CN115314241A - Method for realizing enterprise WeChat access data platform - Google Patents

Method for realizing enterprise WeChat access data platform Download PDF

Info

Publication number
CN115314241A
CN115314241A CN202210717347.2A CN202210717347A CN115314241A CN 115314241 A CN115314241 A CN 115314241A CN 202210717347 A CN202210717347 A CN 202210717347A CN 115314241 A CN115314241 A CN 115314241A
Authority
CN
China
Prior art keywords
data
access
user
packet
data platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210717347.2A
Other languages
Chinese (zh)
Inventor
池雪花
王宗力
张宁
张伶俐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Financial Leasing Co ltd
Original Assignee
Jiangsu Financial Leasing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Financial Leasing Co ltd filed Critical Jiangsu Financial Leasing Co ltd
Priority to CN202210717347.2A priority Critical patent/CN115314241A/en
Publication of CN115314241A publication Critical patent/CN115314241A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0246Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
    • H04L41/0253Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method for realizing an enterprise WeChat access data platform. The method comprises the steps of building an intranet data platform; when a user logs in the enterprise WeChat, the enterprise WeChat performs identity authentication and authorization on the user; a user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned; finding an internal private IP address corresponding to the target IP packet according to an address mapping relation table established by the NAT Gateway so as to access application interface data externally provided by an internal data platform; and the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return the data in the authority range. The invention greatly improves the convenience and meets the access requirement of the user to the mobile terminal, and the safety of internal and external network access is further ensured according to different contents which can be accessed by the user according to the authority level of the user.

Description

Method for realizing enterprise WeChat access data platform
Technical Field
The invention relates to the technical field of computers, in particular to a method for realizing an enterprise WeChat access data platform.
Background
The data platform is a unified management platform for internal and external data of an enterprise, and only allows a company user to access the data by using an intranet. This way greatly limits the operation and use of the user. In order to increase the flexible use of the data platform by the company user, not limited by the place and time, and improve the efficiency, the access through the external network is considered. However, there is a certain risk in accessing through an external network, so it is very critical to take effective measures to further improve the network information transmission security. Currently, the main technical method for accessing a company data platform through an external network in the market is to access data through a VPN. Through VPN access, the login process is complex, and the method is mainly suitable for PC end users, and is particularly troublesome for external users to access the data platform.
Disclosure of Invention
The invention aims to provide a method for realizing an enterprise WeChat access data platform aiming at the defects in the prior art.
In order to achieve the above object, the present invention provides a method for implementing an enterprise WeChat Access data platform, comprising:
an intranet data platform is set up to provide an access entrance to the outside;
when a user logs in the enterprise WeChat, the enterprise WeChat performs identity authentication and authorization on the user;
a user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned;
finding an internal private IP address corresponding to the target IP packet according to an address mapping relation table established by the NAT Gateway so as to access application interface data externally provided by an internal data platform;
the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return data in the authority range;
the internal data platform generates a return IP packet from the data in the authority range, and the NAT Gateway converts a source IP in the return IP packet into a public IP of the NAT Gateway and forwards the public IP to a public network;
the public network receives the converted returned IP packet and makes a response, and sends out a response IP packet;
and the response IP packet is sent to the NAT Gateway and is sent to the corresponding internal address through the rule.
Further, the establishing of the intranet data platform specifically includes:
source data access;
performing full storage and backup on all accessed source data;
building a data warehouse to model, summarize and process the data;
building a data application market;
and establishing an external application service system.
Further, the source data comprises production data, log data and third party data.
Further, the external application service system comprises a report system and an ad hoc query system.
Has the beneficial effects that: 1. according to the invention, the data platform is embedded into the enterprise WeChat, so that a user can check and access the intranet data platform without being limited by the field and time, and the convenience is greatly improved;
2. according to the invention, the access of the original pc end is transferred to the access of the mobile end, so that an access channel is increased, and the access requirement of a user on the mobile end is greatly met;
3. according to the scheme, multiple security strategies such as identity authentication, WAF and the like are carried out on the access users, the permission levels are set for different access users, the contents which can be accessed by each user according to the permission levels are different, and the security of internal and external network access is further guaranteed.
Drawings
FIG. 1 is a schematic diagram of an implementation method of an enterprise WeChat Access data platform according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of the construction of an intranet data platform.
Detailed Description
The present invention will be further illustrated with reference to the accompanying drawings and specific examples, which are carried out on the premise of the technical solution of the present invention, and it should be understood that these examples are only for illustrating the present invention and are not intended to limit the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an implementation method of an enterprise micro-letter access data platform, including:
and constructing an intranet data platform to provide an access entrance to the outside. Referring to fig. 2, the establishing of the intranet data platform specifically includes:
and accessing source data. The source data comprises production data, log data, third-party data and the like, and all the data are collected and fused.
And performing full storage and backup on all accessed source data.
And building a data warehouse to model, summarize and process the data.
And (5) building a data application market.
And establishing an external application service system. The external application service system comprises a report system and an ad hoc inquiry system or other application systems, and an access entrance is provided for the outside through the application service systems.
The network of the enterprise WeChat is a public network, and a public IP address is used. The data platform uses a private network and uses a private IP address, and the private address cannot be routed in a public network.
When the user logs in the enterprise WeChat, the enterprise WeChat authenticates and authorizes the user.
And the user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned. A plurality of safety rules are built in the WAF, feature matching is carried out through feature extraction and block retrieval technologies, and HTTP access is protected. The method can protect common SQL injection, XSS, webpage tampering, middleware bugs and the like.
And finding an internal private IP address corresponding to the target IP packet according to an address mapping relation table established by the NAT Gateway so as to access application interface data externally provided by the internal data platform. When the interior needs to communicate with the external network, the private IP and the global IP are mutually converted at the gateway, the conversion rule refers to the NAT table mapping table, the record in the NAT table is dynamic, if the intranet host does not communicate with the external network within a certain time, the IP address mapping relation related to the intranet host is deleted, and the global IP address is allocated to a new IP data packet for use, so that a new NAT table mapping record is formed. The flow can be uniformly distributed to a plurality of links by adopting a balancing technology, the condition that one link is congested and other links are idle is avoided, and the performance and the availability of network services (such as HTTP and FTP) are improved.
And the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return data in the authority range.
And the internal data platform generates a return IP packet from the data in the authority range, and the NAT Gateway converts the source IP in the return IP packet into the public IP of the NAT Gateway and forwards the public IP to the public network. At this time, the converted IP packet does not contain any information of the private network IP.
The public network receives the converted return IP packet and makes a response, and sends out a response IP packet.
The response IP packet is sent to the NAT Gateway and sent to the corresponding internal address by the rule.
Thereby completing two-party transparent communication. If the request packet sent by the intranet host does not pass through the NAT, when the Web Server receives the request packet, the destination address in the replied response packet is the private network IP address, and the destination address cannot be correctly sent on the Internet, which may result in a connection failure.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that other parts not specifically described are within the prior art or common general knowledge to those of ordinary skill in the art. Without departing from the principle of the invention, several improvements and modifications can be made, and these improvements and modifications should also be construed as the scope of the invention.

Claims (4)

1. An implementation method of an enterprise WeChat Access data platform is characterized by comprising the following steps:
an intranet data platform is set up to provide an access entrance to the outside;
when a user logs in the enterprise WeChat, the enterprise WeChat performs identity authentication and authorization on the user;
a user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned;
according to an address mapping relation table established by the NAT Gateway, finding an internal private IP address corresponding to the target IP packet so as to access application interface data provided by an internal data platform;
the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return data in the authority range;
the internal data platform generates a return IP packet from the data in the authority range, and the NAT Gateway converts a source IP in the return IP packet into a public IP of the NAT Gateway and forwards the public IP to a public network;
the public network receives the converted returned IP packet and makes a response, and sends out a response IP packet;
and the response IP packet is sent to the NAT Gateway and is sent to the corresponding internal address through the rule.
2. The method for implementing the enterprise WeChat Access data platform according to claim 1, wherein the building of the intranet data platform specifically comprises:
source data access;
performing full storage and backup on all accessed source data;
building a data warehouse to model, summarize and process the data;
building a data application market;
and establishing an external application service system.
3. The method as claimed in claim 2, wherein the source data includes production data, log data and third party data.
4. The method as claimed in claim 2, wherein the outbound application service system includes a reporting system and an ad hoc query system.
CN202210717347.2A 2022-06-23 2022-06-23 Method for realizing enterprise WeChat access data platform Pending CN115314241A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210717347.2A CN115314241A (en) 2022-06-23 2022-06-23 Method for realizing enterprise WeChat access data platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210717347.2A CN115314241A (en) 2022-06-23 2022-06-23 Method for realizing enterprise WeChat access data platform

Publications (1)

Publication Number Publication Date
CN115314241A true CN115314241A (en) 2022-11-08

Family

ID=83854399

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210717347.2A Pending CN115314241A (en) 2022-06-23 2022-06-23 Method for realizing enterprise WeChat access data platform

Country Status (1)

Country Link
CN (1) CN115314241A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108956A (en) * 2017-12-24 2018-06-01 合肥智圣新创信息技术有限公司 A kind of wechat enterprise platform office system and office procedure
CN109034720A (en) * 2018-06-08 2018-12-18 山东电力调度控制中心 A kind of mobile oa platform and device suitable for power scheduling service management
CN109040182A (en) * 2018-06-26 2018-12-18 腾讯科技(深圳)有限公司 A kind of service access method and device, electronic equipment, storage medium
CN112329031A (en) * 2020-10-27 2021-02-05 国网福建省电力有限公司信息通信分公司 Data authority control system based on data center
CN113496002A (en) * 2020-04-03 2021-10-12 南京南瑞信息通信科技有限公司 Mobile application platform based on mobile middle station

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108956A (en) * 2017-12-24 2018-06-01 合肥智圣新创信息技术有限公司 A kind of wechat enterprise platform office system and office procedure
CN109034720A (en) * 2018-06-08 2018-12-18 山东电力调度控制中心 A kind of mobile oa platform and device suitable for power scheduling service management
CN109040182A (en) * 2018-06-26 2018-12-18 腾讯科技(深圳)有限公司 A kind of service access method and device, electronic equipment, storage medium
CN113496002A (en) * 2020-04-03 2021-10-12 南京南瑞信息通信科技有限公司 Mobile application platform based on mobile middle station
CN112329031A (en) * 2020-10-27 2021-02-05 国网福建省电力有限公司信息通信分公司 Data authority control system based on data center

Similar Documents

Publication Publication Date Title
US11882144B2 (en) Rule-based assignment of criticality scores to assets and generation of a criticality rules table
US8909792B2 (en) Method, system, and computer program product for identifying and tracking social identities
CN108173850A (en) A kind of identity authorization system and identity identifying method based on block chain intelligence contract
CN109921944B (en) Network boundary control method and device for industrial internet
US8910261B2 (en) Radius policy multiple authenticator support
US10305934B2 (en) Identity based domain name system (DNS) caching with security as a service (SecaaS)
CN103634786A (en) Method and system for security detection and repair of wireless network
CN105162768A (en) Method and device for detecting phishing Wi-Fi hotspots
TWI674780B (en) Network service system and network service method
US20160277417A1 (en) Method and apparatus for communication number update
US8272043B2 (en) Firewall control system
KR101252787B1 (en) Security management system with multiple gateway servers and method thereof
US20130244622A1 (en) Method and System for Transferring Mobile Device Contact Information
US20200213856A1 (en) Method and a device for security monitoring of a wifi network
US11457046B2 (en) Distributed network resource security access management system and user portal
US20200267146A1 (en) Network analytics for network security enforcement
Pauley et al. Measuring and mitigating the risk of ip reuse on public clouds
US20230370465A1 (en) Borrower privacy enhancement for shared-line solutions
CN115314241A (en) Method for realizing enterprise WeChat access data platform
WO2024016593A1 (en) Edge node access method and apparatus
CN113194088B (en) Access interception method, device, log server and computer readable storage medium
US10992644B2 (en) Network security system and method thereof
US20180220477A1 (en) Mobile communication system and pre-authentication filters
Dincer et al. Big data security: Requirements, challenges and preservation of private data inside mobile operators
CN115913583A (en) Business data access method, device and equipment and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination