CN115567297A - Cross-site request data processing method and device - Google Patents

Cross-site request data processing method and device Download PDF

Info

Publication number
CN115567297A
CN115567297A CN202211176961.9A CN202211176961A CN115567297A CN 115567297 A CN115567297 A CN 115567297A CN 202211176961 A CN202211176961 A CN 202211176961A CN 115567297 A CN115567297 A CN 115567297A
Authority
CN
China
Prior art keywords
cross
data processing
site request
request
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211176961.9A
Other languages
Chinese (zh)
Inventor
李博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202211176961.9A priority Critical patent/CN115567297A/en
Publication of CN115567297A publication Critical patent/CN115567297A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/306Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Abstract

The embodiment of the application provides a cross-station request data processing method and a device, wherein the method comprises the following steps: receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp; decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to a corresponding server back end after the verification is passed; the method and the device can accurately identify all requests of the user, intercept forged requests and improve system safety.

Description

Cross-site request data processing method and device
Technical Field
The present application relates to the field of data processing, and in particular, to a method and an apparatus for processing cross-site request data.
Background
CSRF (Cross-site request forger), also known as: one click attach/session attachment, chinese name: cross-site request forgery, abbreviated: CSRF/XSRF. The method is an attack method for restraining the user from executing the unintended operation on the currently logged-in Web application program. For example, an attacker induces a victim to enter a third-party website, and in the third-party website, a cross-site request is sent to an attacked website. The registration certificate acquired by the victim at the attacked website is utilized to bypass the user verification of the background, so that the purpose of impersonating the user to execute certain operation on the attacked website is achieved.
Disclosure of Invention
Aiming at the problems in the prior art, the application provides a cross-site request data processing method and device, which can accurately identify all requests of a user, intercept forged requests and improve the system security.
In order to solve at least one of the above problems, the present application provides the following technical solutions:
in a first aspect, the present application provides a cross-site request data processing method, including:
receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed.
Further, the verifying the result of the decryption includes:
acquiring a pre-stored random number from the corresponding server back end;
and carrying out random number value verification on the decrypted result according to the random number.
Further, the verifying the decrypted result includes:
acquiring a system time stamp from the back end of the corresponding server;
and judging whether the time difference value between the time stamp contained in the decryption result and the system time stamp exceeds a threshold value.
Further, the verifying the decrypted result includes:
acquiring a user request record from the back end of a corresponding server;
and judging whether the user request record contains the user identification contained in the decrypted result.
In a second aspect, the present application provides a cross-site request data processing apparatus, including:
the request analysis module is used for receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
and the token checking module is used for decrypting the encrypted token, checking the decrypted result, and forwarding the cross-site request to the corresponding server back end after the check is passed.
Further, the token checking module includes:
a random number obtaining unit, configured to obtain a pre-stored random number from a corresponding server backend;
and the random number verification unit is used for performing random number value verification on the decrypted result according to the random number.
Further, the token checking module includes:
the timestamp acquisition unit is used for acquiring a system timestamp from the corresponding server back end;
and the time stamp checking unit is used for judging whether the time difference value between the time stamp contained in the decryption result and the system time stamp exceeds a threshold value or not.
Further, the token checking module includes:
a request record obtaining unit, configured to obtain a user request record from a corresponding server back end;
and the request record checking unit is used for judging whether the user request record contains the user identifier contained in the decrypted result.
In a third aspect, the present application provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the cross-station request data processing method when executing the program.
In a fourth aspect, the present application provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the cross-site request data processing method.
In a fifth aspect, the present application provides a computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the cross-site request data processing method.
According to the technical scheme, the cross-site request data processing method and device are provided, and an encrypted token contained in a cross-site request header is obtained by receiving a cross-site request sent by a client and performing request analysis, wherein the encrypted token contains a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed, so that all requests of the user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart illustrating a cross-site request data processing method according to an embodiment of the present application;
FIG. 2 is a second flowchart illustrating a cross-site request data processing method according to an embodiment of the present application;
FIG. 3 is a third flowchart illustrating a cross-site request data processing method according to an embodiment of the present application;
FIG. 4 is a fourth flowchart illustrating a cross-site request data processing method according to an embodiment of the present application;
FIG. 5 is a block diagram of one embodiment of a cross-site request data processing apparatus;
FIG. 6 is a second block diagram of a cross-site request data processing apparatus according to an embodiment of the present application;
FIG. 7 is a third block diagram of a cross-site request data processing apparatus according to an embodiment of the present application;
FIG. 8 is a fourth block diagram of a cross-site request data processing apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
According to the technical scheme, the data acquisition, storage, use, processing and the like meet relevant regulations of national laws and regulations.
In view of the problems in the prior art, the application provides a method and a device for processing cross-site request data, which are used for obtaining an encrypted token contained in a cross-site request header by receiving a cross-site request sent by a client and performing request analysis, wherein the encrypted token contains a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed, so that all requests of the user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
In order to accurately identify all requests of a user, intercept forged requests, and improve system security, the present application provides an embodiment of a cross-site request data processing method, which specifically includes the following contents, with reference to fig. 1:
step S101: and receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in the cross-site request header, wherein the encrypted token contains a random number and a timestamp.
Step S102: and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed.
Optionally, a token format needs to be agreed by the front end and the back end of the application, a random token is generated by the front end for each request according to the format and is placed in a request header, the background server intercepts each request, obtains the random token, analyzes and verifies the token, and the tokens which do not meet the requirements can be regarded as illegal access and are intercepted.
Specifically, the client module of the present application may generate a random token, place the token in an HTTP Request Header, and initiate a Request to a background, and then, the token authentication module of the present application. And receiving a front-end request, acquiring the random token, and analyzing and verifying the token. And if the token verification is passed, the request is released, otherwise, the request is intercepted, and then, the background service module of the application is used. And receiving the request to process the related service and returning the result.
As can be seen from the above description, the cross-site request data processing method provided in the embodiment of the present application can obtain the encrypted token included in the cross-site request header by receiving the cross-site request sent by the client and performing request analysis, where the encrypted token includes a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed, so that all requests of the user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
In an embodiment of the cross-site request data processing method of the present application, referring to fig. 2, the following may be further specifically included:
step S201: and acquiring a pre-stored random number from the back end of the corresponding server.
Step S202: and carrying out random number value verification on the decrypted result according to the random number.
In an embodiment of the cross-site request data processing method of the present application, referring to fig. 3, the following may be further included:
step S301: and acquiring the system time stamp from the corresponding server back end.
Step S302: and judging whether the time difference value between the time stamp contained in the decryption result and the system time stamp exceeds a threshold value.
In an embodiment of the cross-site request data processing method of the present application, referring to fig. 4, the following may be further specifically included:
step S401: and acquiring the user request record from the corresponding server back end.
Step S402: and judging whether the user request record contains the user identification contained in the decrypted result.
For example, the client of the present application generates a random token in the format of a timestamp + 5-bit random number + md5 value, such as 2022020212301076432471596bb6d8351f1ee 69677 c9d6dfc8, wherein 20202123010 is time, 76432 is five-bit random number, 471596bb6d8351f1ee 6966705 c9d6dfc8 is md5 value, and md5 value is the value obtained by encrypting the timestamp.
The client side uses the CSRFtoken as the key, encrypts the random token by using an RAS encryption algorithm, and then puts the encrypted random token into an HTTP Request Header as a value, and sends the Request to a token verification module.
The Token verification module acquires the value of the CSRFtoken from the Request parameter, and if the value of the CSRFtoken is null, the Request is intercepted, otherwise, the next step is carried out.
The method for decrypting the CSRFtoken by using the RAS encryption algorithm firstly judges whether the 5-bit random number is composed of digits, if the verification of the non-digit character token fails, the next step is carried out.
According to the method, the timestamp is taken out from the CSRFtoken for md5 encryption, the encrypted timestamp is compared with the md5 value in the CSRFtoken, if the two values are not communicated, the token is intercepted by a tampering request, and otherwise, the next step is carried out.
If the time difference between the verification timestamp and the server is greater than a given value (set to 5s here), the token is regarded as expired, the request is intercepted, and if the token is expired, the next step is carried out.
And querying a redis database to obtain a value by taking the sessionid of the user as a key value, wherein the value stores the set of token in the latest 10 requests of the user.
And if the set contains the token carried by the request, intercepting the request, if the set does not contain the token carried by the request, releasing the request, and storing the token carried by the request into a redis.
Optionally, only the released request can really access the background service module to execute a specific service operation, and after the operation is finished, the operation result is returned to the client.
In order to accurately identify all requests of a user, intercept forged requests, and improve system security, the present application provides an embodiment of a cross-site request data processing apparatus for implementing all or part of contents of the cross-site request data processing method, and referring to fig. 5, the cross-site request data processing apparatus specifically includes the following contents:
the request analysis module 10 is configured to receive a cross-site request sent by a client and perform request analysis to obtain an encrypted token included in the cross-site request header, where the encrypted token includes a random number and a timestamp.
And the token checking module 20 is configured to decrypt the encrypted token, check a result of the decryption, and forward the cross-site request to a corresponding server backend after the check is passed.
As can be seen from the above description, the cross-site request data processing apparatus provided in the embodiment of the present application can obtain the encrypted token included in the cross-site request header by receiving a cross-site request sent by a client and performing request analysis, where the encrypted token includes a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server rear end after the verification is passed, so that all requests of a user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
In an embodiment of the cross-site request data processing apparatus of the present application, referring to fig. 6, the token checking module 20 includes:
a random number obtaining unit 21, configured to obtain a pre-stored random number from a corresponding server backend.
And a random number verification unit 22, configured to perform random number value verification on the decrypted result according to the random number.
In an embodiment of the cross-site request data processing apparatus of the present application, referring to fig. 7, the token checking module 20 includes:
a timestamp obtaining unit 23, configured to obtain a system timestamp from a corresponding server backend;
a timestamp checking unit 24, configured to determine whether a time difference between the timestamp included in the decrypted result and the system timestamp exceeds a threshold.
In an embodiment of the cross-site request data processing apparatus of the present application, referring to fig. 8, the token checking module 20 includes:
a request record obtaining unit 25, configured to obtain a user request record from a corresponding server backend.
A request record checking unit 26, configured to determine whether the user request record includes the user identifier included in the decrypted result.
In order to accurately identify all requests of a user, intercept forged requests, and improve system security in a hardware level, the present application provides an embodiment of an electronic device for implementing all or part of contents in the cross-site request data processing method, where the electronic device specifically includes the following contents:
a processor (processor), a memory (memory), a communication Interface (Communications Interface), and a bus; the processor, the memory and the communication interface complete mutual communication through the bus; the communication interface is used for realizing information transmission between the cross-station request data processing device and relevant equipment such as a core service system, a user terminal, a relevant database and the like; the logic controller may be a desktop computer, a tablet computer, a mobile terminal, and the like, but the embodiment is not limited thereto. In this embodiment, the logic controller may refer to the embodiment of the cross-site request data processing method and the embodiment of the cross-site request data processing apparatus in the embodiments for implementation, and the contents thereof are incorporated herein, and repeated descriptions are omitted.
It is understood that the user terminal may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), a vehicle-mounted device, a smart wearable device, and the like. Wherein, intelligence wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc..
In practical applications, part of the cross-site request data processing method may be executed on the electronic device side as described above, or all operations may be completed in the client device. The selection may be specifically performed according to the processing capability of the client device, the limitation of the user usage scenario, and the like. This is not a limitation of the present application. The client device may further include a processor if all operations are performed in the client device.
The client device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. The server may include a server on the task scheduling center side, and in other implementation scenarios, the server may also include a server on an intermediate platform, for example, a server on a third-party server platform that is communicatively linked to the task scheduling center server. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.
Fig. 9 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 9, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 9 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.
In one embodiment, the cross-site request data processing method function may be integrated into the central processor 9100.
The central processor 9100 can be configured to perform the following control:
step S101: receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
step S102: and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed.
As can be seen from the above description, in the electronic device provided in the embodiment of the present application, an encrypted token included in a cross-site request header is obtained by receiving a cross-site request sent by a client and performing request analysis, where the encrypted token includes a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed, so that all requests of the user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
In another embodiment, the cross-site request data processing apparatus may be configured separately from the central processor 9100, for example, the cross-site request data processing apparatus may be configured as a chip connected to the central processor 9100, and the cross-site request data processing method function is realized by the control of the central processor.
As shown in fig. 9, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 9; in addition, the electronic device 9600 may further include components not shown in fig. 9, which may be referred to in the prior art.
As shown in fig. 9, the central processor 9100, which is sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, the central processor 9100 receives input and controls the operation of various components of the electronic device 9600.
The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.
The memory 9140 may be a solid-state memory, e.g., read Only Memory (ROM), random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.
The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.
An embodiment of the present application further provides a computer-readable storage medium capable of implementing all steps in the cross-site request data processing method with a server or a client as an execution subject in the foregoing embodiments, where the computer-readable storage medium stores a computer program thereon, and when the computer program is executed by a processor, the computer program implements all steps of the cross-site request data processing method with a server or a client as an execution subject in the foregoing embodiments, for example, when the processor executes the computer program, the processor implements the following steps:
step S101: receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
step S102: and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed.
As can be seen from the above description, in the computer-readable storage medium provided in the embodiment of the present application, an encrypted token included in a cross-site request header is obtained by receiving a cross-site request sent by a client and performing request parsing, where the encrypted token includes a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server rear end after the verification is passed, so that all requests of a user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
Embodiments of the present application further provide a computer program product capable of implementing all steps in the cross-site request data processing method with the execution subject being a server or a client in the foregoing embodiments, and when executed by a processor, the computer program/instruction implements the steps of the cross-site request data processing method, for example, the computer program/instruction implements the following steps:
step S101: receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
step S102: and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed.
As can be seen from the above description, in the computer program product provided in the embodiment of the present application, an encrypted token included in a cross-site request header is obtained by receiving a cross-site request sent by a client and performing request analysis, where the encrypted token includes a random number and a timestamp; and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server rear end after the verification is passed, so that all requests of a user can be accurately identified, forged requests can be intercepted, and the system safety is improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (11)

1. A cross-station request data processing method is characterized by comprising the following steps:
receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
and decrypting the encrypted token, verifying the decrypted result, and forwarding the cross-site request to the corresponding server back end after the verification is passed.
2. The cross-site request data processing method according to claim 1, wherein the verifying the decrypted result comprises:
acquiring a pre-stored random number from the back end of a corresponding server;
and carrying out random number value verification on the decrypted result according to the random number.
3. The cross-site request data processing method according to claim 1, wherein the verifying the decrypted result comprises:
acquiring a system timestamp from the corresponding server back end;
and judging whether the time difference value between the time stamp contained in the decryption result and the system time stamp exceeds a threshold value.
4. The method for processing cross-site request data according to claim 1, wherein the verifying the result of the decryption comprises:
acquiring a user request record from the back end of a corresponding server;
and judging whether the user request record contains the user identification contained in the decrypted result.
5. A cross-site request data processing apparatus, comprising:
the request analysis module is used for receiving a cross-site request sent by a client and performing request analysis to obtain an encrypted token contained in a cross-site request header, wherein the encrypted token contains a random number and a timestamp;
and the token checking module is used for decrypting the encrypted token, checking the decrypted result, and forwarding the cross-site request to the corresponding server back end after the check is passed.
6. The cross-site request data processing apparatus according to claim 5, wherein the token checking module comprises:
a random number acquisition unit, configured to acquire a pre-stored random number from a corresponding server backend;
and the random number verification unit is used for performing random number value verification on the decrypted result according to the random number.
7. The cross-site request data processing device of claim 5, wherein the token checking module comprises:
the time stamp obtaining unit is used for obtaining a system time stamp from the back end of the corresponding server;
and the time stamp checking unit is used for judging whether the time difference value between the time stamp contained in the decryption result and the system time stamp exceeds a threshold value or not.
8. The cross-site request data processing apparatus according to claim 5, wherein the token checking module comprises:
a request record obtaining unit, configured to obtain a user request record from a corresponding server back end;
and the request record checking unit is used for judging whether the user request record contains the user identifier contained in the decrypted result.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the cross-site request data processing method of any one of claims 1 to 4 are implemented when the program is executed by the processor.
10. A computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of a cross-site request data processing method according to any one of claims 1 to 4.
11. A computer program product comprising computer program/instructions, characterized in that the computer program/instructions, when executed by a processor, implement the steps of the cross-site request data processing method of any of claims 1 to 4.
CN202211176961.9A 2022-09-26 2022-09-26 Cross-site request data processing method and device Pending CN115567297A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211176961.9A CN115567297A (en) 2022-09-26 2022-09-26 Cross-site request data processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211176961.9A CN115567297A (en) 2022-09-26 2022-09-26 Cross-site request data processing method and device

Publications (1)

Publication Number Publication Date
CN115567297A true CN115567297A (en) 2023-01-03

Family

ID=84742061

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211176961.9A Pending CN115567297A (en) 2022-09-26 2022-09-26 Cross-site request data processing method and device

Country Status (1)

Country Link
CN (1) CN115567297A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366231A (en) * 2023-02-22 2023-06-30 北京麦克斯泰科技有限公司 Anti-crawler method and system for protecting website resources based on encryption confusion

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116366231A (en) * 2023-02-22 2023-06-30 北京麦克斯泰科技有限公司 Anti-crawler method and system for protecting website resources based on encryption confusion
CN116366231B (en) * 2023-02-22 2023-11-24 北京麦克斯泰科技有限公司 Anti-crawler method and system for protecting website resources based on encryption confusion

Similar Documents

Publication Publication Date Title
CN111079103B (en) Identity authentication method and equipment
CN111130803B (en) Method, system and device for digital signature
CN112823503B (en) Data access method, data access device and mobile terminal
CN105007279A (en) Authentication method and authentication system
US20200128045A1 (en) Processing method for preventing copy attack, and server and client
CN103095457A (en) Login and verification method for application program
CN110933109B (en) Dynamic small program authentication method and device
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN111931209B (en) Contract information verification method and device based on zero knowledge proof
CN109981576B (en) Key migration method and device
CN108959990B (en) Two-dimensional code verification method and device
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
CN111935197A (en) Bidding document encryption and decryption method and device
CN111934873A (en) Bidding file encryption and decryption method and device
CN114553590A (en) Data transmission method and related equipment
CN109740319B (en) Digital identity verification method and server
CN113329004B (en) Authentication method, system and device
CN115567297A (en) Cross-site request data processing method and device
CN113946811A (en) Authentication method and device
CN109120576B (en) Data sharing method and device, computer equipment and storage medium
CN111212058A (en) Method, device and system for logging in mobile phone verification code
CN107395350B (en) Method and system for generating key and key handle and intelligent key safety equipment
CN115422584A (en) Data deformation method and device
CN114549206A (en) Transaction anti-repudiation method, system, electronic equipment and readable storage medium
CN112995322B (en) Information transmission channel establishment method, device, storage medium and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination