application release server assigns values to the starting path information;
the application release server acquires the initial configuration file information, wherein the initial configuration file information is replaced initial configuration file information;
the application release server designates the initial configuration file information, and the bastion machine starts the browser according to the assigned starting path information.
Through the technical scheme, the starting path information of the fort machine and the time information of the system are mutually bound, so that the browsers started in different time periods are all new browsers, the existence of plug-ins in the used browsers caused by starting the used browsers in the using process of the browsers is reduced, the inaccurate configuration of action streams is caused, the stable operation of the browsers is difficult to ensure each time, and the operation stability of the browsers is improved.
Preferably, before the application publishing server receives the connection request sent by the fort machine, the method further comprises:
when the fort machine receives a login instruction, the fort machine acquires initial identity information of operation and maintenance personnel, wherein the initial identity information comprises initial account information and initial password information;
the bastion machine queries standard identity information which is the same as the initial identity information in a preset standard identity information base, wherein the standard identity information comprises standard account information and standard password information;
the fort machine compares the standard identity information with preset identity information;
if the standard identity information matched with the initial identity information exists, the fort machine respectively compares the standard account information with the initial account information, the standard password information and the initial password information;
if the initial account information is the same as the standard account information, the initial password information and the standard password information, allowing the operation and maintenance personnel to log in by the bastion machine; otherwise, the fort machine sends prompt information of wrong account numbers and passwords to the fort machine of the operation and maintenance personnel, and sends identity alarm information to the intelligent terminal of the manager.
According to the technical scheme, when the fort machine receives a login instruction, initial identity information of an operation and maintenance person is firstly obtained, and whether the identity information of the current operation and maintenance person is legal or not is judged by comparing the initial identity information with preset identity information; when the fact that the initial identity information and the preset identity information of the operation and maintenance personnel are wrong is detected, prompt information of wrong account passwords is sent to a fort machine of the operation and maintenance personnel, and meanwhile identity alarm information is sent to an intelligent terminal of an administrator, so that the operation and maintenance personnel are difficult to use illegal accounts to conduct illegal operation, and meanwhile the administrator can be informed of related illegal identities in time, and therefore the safety degree of the operation and maintenance personnel on the system is improved.
Preferably, the fort machine acquires a change operation and maintenance person needing modification authority and change authority information corresponding to the change operation and maintenance person;
inquiring initial identity information corresponding to the change operation personnel in a preset operation personnel library by the fort machine, wherein different operation personnel and initial identity information corresponding to the operation personnel are stored in the operation personnel library;
the fort machine replaces the initial authority information in the initial identity information corresponding to the change operation and maintenance personnel with the change authority information.
Through the technical scheme, the administrator can change the operation range of the operation and maintenance personnel by modifying the authority information of the operation and maintenance personnel, so that the operation exceeding the preset authority can be carried out by the operation and maintenance personnel after the permission of the administrator is acquired under extreme conditions, and the flexibility degree of the fort machine for examining the authority of the operation and maintenance personnel is improved.
Preferably, after the fort machine replaces the initial authority information in the initial identity information corresponding to the change operation and maintenance personnel with the change authority information, the fort machine further includes:
the fort machine obtains initial authority information in initial identity information corresponding to the operation and maintenance personnel;
the fort machine queries preset authority information corresponding to operation and maintenance personnel in a preset identity authority database, wherein the identity authority database comprises different operation and maintenance personnel and preset authority information corresponding to the operation and maintenance personnel;
the fort machine compares the initial authority information with preset authority information;
if the initial authority information is different from the preset authority information, the fort machine sets the initial authority information as the preset authority information and sends prompt information of authority change related to operation and maintenance personnel to an intelligent terminal of an administrator.
Through the technical scheme, after the authority information of the operation and maintenance personnel is modified by the administrator, the fort machine can automatically acquire the changed operation and maintenance personnel and the corresponding changed authority information, and the fort machine can automatically update the information of the operation and maintenance personnel with the changed authority by comparing the initial authority information in the initial identity information of the operation and maintenance personnel with the preset authority information, so that the possibility that the fort machine fails to determine the authority information of the operation and maintenance personnel to cause illegal operation is reduced.
Preferably, after the bastion machine compares the standard identity information with the preset identity information, the bastion machine further includes:
the fort machine acquires the actual IP address information of the fort machine;
comparing the actual IP address information with preset standard IP address information by the fort machine;
if the actual IP address information is different from the standard IP address information, the fort machine stores the initial account information into a preset temporary blacklist library, and the fort machine sends alarm information matched with the initial account information in the temporary blacklist library to intelligent equipment of an administrator.
Through the technical scheme, after the identity of the operation and maintenance personnel is checked, the fort machine can monitor the logged-in IP address of the operation and maintenance personnel by checking the preset standard IP address information and the actual IP address information and has the right to pull the account number of the illegal personnel as the checking result into the temporary blacklist, so that the possibility of illegal operation in an illegal region after the illegal user acquires the identity information of the operation and maintenance personnel is reduced, and the supervision of the fort machine on the illegal operation of the operation and maintenance personnel is further improved, and the fort machine is not easy to have illegal operation, thereby improving the stability of the system in the maintenance process.
Preferably, before the fort machine stores the initial account information into a preset temporary blacklist library, the fort machine further includes:
counting the number of times that the actual IP address and the initial identity information of the operation and maintenance personnel occur simultaneously by the fort machine;
comparing the counted times with preset bow tie times by the fort machine;
if the counted times are greater than the critical times, the fort stores the actual IP address and the initial identity information of the operation and maintenance personnel into a preset temporary white list library and sends the information to intelligent equipment of an administrator;
when the confirmation information of the administrator is received, the fort adds the actual IP address to the standard IP address information.
Through the technical scheme, the number of times of simultaneous occurrence of the actual IP address and the initial identity information of the operation and maintenance personnel is counted, when the counted number of times is larger than the preset critical number of times, the actual IP address and the initial identity information of the operation and maintenance personnel are sent to the intelligent equipment of the manager together, so that the manager can change the properties of the illegal address and the illegal identity information which occur simultaneously for many times, the operation and maintenance personnel can maintain the system in an uncontrollable condition in a different-place login mode, the processing capacity of the fort machine to the terminal condition is improved, and the flexibility degree of the fort machine is improved.
In a second aspect, the present application provides a pure browser call device, which adopts the following technical scheme: the device comprises:
the system comprises a browser information acquisition module, a server management module and a server management module, wherein the browser information acquisition module is used for acquiring browser information on a fort machine when an application release server receives a connection request sent by the fort machine, and the browser information comprises initial type information, initial path information and initial configuration file information of a browser;
the configuration file acquisition module is used for acquiring the configuration file information on the bastion machine if the browser type information which is the same as the initial type information is contained in a browser type library preset on the application release server;
the standard configuration acquisition module is used for transmitting standard configuration file information corresponding to a preset plug-in-free browser corresponding to initial type information of a browser of the fort machine on the application release server to the fort machine;
the configuration file replacement module is used for replacing the initial configuration file information in the bastion machine by the standard configuration file information;
the browser starting module is used for acquiring initial path information of a browser on the bastion machine by the application publishing server, wherein the initial path information is the path information of the browser started by the bastion machine;
according to the technical scheme, when the connection request sent by the fort machine is received by the application issuing server in the process of configuring the action flow, an administrator firstly obtains the browser information on the fort machine, obtains the initial configuration file through the browser information, replaces the initial configuration file with the preset standard configuration file, obtains the starting path of the browser on the fort machine, and firstly replaces the initial configuration file storing the plug-in information with the standard configuration file without the plug-in information when the fort machine is started each time, so that the browser started by the fort machine is a pure browser, the influence of personalized plug-in on the configuration of the action flow is reduced, the action flow can accurately find the position of the component, and the browser can stably run.
In a third aspect, the present application provides a computer device, which adopts the following technical scheme: comprising a memory and a processor, said memory having stored thereon a computer program capable of being loaded by the processor and executing any of the clean browser invocation methods described above.
According to the technical scheme, when the connection request sent by the fort machine is received by the application issuing server in the process of configuring the action flow, an administrator firstly obtains the browser information on the fort machine, obtains the initial configuration file through the browser information, replaces the initial configuration file with the preset standard configuration file, obtains the starting path of the browser on the fort machine, and firstly replaces the initial configuration file storing the plug-in information with the standard configuration file without the plug-in information when the fort machine is started each time, so that the browser started by the fort machine is a pure browser, the influence of personalized plug-in on the configuration of the action flow is reduced, the action flow can accurately find the position of the component, and the browser can stably run.
In a fourth aspect, the present application provides a computer readable storage medium, which adopts the following technical solutions: a computer program is stored that can be loaded by a processor and that performs any of the clean browser invocation methods described above.
According to the technical scheme, when the connection request sent by the fort machine is received by the application issuing server in the process of configuring the action flow, an administrator firstly obtains the browser information on the fort machine, obtains the initial configuration file through the browser information, replaces the initial configuration file with the preset standard configuration file, obtains the starting path of the browser on the fort machine, and firstly replaces the initial configuration file storing the plug-in information with the standard configuration file without the plug-in information when the fort machine is started each time, so that the browser started by the fort machine is a pure browser, the influence of personalized plug-in on the configuration of the action flow is reduced, the action flow can accurately find the position of the component, and the browser can stably run.
In summary, the present application includes at least one of the following beneficial technical effects:
1. in the process of configuring the action flow, when an application issuing server receives a connection request sent by a fort machine, firstly acquiring browser information on the fort machine, acquiring an initial configuration file through the browser information, replacing the initial configuration file with a preset standard configuration file, acquiring a starting path of the browser on the fort machine, and when the fort machine is started each time, replacing the initial configuration file storing plug-in information with the standard configuration file without plug-in information, so that the browser started by the fort machine is a pure browser, the influence of personalized plug-in on the configuration of the action flow is reduced, the action flow can accurately find the position of a component, and the browser can stably run;
2. by binding the starting path information of the fort machine and the time information of the system with each other, the browsers started in different time periods are all new browsers, the plug-in units in the used browsers caused by starting the used browsers in the using process of the browsers are reduced, the action flow configuration is inaccurate, the stable operation of the browsers is difficult to ensure each time, and the operation stability of the browsers is improved.
Drawings
FIG. 1 is a flow chart of a clean browser invocation method in an embodiment of the present application.
Fig. 2 is a block diagram of a pure browser call device in an embodiment of the present application.
Reference numerals: 201. a browser information acquisition module; 202. a configuration file acquisition module; 203. a standard configuration acquisition module; 204. a configuration file replacement module; 205. and a browser starting module.
Detailed Description
The present application is described in further detail below in conjunction with figures 1-2.
The embodiment of the application discloses a pure browser calling method, which is applied to a fort machine to call a pure browser to access CS type resources, firstly, an administrator is used for configuring the called action flow of operation and maintenance personnel in an application release server, then the application release server grants the authority of the callable browser to the corresponding operation and maintenance personnel, after the operation and maintenance personnel starts the browser, the browser on the fort machine is automatically converted into the pure browser according to the action flow set on the application release server, and when the operation and maintenance personnel uses the browser to carry out data operation and maintenance, personalized plug-ins are not contained in the browser called by the fort machine, so that the action flow is difficult to accurately configure components, and the stability of the fort machine for carrying out data maintenance is affected.
As shown in fig. 1, the method comprises the steps of:
s10, the application release server acquires the browser type.
When the application release server receives a connection request sent by the fort machine, the application release server acquires browser information on the fort machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of a browser, and the initial type information can be a fire fox browser or a google browser.
S11, the application release server acquires the configuration file information on the fort machine.
The application release server compares the type of the browser on the fort machine with the type of the browser on the application release server, if the application release server comprises a browser with the same type as the browser on the fort machine, the application release server inquires configuration file information on the fort machine, the configuration file information comprises plug-in information of the browser, the fort machine starts an exe file of the browser according to a path in the process of starting the browser, and then the fort machine performs personalized plug-in configuration on the started browser by reading the configuration file. For example, if the browser type on the fort is a fire fox browser and the browser type on the application publishing server is a google browser, the application publishing server does not need to query the configuration file of the fire fox browser; when the browser type on the fort machine is google browser, the application release server comprises a fire fox browser and a google browser, and then the application release server obtains the configuration file of the google browser on the fort machine.
S12, the application release server sends the standard configuration file to the fort machine.
The method comprises the steps that firstly, an application release server obtains the browser type on the application release server, the application release server obtains the browser with the same browser type as that on the bastion machine, and the application release server sends standard configuration files preset on the application release server to the bastion machine, wherein the standard configuration files are configuration files contained in corresponding pure browsers. For example, if the browser type on the fort machine is google browser, the application release server first obtains the standard configuration file of the google browser on the application release server, where the standard configuration file is the configuration file corresponding to the google browser in a pure state, and the application release server sends the standard configuration file from the application release server to the fort machine.
S13, the application release server replaces the initial configuration file with the standard configuration file.
The method comprises the steps that in consideration of the fact that an operation and maintenance person still needs to start a browser containing a plug-in, the operation and maintenance person stores an initial configuration file in a preset individual configuration file library of the fort machine, when the operation and maintenance person needs to restart the browser containing the plug-in, the operation and maintenance person can replace a standard configuration file with the initial configuration file on the fort machine, and the operation and maintenance person restarts the browser on the fort machine to start the browser with the individual plug-in.
S14, the application release server acquires initial path information on the fort machine.
The initial path information is the path information of starting the browser by the bastion machine, and the bastion machine sends the initial path information to the application release server.
S15, the fort machine starts the browser according to the initial path information.
When the application issuing server receives an instruction of starting the browser by the fort machine, the fort machine starts the browser according to the received initial path information and the standard configuration file so as to complete the configuration of the action flow of the browser. When an operation and maintenance person starts the browser through the fort machine, the fort machine directly replaces the browser on the fort machine with a pure browser according to the configured action flow, the accuracy degree of the fort machine configuration action flow affected by the plug-in the browser is reduced, and therefore the stability of the action flow is improved.
In one embodiment, considering that when an operation and maintenance person performs operation and maintenance operation, the fort machine calls the browser to replace the browser on the fort machine with a pure browser through an action flow, the pure browser is a browser without a plug-in, paths of user data of the fort machine for calling the browser each time are the same, and in order to ensure that the user data of the browser called by the fort machine last time does not influence the fort machine for calling the browser next time, the starting paths of the user data of the browser called by the fort machine each time are required to be distinguished; after the application release server acquires initial path information of user information of the browser on the bastion machine, the application release server acquires current time information of the system, the application release server acquires initial path information of user data of the browser on the bastion machine, the application release server generates action path information through the time information and the initial path information of the system, the action path information is the initial path information plus the time information of the current system, the application release server replaces the initial path information with the action path information, the application release server assigns a starting program of the browser to the initial path information, and the application release server runs the assigned browser by specifying the replaced initial configuration file, so that the browser called by the bastion machine in each time period is different when the bastion machine calls the browser, the fact that the browser called by the bastion machine in each time period is a brand-new browser without user data is ensured, the influence of the browser called by different time periods when the bastion machine calls the browser is reduced, and the stability of calling the browser by the bastion machine is further improved. For example, when the current time is X month X day X point X minutes X seconds X milliseconds, the initial path information of the browser is c\browserdata\chrome, the action path information of the browser is c\browserdata\chrome @ X month @ X day @ X seconds @ @ X seconds @ and @ X seconds @ X milliseconds, and after the application publishing server replaces the initial path information with the action path information, the application publishing server sets a path of the browser to start the user data in a time mode, so that the browser is called each time, and the user data corresponding to the browser are all brand new.
In one embodiment, considering that system parameters are adjusted when the system is operated and maintained, in order to ensure the stable operation of the system, identity information of operation and maintenance personnel needs to be checked; before an application issuing server receives a connection request sent by a fort machine, when the fort machine receives a login instruction, the fort machine acquires login identity information of an operation and maintenance person, the login identity information comprises initial account information and initial password information, the fort machine inquires standard identity information which is the same as the login identity information in a preset standard identity information base, the standard identity information comprises standard account information and standard password information, when the standard identity information which is the same as the login identity information exists in the standard identity information base, the fort machine compares the initial account information with the standard account information and the initial password information with the standard password information respectively, and if the initial account information is the same as the standard account information and the initial password information is the same as the standard password information, the fort machine allows the operation and maintenance person to log in; otherwise, the bastion machine sends prompt information of wrong account numbers and passwords to the bastion machine of the operation and maintenance personnel and sends identity alarm information to the intelligent terminal of the administrator, so that the possibility that illegal personnel log in the bastion machine and make illegal operations is reduced, and the safety performance of the bastion machine is improved. For example, the initial account information of the operation and maintenance personnel is yunwei007, yunwei001-yunwei010 is stored in a preset standard identity information base, whether the registered yunwei007 is the same as the password corresponding to the preset yunwei007 is compared, and when the registered yunwei007 is the same, the operation and maintenance personnel is allowed to log in; otherwise, the prompting information of 'account number password error' is sent to the fort machine of the operation and maintenance personnel, and the alarm information of 'detecting illegal identity login' is sent to the intelligent terminal of the manager.
In one embodiment, in order to ensure the normal operation of the system, an override operation is required in consideration of the extreme condition of the operation and maintenance personnel, and the administrator can modify the authority information of the operation and maintenance personnel; when the authority information of the operation and maintenance personnel needs to be modified, the fort machine firstly acquires the modification operation and maintenance personnel needing to be modified and the modification authority information corresponding to the modification operation and maintenance personnel, the fort machine inquires initial identity information corresponding to the modification operation and maintenance personnel in a preset operation and maintenance personnel library, different operation and maintenance personnel and the initial identity information corresponding to the operation and maintenance personnel are stored in the operation and maintenance personnel library, and the fort machine replaces the initial authority information in the initial identity information corresponding to the operation and maintenance personnel with the modification authority information. For example, the authority information of the operation and maintenance personnel A is in a level 1, the authority information of the operation and maintenance personnel B is in a level 3, when the operation and maintenance personnel B cannot maintain the system due to unreliability, an administrator can acquire the initial authority information in the initial identity information of the operation and maintenance personnel B, and modify the level 1 in the initial authority information into the level 3, so that the operation and maintenance personnel can override under special conditions, and the flexibility of operation and maintenance of the fort machine is improved.
It should be noted that, considering that the operation and maintenance personnel can perform override operation under special conditions, in order to prevent override operation from being performed by the operation and maintenance personnel outside the special conditions, the staff needs to limit the timeliness of modification of the authority information, when the authority information is modified, the bastion machine acquires the change time information, the bastion machine adds the limit time information into the change authority information, and the bastion machine replaces the initial authority information in the initial identity information corresponding to the operation and maintenance personnel with the change authority information; when the initial authority information is identified, the fort machine acquires limiting application information, after receiving a request of operation and maintenance personnel for operation and maintenance, the fort machine starts timing, and when the timing time information reaches the limiting time information, the fort machine replaces the initial authority information after the replacement of the operation and maintenance personnel with the initial authority information before the replacement, so that an administrator can automatically limit the override duration of the operation and maintenance personnel in a mode of adding the limiting time information after the authority of the operation and maintenance personnel is replaced. For example, the administrator replaces level 1 of the initial authority information of the operation and maintenance personnel a with level 3, adds the limit time information 36h, starts timing after receiving the operation and maintenance operation of the operation and replaces the initial authority information of the operation and maintenance personnel from level 3 back to level 1 when the timing time reaches 36 h.
The correspondence between the operation and maintenance personnel and the initial identity information is shown in table 1:
table 1;
in one embodiment, considering that illegal login of an operation and maintenance person may occur, the fort machine needs to verify the identity information of the operation and maintenance person, after the fort machine replaces the initial authority information in the initial identity information corresponding to the operation and maintenance person with the change authority information, the fort machine obtains the initial authority information in the initial identity information corresponding to the operation and maintenance person, the fort machine queries the preset authority information corresponding to the operation and maintenance person in the preset identity authority database, the identity authority database contains different operation and maintenance persons and the preset authority information corresponding to the operation and maintenance person, the fort machine compares the initial authority information with the preset authority information, if the initial authority information is different from the preset authority information, the fort machine sets the initial authority information as the preset authority information and sends the prompt information related to the change of the authority to the intelligent terminal of the manager, so that the manager can timely learn the prompt information of the change of the authority of the operation and maintenance person, after the manager modifies the authority information of the operation and maintenance person, the fort machine can automatically modify the preset information, the manager can reduce the abnormal operation and maintenance person modification authority information, and the stability of the fort machine is improved. For example, the initial authority information in the initial identity information of the operation and maintenance personnel a is level 2, the preset authority information is level 2, after the administrator modifies the initial authority information into level 3, the initial authority level and the preset authority level are compared in the operation process, and after the initial authority level is different from the preset authority level, the preset authority level is replaced by level 3, so that the preset authority information can be modified automatically by the fort.
In one embodiment, considering that the initial identity information of the operation and maintenance personnel is revealed to cause illegal logging of other personnel, then illegal operation is carried out on the fort machine, the fort machine needs to compare logging address information of the operation and maintenance personnel, if the initial account information is identical to the standard account information and the initial password information is identical to the standard password information, the fort machine obtains an actual IP address of the logging fort machine, the fort machine compares the actual IP address with a preset standard IP address, if the actual IP address is different from the preset IP address, the fort machine stores the initial account information into a preset temporary blacklist library, the fort machine sends alarm information matched with the initial account information in the temporary blacklist library to intelligent equipment of an administrator, the possibility that other personnel log in different places and then illegal operation is carried out on the fort machine is reduced, and the fort machine can check the logging IP address information of the operation and maintenance personnel. For example, the actual IP address information of the operation and maintenance person a is 192.168.3.8. The preset IP address information of the operation and maintenance person a is 192.168.30.85, the initial account information of the operation and maintenance person a is stored in a temporary blacklist library, and alarm information such as "detecting that the operation and maintenance person a is illegally logged in" is sent to the intelligent terminal of the staff.
It should be noted that, considering that under special circumstances, the operation and maintenance personnel a can only log in through other address information, the administrator can change and count the actual IP address information and the initial identity information of the operation and maintenance personnel which occur at the same time, if the actual IP address information is different from the standard IP address information, the fort machine counts the number of times that the actual IP address information and the initial identity information of the operation and maintenance personnel occur at the same time, and if the counted number of times is greater than the preset critical number of times, the fort machine stores the actual IP address information and the initial identity information of the operation and maintenance personnel into a preset temporary whitelist library and sends the initial identity information to the intelligent device of the administrator, and after the fort machine receives the confirmation information of the administrator, the fort machine adds the actual IP address information into the standard IP address information, thereby reducing the possibility that the operation and maintenance personnel need to log in different places under special circumstances, and improving the flexibility of fort machine checking the actual IP address information. For example, when the actual IP address information 192.168.22.36 of the operation and maintenance person a is different from the preset IP address information 192.168.88.66, the critical number is set to 5, and the number of times that the initial identity information of the operation and maintenance person a and the actual IP address information 192.168.88.66 appear simultaneously is 6, the initial identity information of the operation and maintenance person a and the actual IP address information 192.168.88.66 are added to the temporary whitelist library, the initial identity information of the operation and maintenance person a and the actual IP address information 192.168.88.66 are sent to the intelligent terminal of the administrator, and when the confirmation information such as "login permission" of the administrator is received, the actual IP address information 192.168.88.66 is added to the standard IP address information 192.168.22.36, so that the standard IP address information is 192.168.22.36 or 192.168.88.66.
The implementation principle of the embodiment of the application is as follows: the administrator firstly configures the action flow of the browser, obtains browser type information, sets a data path of a starting user in a time mode, obtains starting path information, performs assignment operation on the starting path information, uses designated initial configuration file information after receiving a starting instruction, and starts the browser according to the assigned starting path information to ensure that each started browser is a pure browser without plug-ins and containing no user data.
Based on the method, the embodiment of the application also discloses a pure browser calling device.
As shown in fig. 2, the apparatus comprises the following modules:
the browser information acquisition module 201 is configured to, when the application publishing server receives a connection request sent by the fort machine, acquire browser information on the fort machine, where the browser information includes initial type information, initial path information, and initial configuration file information of a browser;
the configuration file obtaining module 202 is configured to obtain configuration file information on the fort machine if a browser type library preset on the application publishing server contains browser type information identical to the initial type information;
the standard configuration obtaining module 203 is configured to send standard configuration file information corresponding to a preset plug-in-free browser corresponding to initial type information of a browser of the fort machine on the application publishing server to the fort machine;
a configuration file replacing module 204, configured to replace the initial configuration file information in the bastion machine with the standard configuration file information by the bastion machine;
the browser starting module 205 is configured to obtain initial path information of a browser on the bastion engine by using the publishing server, where the initial path information is path information of the bastion engine to start the browser;
the embodiment of the application also discloses a computer device.
In particular, the computer device comprises a memory and a processor, the memory storing a computer program that can be loaded by the processor and that executes the clean browser call method described above.
The embodiment of the application also discloses a computer readable storage medium.
Specifically, the computer readable storage medium stores a computer program that can be loaded by a processor and execute the above-described clean browser call method, and includes, for example: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present embodiment is only for explanation of the present invention and is not to be construed as limiting the present invention, and modifications to the present embodiment, which may not creatively contribute to the present invention as required by those skilled in the art after reading the present specification, are all protected by patent laws within the scope of claims of the present invention.

Claims (9)

1. A clean browser invocation method, the method comprising:
when an application release server receives a connection request sent by a fort machine, the application release server acquires browser information on the fort machine, wherein the browser information comprises initial type information, initial path information and initial configuration file information of a browser;
if the browser type library preset on the application release server contains browser type information which is the same as the initial type information, the application release server acquires configuration file information on the fort machine;
acquiring a preset plug-in-free browser corresponding to initial type information of a browser of a fort machine on the application release server;
the application release server acquires standard configuration file information corresponding to the plug-in-free browser and sends the standard configuration file information to the fort machine;
the bastion machine replaces the initial configuration file information in the bastion machine with the standard configuration file information;
the application release server acquires initial path information of a browser on the bastion machine, wherein the initial path information is the path information of starting the browser by the bastion machine;
when the bastion machine starts the browser, the bastion machine starts the browser according to the initial path information acquired by the application release server;
after the application release server obtains the initial path information of the browser on the fort machine, the method further comprises the following steps:
the application release server acquires time information;
the application release server acquires action path information, wherein the action path information comprises initial path information and time information, and the action path information is a path of starting user data set by adopting the time information;
the application issuing server sets the action path information as initial path information;
the application release server acquires the starting path information of the browser on the fort machine;
the application release server assigns values to the starting path information;
the application release server acquires the initial configuration file information, wherein the initial configuration file information is replaced initial configuration file information;
the application release server designates the initial configuration file information, and the bastion machine starts the browser according to the assigned starting path information.
2. The method of claim 1, further comprising, prior to the time when the application publication server receives the connection request sent by the bastion engine:
when the fort machine receives a login instruction, the fort machine acquires initial identity information of operation and maintenance personnel, wherein the initial identity information comprises initial account information and initial password information;
the fort machine queries whether standard identity information which is the same as the initial identity information exists in a preset standard identity information base, wherein the standard identity information comprises standard account information and standard password information;
if the standard identity information which is the same as the initial identity information exists, the fort machine respectively compares the standard account information with the initial account information, the standard password information and the initial password information;
if the initial account information is the same as the standard account information, the initial password information and the standard password information, allowing the operation and maintenance personnel to log in by the bastion machine; otherwise, the fort machine sends prompt information of wrong account numbers and passwords to the fort machine of the operation and maintenance personnel, and sends identity alarm information to the intelligent terminal of the manager.
3. The method according to claim 2, wherein the method further comprises:
the fort machine acquires change operation and maintenance personnel needing to modify the rights and change rights information corresponding to the change operation and maintenance personnel;
inquiring initial identity information corresponding to the change operation personnel in a preset operation personnel library by the fort machine, wherein different operation personnel and initial identity information corresponding to the operation personnel are stored in the operation personnel library;
the fort machine replaces the initial authority information in the initial identity information corresponding to the change operation and maintenance personnel with the change authority information.
4. The method of claim 3, further comprising, after the fort machine replaces the initial rights information in the initial identity information corresponding to the change operation and maintenance person with the change rights information:
the fort machine obtains initial authority information in initial identity information corresponding to the operation and maintenance personnel;
the fort machine queries preset authority information corresponding to operation and maintenance personnel in a preset identity authority database, wherein the identity authority database comprises different operation and maintenance personnel and preset authority information corresponding to the operation and maintenance personnel;
the fort machine compares the initial authority information with preset authority information;
if the initial authority information is different from the preset authority information, the fort machine sets the initial authority information as the preset authority information and sends prompt information of authority change related to operation and maintenance personnel to an intelligent terminal of an administrator.
5. The method of claim 4, further comprising, after the fort machine compares the standard identity information with the preset identity information:
the fort machine acquires the actual IP address information of the fort machine;
comparing the actual IP address information with preset standard IP address information by the fort machine;
if the actual IP address information is different from the standard IP address information, the fort machine stores the initial account information into a preset temporary blacklist library, and the fort machine sends alarm information matched with the initial account information in the temporary blacklist library to intelligent equipment of an administrator.
6. The method of claim 5, further comprising, prior to the fort storing the initial account information in a pre-set temporary blacklist repository:
counting the number of times that the actual IP address and the initial identity information of the operation and maintenance personnel occur simultaneously by the fort machine;
comparing the counted times with preset critical times by the fort machine;
if the counted times are greater than the critical times, the fort stores the actual IP address and the initial identity information of the operation and maintenance personnel into a preset temporary white list library and sends the information to intelligent equipment of an administrator;
when the confirmation information of the administrator is received, the fort adds the actual IP address to the standard IP address information.
7. A clean browser invocation system, the system comprising:
the system comprises a browser information acquisition module (201) and a control module, wherein the browser information acquisition module is used for acquiring browser information on a fort machine when an application release server receives a connection request sent by the fort machine, and the browser information comprises initial type information, initial path information and initial configuration file information of a browser;
the configuration file acquisition module (202) is used for acquiring the configuration file information on the fort machine if the browser type information which is the same as the initial type information is contained in a browser type library preset on the application release server;
the standard configuration acquisition module (203) is used for sending standard configuration file information corresponding to a preset plug-in-free browser corresponding to initial type information of a browser of the fort machine on the application release server to the fort machine;
a configuration file replacing module (204) for the bastion machine to replace the initial configuration file information in the bastion machine with the standard configuration file information;
the browser starting module (205) is used for acquiring initial path information of a browser on the bastion machine by the application publishing server, wherein the initial path information is the path information of the browser started by the bastion machine; the application release server is also used for acquiring time information after the application release server acquires the initial path information of the browser on the fort machine; the application release server acquires action path information, wherein the action path information comprises initial path information and time information, and the action path information is a path of starting user data set by adopting the time information; the application issuing server sets the action path information as initial path information; the application release server acquires the starting path information of the browser on the fort machine; the application release server assigns values to the starting path information; the application release server acquires the initial configuration file information, wherein the initial configuration file information is replaced initial configuration file information; the application release server designates the initial configuration file information, and the bastion machine starts the browser according to the assigned starting path information.
8. A computer device comprising a memory and a processor, the memory having stored thereon a computer program capable of being loaded by the processor and performing the method according to any of claims 1 to 6.
9. A computer readable storage medium, characterized in that a computer program is stored which can be loaded by a processor and which performs the method according to any of claims 1 to 6.
CN202210149641.8A 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium Active CN114584609B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210149641.8A CN114584609B (en) 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210149641.8A CN114584609B (en) 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114584609A CN114584609A (en) 2022-06-03
CN114584609B true CN114584609B (en) 2024-02-27

Family

ID=81770755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210149641.8A Active CN114584609B (en) 2022-02-18 2022-02-18 Pure browser calling method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114584609B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219330A (en) * 2014-09-29 2014-12-17 北京神州绿盟信息安全科技股份有限公司 Method and system for auditing screen record based on WEB proxy
CN112838951A (en) * 2020-12-31 2021-05-25 恒安嘉新(北京)科技股份公司 Operation and maintenance method, device and system of terminal equipment and storage medium
CN112954040A (en) * 2021-02-04 2021-06-11 深圳融安网络科技有限公司 Method, system, device and storage medium for embedding application release server
CN113961892A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Account security control method and system, readable storage medium and computer equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219330A (en) * 2014-09-29 2014-12-17 北京神州绿盟信息安全科技股份有限公司 Method and system for auditing screen record based on WEB proxy
CN112838951A (en) * 2020-12-31 2021-05-25 恒安嘉新(北京)科技股份公司 Operation and maintenance method, device and system of terminal equipment and storage medium
CN112954040A (en) * 2021-02-04 2021-06-11 深圳融安网络科技有限公司 Method, system, device and storage medium for embedding application release server
CN113961892A (en) * 2021-11-04 2022-01-21 杭州安恒信息技术股份有限公司 Account security control method and system, readable storage medium and computer equipment

Also Published As

Publication number Publication date
CN114584609A (en) 2022-06-03

Similar Documents

Publication Publication Date Title
CN107196951A (en) The implementation method and firewall system of a kind of HDFS systems fire wall
US8943575B2 (en) Method and system for policy simulation
CN103701795B (en) The recognition methods of the attack source of Denial of Service attack and device
CN102624677B (en) Method and server for monitoring network user behavior
CN110417778B (en) Access request processing method and device
CN105939326A (en) Message processing method and device
CN111639314B (en) Container login system, method, server and storage medium
CN111404937B (en) Method and device for detecting server vulnerability
CN106339629A (en) Application management method and device
CN107124420A (en) Auth method and device
CN108667802B (en) Method and system for monitoring power application network security
CN115701019A (en) Access request processing method and device of zero trust network and electronic equipment
CN113961940A (en) Override detection method and device based on authority dynamic update mechanism
CN115242546A (en) Industrial control system access control method based on zero trust architecture
CN109409113A (en) A kind of electric network data safety protecting method and distributed power grid data safety guard system
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
KR101823421B1 (en) Apparatus and method for securiting network based on whithlist
KR101768942B1 (en) System and method for secure authentication to user access
CN114584609B (en) Pure browser calling method, device, equipment and storage medium
CN105791308B (en) Method, device and system for actively identifying domain user login event information
CN116708033B (en) Terminal security detection method and device, electronic equipment and storage medium
JP2006146600A (en) Operation monitoring server, terminal apparatus and operation monitoring system
CN116522308A (en) Database account hosting method, device, computer equipment and storage medium
CN110958236A (en) Dynamic authorization method of operation and maintenance auditing system based on risk factor insight
CN114189383B (en) Method, apparatus, electronic device, medium and computer program product for blocking

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant