CN115314241A - Method for realizing enterprise WeChat access data platform - Google Patents
Method for realizing enterprise WeChat access data platform Download PDFInfo
- Publication number
- CN115314241A CN115314241A CN202210717347.2A CN202210717347A CN115314241A CN 115314241 A CN115314241 A CN 115314241A CN 202210717347 A CN202210717347 A CN 202210717347A CN 115314241 A CN115314241 A CN 115314241A
- Authority
- CN
- China
- Prior art keywords
- data
- access
- user
- packet
- data platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
- H04L41/0253—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for realizing an enterprise WeChat access data platform. The method comprises the steps of building an intranet data platform; when a user logs in the enterprise WeChat, the enterprise WeChat performs identity authentication and authorization on the user; a user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned; finding an internal private IP address corresponding to the target IP packet according to an address mapping relation table established by the NAT Gateway so as to access application interface data externally provided by an internal data platform; and the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return the data in the authority range. The invention greatly improves the convenience and meets the access requirement of the user to the mobile terminal, and the safety of internal and external network access is further ensured according to different contents which can be accessed by the user according to the authority level of the user.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method for realizing an enterprise WeChat access data platform.
Background
The data platform is a unified management platform for internal and external data of an enterprise, and only allows a company user to access the data by using an intranet. This way greatly limits the operation and use of the user. In order to increase the flexible use of the data platform by the company user, not limited by the place and time, and improve the efficiency, the access through the external network is considered. However, there is a certain risk in accessing through an external network, so it is very critical to take effective measures to further improve the network information transmission security. Currently, the main technical method for accessing a company data platform through an external network in the market is to access data through a VPN. Through VPN access, the login process is complex, and the method is mainly suitable for PC end users, and is particularly troublesome for external users to access the data platform.
Disclosure of Invention
The invention aims to provide a method for realizing an enterprise WeChat access data platform aiming at the defects in the prior art.
In order to achieve the above object, the present invention provides a method for implementing an enterprise WeChat Access data platform, comprising:
an intranet data platform is set up to provide an access entrance to the outside;
when a user logs in the enterprise WeChat, the enterprise WeChat performs identity authentication and authorization on the user;
a user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned;
finding an internal private IP address corresponding to the target IP packet according to an address mapping relation table established by the NAT Gateway so as to access application interface data externally provided by an internal data platform;
the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return data in the authority range;
the internal data platform generates a return IP packet from the data in the authority range, and the NAT Gateway converts a source IP in the return IP packet into a public IP of the NAT Gateway and forwards the public IP to a public network;
the public network receives the converted returned IP packet and makes a response, and sends out a response IP packet;
and the response IP packet is sent to the NAT Gateway and is sent to the corresponding internal address through the rule.
Further, the establishing of the intranet data platform specifically includes:
source data access;
performing full storage and backup on all accessed source data;
building a data warehouse to model, summarize and process the data;
building a data application market;
and establishing an external application service system.
Further, the source data comprises production data, log data and third party data.
Further, the external application service system comprises a report system and an ad hoc query system.
Has the beneficial effects that: 1. according to the invention, the data platform is embedded into the enterprise WeChat, so that a user can check and access the intranet data platform without being limited by the field and time, and the convenience is greatly improved;
2. according to the invention, the access of the original pc end is transferred to the access of the mobile end, so that an access channel is increased, and the access requirement of a user on the mobile end is greatly met;
3. according to the scheme, multiple security strategies such as identity authentication, WAF and the like are carried out on the access users, the permission levels are set for different access users, the contents which can be accessed by each user according to the permission levels are different, and the security of internal and external network access is further guaranteed.
Drawings
FIG. 1 is a schematic diagram of an implementation method of an enterprise WeChat Access data platform according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of the construction of an intranet data platform.
Detailed Description
The present invention will be further illustrated with reference to the accompanying drawings and specific examples, which are carried out on the premise of the technical solution of the present invention, and it should be understood that these examples are only for illustrating the present invention and are not intended to limit the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an implementation method of an enterprise micro-letter access data platform, including:
and constructing an intranet data platform to provide an access entrance to the outside. Referring to fig. 2, the establishing of the intranet data platform specifically includes:
and accessing source data. The source data comprises production data, log data, third-party data and the like, and all the data are collected and fused.
And performing full storage and backup on all accessed source data.
And building a data warehouse to model, summarize and process the data.
And (5) building a data application market.
And establishing an external application service system. The external application service system comprises a report system and an ad hoc inquiry system or other application systems, and an access entrance is provided for the outside through the application service systems.
The network of the enterprise WeChat is a public network, and a public IP address is used. The data platform uses a private network and uses a private IP address, and the private address cannot be routed in a public network.
When the user logs in the enterprise WeChat, the enterprise WeChat authenticates and authorizes the user.
And the user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned. A plurality of safety rules are built in the WAF, feature matching is carried out through feature extraction and block retrieval technologies, and HTTP access is protected. The method can protect common SQL injection, XSS, webpage tampering, middleware bugs and the like.
And finding an internal private IP address corresponding to the target IP packet according to an address mapping relation table established by the NAT Gateway so as to access application interface data externally provided by the internal data platform. When the interior needs to communicate with the external network, the private IP and the global IP are mutually converted at the gateway, the conversion rule refers to the NAT table mapping table, the record in the NAT table is dynamic, if the intranet host does not communicate with the external network within a certain time, the IP address mapping relation related to the intranet host is deleted, and the global IP address is allocated to a new IP data packet for use, so that a new NAT table mapping record is formed. The flow can be uniformly distributed to a plurality of links by adopting a balancing technology, the condition that one link is congested and other links are idle is avoided, and the performance and the availability of network services (such as HTTP and FTP) are improved.
And the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return data in the authority range.
And the internal data platform generates a return IP packet from the data in the authority range, and the NAT Gateway converts the source IP in the return IP packet into the public IP of the NAT Gateway and forwards the public IP to the public network. At this time, the converted IP packet does not contain any information of the private network IP.
The public network receives the converted return IP packet and makes a response, and sends out a response IP packet.
The response IP packet is sent to the NAT Gateway and sent to the corresponding internal address by the rule.
Thereby completing two-party transparent communication. If the request packet sent by the intranet host does not pass through the NAT, when the Web Server receives the request packet, the destination address in the replied response packet is the private network IP address, and the destination address cannot be correctly sent on the Internet, which may result in a connection failure.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that other parts not specifically described are within the prior art or common general knowledge to those of ordinary skill in the art. Without departing from the principle of the invention, several improvements and modifications can be made, and these improvements and modifications should also be construed as the scope of the invention.
Claims (4)
1. An implementation method of an enterprise WeChat Access data platform is characterized by comprising the following steps:
an intranet data platform is set up to provide an access entrance to the outside;
when a user logs in the enterprise WeChat, the enterprise WeChat performs identity authentication and authorization on the user;
a user initiates an access request, WAF safety detection is carried out by using an external server, if the WAF safety detection is passed, a target IP packet is sent by the external server, otherwise, a request error is returned;
according to an address mapping relation table established by the NAT Gateway, finding an internal private IP address corresponding to the target IP packet so as to access application interface data provided by an internal data platform;
the internal data platform performs level matching on the content to be accessed according to the authority level corresponding to the user identity so as to return data in the authority range;
the internal data platform generates a return IP packet from the data in the authority range, and the NAT Gateway converts a source IP in the return IP packet into a public IP of the NAT Gateway and forwards the public IP to a public network;
the public network receives the converted returned IP packet and makes a response, and sends out a response IP packet;
and the response IP packet is sent to the NAT Gateway and is sent to the corresponding internal address through the rule.
2. The method for implementing the enterprise WeChat Access data platform according to claim 1, wherein the building of the intranet data platform specifically comprises:
source data access;
performing full storage and backup on all accessed source data;
building a data warehouse to model, summarize and process the data;
building a data application market;
and establishing an external application service system.
3. The method as claimed in claim 2, wherein the source data includes production data, log data and third party data.
4. The method as claimed in claim 2, wherein the outbound application service system includes a reporting system and an ad hoc query system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210717347.2A CN115314241A (en) | 2022-06-23 | 2022-06-23 | Method for realizing enterprise WeChat access data platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210717347.2A CN115314241A (en) | 2022-06-23 | 2022-06-23 | Method for realizing enterprise WeChat access data platform |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115314241A true CN115314241A (en) | 2022-11-08 |
Family
ID=83854399
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210717347.2A Pending CN115314241A (en) | 2022-06-23 | 2022-06-23 | Method for realizing enterprise WeChat access data platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115314241A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108108956A (en) * | 2017-12-24 | 2018-06-01 | 合肥智圣新创信息技术有限公司 | A kind of wechat enterprise platform office system and office procedure |
CN109034720A (en) * | 2018-06-08 | 2018-12-18 | 山东电力调度控制中心 | A kind of mobile oa platform and device suitable for power scheduling service management |
CN109040182A (en) * | 2018-06-26 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of service access method and device, electronic equipment, storage medium |
CN112329031A (en) * | 2020-10-27 | 2021-02-05 | 国网福建省电力有限公司信息通信分公司 | Data authority control system based on data center |
CN113496002A (en) * | 2020-04-03 | 2021-10-12 | 南京南瑞信息通信科技有限公司 | Mobile application platform based on mobile middle station |
-
2022
- 2022-06-23 CN CN202210717347.2A patent/CN115314241A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108108956A (en) * | 2017-12-24 | 2018-06-01 | 合肥智圣新创信息技术有限公司 | A kind of wechat enterprise platform office system and office procedure |
CN109034720A (en) * | 2018-06-08 | 2018-12-18 | 山东电力调度控制中心 | A kind of mobile oa platform and device suitable for power scheduling service management |
CN109040182A (en) * | 2018-06-26 | 2018-12-18 | 腾讯科技(深圳)有限公司 | A kind of service access method and device, electronic equipment, storage medium |
CN113496002A (en) * | 2020-04-03 | 2021-10-12 | 南京南瑞信息通信科技有限公司 | Mobile application platform based on mobile middle station |
CN112329031A (en) * | 2020-10-27 | 2021-02-05 | 国网福建省电力有限公司信息通信分公司 | Data authority control system based on data center |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11882144B2 (en) | Rule-based assignment of criticality scores to assets and generation of a criticality rules table | |
US8909792B2 (en) | Method, system, and computer program product for identifying and tracking social identities | |
CN108173850A (en) | A kind of identity authorization system and identity identifying method based on block chain intelligence contract | |
CN109921944B (en) | Network boundary control method and device for industrial internet | |
US8910261B2 (en) | Radius policy multiple authenticator support | |
US10305934B2 (en) | Identity based domain name system (DNS) caching with security as a service (SecaaS) | |
CN103634786A (en) | Method and system for security detection and repair of wireless network | |
CN105162768A (en) | Method and device for detecting phishing Wi-Fi hotspots | |
TWI674780B (en) | Network service system and network service method | |
US20160277417A1 (en) | Method and apparatus for communication number update | |
US8272043B2 (en) | Firewall control system | |
KR101252787B1 (en) | Security management system with multiple gateway servers and method thereof | |
US20130244622A1 (en) | Method and System for Transferring Mobile Device Contact Information | |
US20200213856A1 (en) | Method and a device for security monitoring of a wifi network | |
US11457046B2 (en) | Distributed network resource security access management system and user portal | |
US20200267146A1 (en) | Network analytics for network security enforcement | |
Pauley et al. | Measuring and mitigating the risk of ip reuse on public clouds | |
US20230370465A1 (en) | Borrower privacy enhancement for shared-line solutions | |
CN115314241A (en) | Method for realizing enterprise WeChat access data platform | |
WO2024016593A1 (en) | Edge node access method and apparatus | |
CN113194088B (en) | Access interception method, device, log server and computer readable storage medium | |
US10992644B2 (en) | Network security system and method thereof | |
US20180220477A1 (en) | Mobile communication system and pre-authentication filters | |
Dincer et al. | Big data security: Requirements, challenges and preservation of private data inside mobile operators | |
CN115913583A (en) | Business data access method, device and equipment and computer storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |