CN115577048A - Data synchronization process encryption method and device, computer equipment and storage medium - Google Patents

Data synchronization process encryption method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN115577048A
CN115577048A CN202211323349.XA CN202211323349A CN115577048A CN 115577048 A CN115577048 A CN 115577048A CN 202211323349 A CN202211323349 A CN 202211323349A CN 115577048 A CN115577048 A CN 115577048A
Authority
CN
China
Prior art keywords
database
target
data
relational
relational database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211323349.XA
Other languages
Chinese (zh)
Inventor
苏媛媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202211323349.XA priority Critical patent/CN115577048A/en
Publication of CN115577048A publication Critical patent/CN115577048A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • G06F16/275Synchronous replication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data synchronization process encryption method which is applied to the technical field of big data. The method provided by the application comprises the following steps: acquiring a database user name and a database password of a database; generating a database connection number of the database, and associating the database user name and the database password with the database connection number; receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database; creating a first database connection connecting the target relational database and a second database connection connecting the target non-relational database by using a Sqoop tool; if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data; and if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool.

Description

Data synchronization process encryption method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of big data technologies, and in particular, to a method and an apparatus for encrypting a data synchronization process, a computer device, and a storage medium.
Background
When tools such as MapReduce, hive, HBase, cassandra, pig, etc. of big data storage and Hadoop ecosystem are present, a tool is needed to interact with RDBMS (Relational Database Management System) to import and export data residing in RDBMS, such as medical data like personal health files, prescriptions, examination reports, etc., as well as business data, transaction data, payment data, etc. In the prior art, although data interaction is realized between the RDBMS and the HDFS with Hadoop ecology, the data synchronization between the Hadoop ecology and the RDBMS has the defects of password leakage risk and large-batch data leakage.
Disclosure of Invention
The embodiment of the application provides a data synchronization process encryption method and device, computer equipment and a storage medium, and aims to solve the problems of password leakage risk and data leakage in the data synchronization process.
In a first aspect of the present application, a method for encrypting a data synchronization process is provided, including:
acquiring a database user name and a database password of a database, wherein the database user name and the database password are used for connecting the corresponding database, and the database is a relational database or a non-relational database;
generating a database connection number of the database, and associating the database user name and the database password with the database connection number;
receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database;
creating a first database connection connecting the target relational database and a second database connection connecting the target non-relational database by using a Sqoop tool, wherein the first database connection comprises the database connection number of the target relational database, and the second database connection comprises the database connection number of the target non-relational database;
if the target relational database is successfully connected, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data;
and if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool.
Preferably, the obtaining a database user name and a database password of a database, where the database user name and the database password are used to connect to the corresponding database, and the database is a relational database or a non-relational database, and then further includes:
and encrypting the database user name and the database password by using a preset encryption method.
Preferably, after generating the database connection number of the database and associating the database user name and the database password with the database connection number, the method further includes:
acquiring a target database authority of a database account corresponding to the database user name in the corresponding relational database or the non-relational database;
and associating the target database permission with the database connection number.
Preferably, after the associating the target database permission with the database connection number, the method further includes:
if the database connection number does not exist, removing the database connection number, the database user name, the database password and the target database permission corresponding to the database connection number;
if the database connection number does not exist, removing the database connection number, the database user name, the database password and the target database permission corresponding to the database connection number;
starting a second timing task and monitoring whether the database password and the target database permission corresponding to the database user name are changed or not according to a preset second time frequency;
and if so, re-acquiring the database password and the target database permission from the corresponding relational database or the non-relational database.
Preferably, if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data further includes:
if the connection with the target non-relational database fails, destroying the target encryption derived data;
and judging whether the second database connection corresponding to the target encryption exported data is in a connection state, if so, disconnecting and recycling the second database connection.
Preferably, if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm, and before obtaining the target encrypted export data, the method further includes:
selecting an encryption algorithm from a preset encryption algorithm library as the preset encryption algorithm;
and associating the preset encryption algorithm with the data of the data table to be exported, wherein the preset encryption algorithm is a reversible encryption algorithm.
In a second aspect of the present application, there is provided a data synchronization process encryption apparatus, including:
the system comprises a data acquisition module, a database password generation module and a database password generation module, wherein the data acquisition module is used for acquiring a database user name and a database password of a database, the database user name and the database password are used for connecting the corresponding database, and the database is a relational database or a non-relational database;
the database connection coding module is used for generating a database connection number of the database and numbering the database user name and the database password;
the data synchronization command module is used for receiving a data synchronization command, wherein the data synchronization command comprises a target relational database and a target non-relational database;
a database connection management module, configured to create, using a Sqoop tool, a first database connection for connecting to the target relational database and a second database connection for connecting to the target non-relational database, where the first database connection includes the database connection number of the target relational database, and the second database connection includes the database connection number;
the encryption export data module is used for encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encryption export data if the target relational database is successfully connected;
and the encryption import data module is used for importing the target encryption export data into the target non-relational database through the Sqoop tool if the target non-relational database is successfully connected.
In a third aspect of the present application, a computer device is provided, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and the processor implements the steps of the above data synchronization process encryption method when executing the computer program.
In a fourth aspect of the present application, a computer-readable storage medium is provided, which stores a computer program, which when executed by a processor implements the steps of the above-mentioned data synchronization process encryption method.
The data synchronization process encryption method, the data synchronization process encryption device, the computer equipment and the storage medium are characterized in that a database user name and a database password of a database are obtained; generating a database connection number of the database, and associating the database user name and the database password with the database connection number; receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database; creating a first database connection connecting the target relational database and a second database connection connecting the target non-relational database by using a Sqoop tool; if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data; and if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool. The risk of leakage of the database user name and the database password in the data synchronization process is reduced, the data security of the database data in the transmission process is added, and the risk of leakage of large quantities of data is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments of the present application will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
FIG. 1 is a schematic diagram of an application environment of an encryption method for a data synchronization process according to an embodiment of the present application;
FIG. 2 is a flowchart of an encryption method for data synchronization process according to an embodiment of the present application;
FIG. 3 is a flow chart of a data synchronization process encryption method in another embodiment of the present application;
FIG. 4 is a schematic diagram of an encryption apparatus for data synchronization process in an embodiment of the present application;
FIG. 5 is a schematic diagram of a computer device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first", "second" and "third" in the present invention are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," or "third" may explicitly or implicitly include at least one of the feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise. All directional indicators (such as upper, lower, left, right, front, rear, 8230; etc.) in the embodiments of the present invention are only used to explain the relative positional relationship between the components at a certain posture (as shown in the drawing), the motion, etc., and if the certain posture is changed, the directional indicator is correspondingly changed. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
The data synchronization process encryption method provided by the present application may be applied to an application environment as shown in fig. 1, where the computer device may be, but is not limited to, various personal computers and notebook computers, the computer device may also be a server, and the server may be an independent server, or may also be a cloud server that provides basic cloud computing services such as cloud service, cloud database, cloud computing, cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, content Delivery Network (CDN), and big data and artificial intelligence platform. It will be appreciated that the number of computer devices in figure 1 is merely illustrative and any number of extensions may be made according to actual requirements.
In an embodiment, as shown in fig. 2, a data synchronization process encryption method is provided, which is described by taking the computer device in fig. 1 as an example, and includes the following steps S101 to S105:
step S101, a database user name and a database password of a database are obtained, wherein the database user name and the database password are used for connecting the corresponding database, and the database is a relational database or a non-relational database.
The first database user name and the first database password acquired from the relational database are used for connecting the relational database, and the second database user name and the second database password acquired from the non-relational database are used for connecting the non-relational database. Further, a host address and a database access port of the relational database or the non-relational database are obtained, where the host address and the database access port are used to generate a database connection together with the database user name and the database password, for example, a default database access port of MySQL of the relational database is 3306, and other non-3306 ports cannot access the MySQL database, and the database access port needs to be modified in the MySQL database.
Further, the database user name and the database password are encrypted by using a preset encryption method, so that the security of the database user name and the security of the database password are further enhanced, and other people cannot successfully connect the relational database or the non-relational database after obtaining the encrypted database user name and the encrypted database password.
And S102, generating a database connection number of the database, and associating the database user name and the database password with the database connection number.
Further, the host address and the database access port of the relational database or the non-relational database are also associated with the database connection number. When the relational database or the non-relational database is connected, the host address and the database access port of the relational database and/or the non-relational database must be known, otherwise, the database connection cannot be established only according to the database user name and the database password.
Further, after the generating the database user name and the database connection number of the database password, the method further includes: firstly, acquiring the target database authority of a database account corresponding to the database user name in the corresponding relational database or the non-relational database. Because the database user corresponding to each database user name is assigned with the corresponding database operation authority in the corresponding relational database or the non-relational database, for example, the database which is authorized to be accessed by the database user a in a relational database, the data table which can be accessed, the addition and deletion check operation which can be performed on the data table, the IP address or domain name which can be logged in, the authority of the user to another database user, and the like. And then, associating the target database permission with the database connection number. Further, when a data synchronization task arrives, a target relational database and/or a target non-relational database are obtained from the data synchronization task, and meanwhile, whether the database account corresponding to the database connection number has the read and/or write permission for the target relational database and/or the target non-relational database or not is judged. And if not, stopping executing the data synchronization task, and sending the database account number, the target relational database and/or the target non-relational database of which the database account number does not have the read and/or write permission.
Further, after the associating the target database permission with the database connection number, the method further includes: firstly, starting a first timing task to monitor whether the database user name corresponding to the database connection number exists in the corresponding relational database or the non-relational database according to a preset first time frequency. And if the database connection number does not exist, removing the database connection number, the database user name, the database password and the target database permission corresponding to the database connection number. At this time, the database user account corresponding to the database user name is removed from the database by the administrator of the relational database or the non-relational database, and the database connection number, the database user name corresponding to the database connection number, the database password, and the target database permission are saved meaninglessly. And then, starting a second timing task to monitor whether the database password and the target database authority corresponding to the database user name are changed or not according to a preset second time frequency. And if so, re-acquiring the database password and the target database permission from the corresponding relational database or the non-relational database. Because the administrator of the relational database and/or the non-relational database may modify the authority of the database account at variable times according to the business adjustment, it is necessary to detect whether the database password corresponding to the database user name and the target database authority change at regular times, so as to prevent that the relational database or the non-relational database cannot be accessed by using the database user name and the database password when performing a data synchronization task next time, thereby preventing the data synchronization task from being unable to be executed.
Step S103, receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database.
In one possible implementation, the data maintained by the target non-relational database is medical data, such as personal health records, prescriptions, exam reports, and the like. For example, personal health profile data is synchronized from an Oracle database to Hadoop ecotypic Hbase for personal health analysis in a medical cloud platform through data synchronization instructions. In another possible implementation, the data stored in the target non-relational database is transaction data, payment data, business data, or purchase data. For example, in the insurance sales system, the sales data related to insurance products are synchronized from the MySQL database to the Hive database of Hadoop ecology through a data synchronization instruction so as to perform big data analysis.
Step S104, a first database connection connected with the target relational database and a second database connection connected with the target non-relational database are established by using a Sqoop tool, wherein the first database connection comprises the database connection number of the target relational database, and the second database connection comprises the database connection number of the target non-relational database.
The Sqoop tool is a tool for importing and exporting data between Hadoop and a relational database (such as MySQL and Oracle). Data can be imported from the relational database into the HDFS (Hadoop Distributed File System) through the Sqoop, or can be exported from the HDFS into the relational database. The Sqoop tool is imported and exported through MapReduce of Hadoop, so that the Sqoop tool provides high parallel performance and good fault tolerance.
Further, in the process of establishing the first database connection and the second database connection by using the Sqoop tool, only the database connection number needs to be used, and the database user name and the database password do not need to be used, the only visible data is the database connection number, and the database user name and the database password corresponding to the database connection number cannot be visible and acquired, so that the security of the database user name and the database password is further enhanced in the process of performing a data synchronization task by using the Sqoop tool. For example, a data analyst of the vehicle insurance synchronizes data of the data table related to the vehicle insurance from the MySQL database to the Hive database for data analysis through the Sqoop tool, and in the process, the data analyst does not need to know database user names and database passwords of the MySQL database and the Hive database, and can complete the synchronization of the data table related to the vehicle insurance by only creating corresponding database connections through the Sqoop tool according to the database connection numbers.
And S105, if the target relational database is successfully connected, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data.
In the prior art, the database data for data synchronization is not encrypted in the data synchronization process, and thus a defect of mass data leakage during data synchronization exists. Therefore, in the embodiment, the data of the export data table is encrypted by using the preset encryption algorithm, the defect that large-batch data leakage occurs during data synchronization in the prior art is overcome, and the safety of the data synchronization process is improved.
Further, if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm, and before obtaining the target encrypted export data, the method further comprises: first, an encryption algorithm is selected from a preset encryption algorithm library as the preset encryption algorithm, such as AES, SM2, SM4 algorithms. And then, associating the preset encryption algorithm with the data of the data table to be exported, wherein the preset encryption algorithm is a reversible encryption algorithm, and after the data of the data table to be exported is encrypted to be stored in the target non-relational database, the encrypted data of the data table to be exported needs to be decrypted to store the decrypted data of the data table to be exported in the target relational database.
Further, if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data, and then: firstly, if the connection with the target non-relational database fails, destroying the target encrypted export data. Because the data synchronization task cannot be completed necessarily when the connection with the target non-relational database fails, that is, the target encrypted export data cannot be reintroduced into the target non-relational database, and an intermediate product (for example, the target encrypted export data) in the execution process of the data synchronization task needs to be destroyed, not only is the risk of database data leakage avoided (the risk of data leakage also exists in the process of leakage of the target encrypted export data), but also the redundant disk redundancy caused by the data synchronization task is avoided (for example, the target encrypted export data generated when the execution of the data synchronization task fails is stored on a disk, which has no meaning). And then, judging whether the second database connection corresponding to the target encryption exported data is in a connection state, if so, disconnecting and recycling the second database connection. Because, database connections are also a system resource occupation situation for computer systems, as described.
And step S106, if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool.
Further, it should be specially explained that the data synchronization process in this embodiment is only to synchronize data from the relational database to the non-relational database, and there are other data synchronization application scenarios that synchronize data from the non-relational database to the relational database, and the main implementation manner of the other data synchronization application scenarios is similar to this embodiment, and therefore, details are not described here.
Fig. 3 is a flow chart illustrating a data synchronization process encryption method according to another embodiment of the invention. It should be noted that the method of the present invention is not limited to the flow sequence shown in fig. 3 if the substantially same result is obtained. As shown in fig. 3, the data synchronization process encryption method includes the steps of:
step S201, a database user name and a database password of a database are obtained, wherein the database user name and the database password are used for connecting the corresponding database, and the database is a relational database or a non-relational database.
Step S202, generating a database connection number of the database, and associating the database user name and the database password with the database connection number.
Step S203, receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database.
Step S204, a first database connection connecting the target relational database and a second database connection connecting the target non-relational database are created using a Sqoop tool, where the first database connection includes the database connection number of the target relational database, and the second database connection includes the database connection number of the target non-relational database.
And S205, if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data.
Step S206, uploading the database user name, the database password, the target relational database information, the table name of the data table to be exported and the data of the data table to be exported to a block chain, so that the database user name, the database password, the target relational database information, the table name of the data table to be exported and the data of the data table to be exported are encrypted and stored.
And step S207, if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool.
In step S206, corresponding digest information is obtained based on the database user name, the database password, the target relational database information, the table name of the data table to be exported, and the data of the data table to be exported, respectively, and specifically, the digest information is obtained by performing hash processing on the database user name, the database password, the target relational database information, the table name of the data table to be exported, and the data of the data table to be exported, for example, by using a sha256S algorithm. Uploading summary information to the blockchain can ensure the safety and the fair transparency of the user. The user equipment may download the summary information from the blockchain, so as to verify whether the database user name, the database password, the target relational database information, the table name of the to-be-exported data table, and the to-be-exported data table data are tampered. The blockchain referred to in this example is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, and the like. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, which is used for verifying the validity (anti-counterfeiting) of the information and generating a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
For other steps, specific reference is made to the description of the foregoing embodiments, and details are not repeated here.
According to the data synchronization process encryption method provided by the embodiment of the invention, the database user name and the database password of the database are obtained; generating a database connection number of the database, and associating the database user name and the database password with the database connection number; receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database; creating a first database connection connecting the target relational database and a second database connection connecting the target non-relational database by using a Sqoop tool; if the connection with the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data; and if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool. The risk of leakage of the database user name and the database password in the data synchronization process is reduced, the data security of the database data in the transmission process is added, and the risk of leakage of large quantities of data is avoided. It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by functions and internal logic of the process, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In one embodiment, a data synchronization process encryption apparatus 100 is provided, and the data synchronization process encryption apparatus 100 corresponds to the data synchronization process encryption method in the above embodiment one to one. As shown in fig. 4, the data synchronization process encryption apparatus 100 includes a data acquisition module 11, a database connection encoding module 12, a data synchronization command module 13, a database connection management module 14, an encryption export data module 15, and an encryption import data module 16. The detailed description of each functional module is as follows:
the data acquisition module 11 is configured to acquire a database user name and a database password of a database, where the database user name and the database password are used to connect to the corresponding database, and the database is a relational database or a non-relational database;
a database connection coding module 12, configured to generate a database connection number of the database, and number the database user name and the database password;
a data synchronization command module 13, configured to receive a data synchronization command, where the data synchronization command includes a target relational database and a target non-relational database
A database connection management module 14, configured to create, using a Sqoop tool, a first database connection connecting the target relational database and a second database connection connecting the target non-relational database, where the first database connection includes the database connection number of the target relational database, and the second database connection includes the database connection number;
the encrypted export data module 15 is used for encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data if the target relational database is successfully connected;
and an encrypted import data module 16, configured to import, by using the Sqoop tool, the target encrypted export data into the target non-relational database if the target non-relational database is successfully connected.
Further, the data obtaining module 11 further includes:
and the secondary encryption sub-module is used for encrypting the database user name and the database password by using a preset encryption method.
Further, the database connection encoding module 12 further includes:
a database permission obtaining sub-module, configured to obtain a target database permission of a database account corresponding to the database user name in the corresponding relational database or the non-relational database;
and the database permission correlation submodule is used for correlating the target database permission with the database connection number.
Further, the database permission association sub-module further includes:
the first timing task subunit is used for starting a first timing task and monitoring whether the database user name corresponding to the database connection number exists in the corresponding relational database or the non-relational database according to a preset first time frequency;
the account information removing subunit is configured to remove the database connection number, the database user name, the database password, and the target database permission corresponding to the database connection number if the account information removing subunit does not exist;
the second timing task subunit is used for starting a second timing task and monitoring whether the database password and the target database permission corresponding to the database user name change or not according to a preset second time frequency;
and the account information updating subunit is used for, if so, re-acquiring the database password and the target database permission from the corresponding relational database or the non-relational database.
Further, the encrypted export data module 14 further comprises:
the encrypted data destruction submodule is used for destroying the target encrypted export data if the connection with the target non-relational database fails;
the database connection destruction submodule is used for judging whether the second database connection corresponding to the target encryption export data is in a connection state, if so, the second database connection is disconnected and recovered;
the encryption algorithm selection submodule is used for selecting an encryption algorithm from a preset encryption algorithm library as the preset encryption algorithm;
and the encryption algorithm association submodule is used for associating the preset encryption algorithm with the data of the data table to be exported, wherein the preset encryption algorithm is a reversible encryption algorithm.
Wherein the meaning of "first" and "second" in the above modules/units is only to distinguish different modules/units, and is not used to define which module/unit has higher priority or other defining meaning. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules explicitly listed, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus, and the division of modules into blocks presented herein is merely a logical division and may be implemented in a further manner in actual practice.
For specific limitations of the data synchronization process encryption apparatus, reference may be made to the above limitations on the data synchronization process encryption method, which will not be described herein again. The modules in the data synchronization process encryption device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The database of the computer device is used for storing data involved in the data synchronization process encryption method. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by a processor implements a data synchronization process encryption method.
In one embodiment, a computer device is provided, which includes a memory, a processor and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the steps of the data synchronization process encryption method in the above embodiments are implemented, for example, steps S101 to S106 shown in fig. 2 and other extensions of the method and related steps. Alternatively, the processor, when executing the computer program, implements the functions of the modules/units of the data synchronization process encryption apparatus in the above-described embodiments, such as the functions of the modules 11 to 16 shown in fig. 4. To avoid repetition, further description is omitted here.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like which is the control center for the computer device and which connects the various parts of the overall computer device using various interfaces and lines.
The memory may be used to store the computer programs and/or modules, and the processor may implement various functions of the computer device by running or executing the computer programs and/or modules stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, video data, etc.) created according to the use of the cellular phone, etc.
The memory may be integrated in the processor or may be provided separately from the processor.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the steps of the data synchronization process encryption method in the above-described embodiments, such as the steps S101 to S106 shown in fig. 2 and extensions of other extensions and related steps of the method. Alternatively, the computer program, when executed by the processor, implements the functions of the modules/units of the data synchronization process encryption apparatus in the above-described embodiments, such as the functions of the modules 11 to 16 shown in fig. 4. To avoid repetition, further description is omitted here.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions.
The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present application, and they should be construed as being included in the present application.

Claims (10)

1. A method for encrypting a data synchronization process, comprising:
acquiring a database user name and a database password of a database, wherein the database user name and the database password are used for connecting the corresponding database, and the database is a relational database or a non-relational database;
generating a database connection number of the database, and associating the database user name and the database password with the database connection number;
receiving a data synchronization instruction, wherein the data synchronization instruction comprises a target relational database and a target non-relational database;
creating a first database connection connecting the target relational database and a second database connection connecting the target non-relational database by using a Sqoop tool, wherein the first database connection comprises the database connection number of the target relational database, and the second database connection comprises the database connection number of the target non-relational database;
if the target relational database is successfully connected, encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encrypted export data;
and if the target non-relational database is successfully connected, importing the target encrypted export data into the target non-relational database through the Sqoop tool.
2. The data synchronization process encryption method according to claim 1, wherein the obtaining a database username and a database password of a database, wherein the database username and the database password are used to connect to the corresponding database, and the database is a relational database or a non-relational database, and then further comprises:
and encrypting the database user name and the database password by using a preset encryption method.
3. The data synchronization process encryption method of claim 1, wherein after generating the database connection number of the database and associating the database username and the database password with the database connection number, further comprising:
acquiring a target database authority of a database account corresponding to the database user name in the corresponding relational database or the non-relational database;
and associating the target database permission with the database connection number.
4. The data synchronization process encryption method of claim 3, wherein associating the target database permission with the database connection number further comprises:
starting a first timing task to monitor whether the database user name corresponding to the database connection number exists in the corresponding relational database or the non-relational database according to a preset first time frequency;
if the database connection number does not exist, removing the database connection number, the database user name, the database password and the target database authority corresponding to the database connection number;
starting a second timing task and monitoring whether the database password and the target database permission corresponding to the database user name are changed or not according to a preset second time frequency;
and if so, re-acquiring the database password and the target database permission from the corresponding relational database or the non-relational database.
5. The data synchronization process encryption method according to claim 1, wherein if the connection to the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm, and after obtaining the target encrypted export data, further comprising:
if the connection with the target non-relational database fails, destroying the target encrypted export data;
and judging whether the second database connection corresponding to the target encryption exported data is in a connection state, if so, disconnecting and recycling the second database connection.
6. The data synchronization process encryption method according to claim 1, wherein if the connection to the target relational database is successful, encrypting the data of the data table to be exported by using a preset encryption algorithm, and before obtaining the target encrypted export data, the method further comprises:
selecting an encryption algorithm from a preset encryption algorithm library as the preset encryption algorithm;
and associating the preset encryption algorithm with the data of the data table to be exported, wherein the preset encryption algorithm is a reversible encryption algorithm.
7. A data synchronization process encryption apparatus, comprising:
the system comprises a data acquisition module, a database password generation module and a database management module, wherein the data acquisition module is used for acquiring a database user name and a database password of a database, the database user name and the database password are used for connecting a corresponding database, and the database is a relational database or a non-relational database;
the database connection coding module is used for generating a database connection number of the database and numbering the database user name and the database connection number of the database password;
the data synchronization command module is used for receiving a data synchronization command, wherein the data synchronization command comprises a target relational database and a target non-relational database;
a database connection management module, configured to create, using a Sqoop tool, a first database connection for connecting to the target relational database and a second database connection for connecting to the target non-relational database, where the first database connection includes the database connection number of the target relational database, and the second database connection includes the database connection number;
the encryption export data module is used for encrypting the data of the data table to be exported by using a preset encryption algorithm to obtain target encryption export data if the target relational database is successfully connected;
and the encryption import data module is used for importing the target encryption export data into the target non-relational database through the Sqoop tool if the target non-relational database is successfully connected.
8. The data synchronization process encryption apparatus of claim 7, wherein the database connection encoding module further comprises:
a database authority obtaining sub-module, configured to obtain a target database authority of a database account corresponding to the database user name in the corresponding relational database or the non-relational database;
and the database authority association submodule is used for associating the target database authority with the database connection number.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the data synchronization process encryption method according to any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the data synchronization process encryption method according to any one of claims 1 to 6.
CN202211323349.XA 2022-10-27 2022-10-27 Data synchronization process encryption method and device, computer equipment and storage medium Pending CN115577048A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211323349.XA CN115577048A (en) 2022-10-27 2022-10-27 Data synchronization process encryption method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211323349.XA CN115577048A (en) 2022-10-27 2022-10-27 Data synchronization process encryption method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115577048A true CN115577048A (en) 2023-01-06

Family

ID=84587831

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211323349.XA Pending CN115577048A (en) 2022-10-27 2022-10-27 Data synchronization process encryption method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115577048A (en)

Similar Documents

Publication Publication Date Title
US11258612B2 (en) Method, apparatus, and electronic device for blockchain-based recordkeeping
CN107809484B (en) Block chain transaction information processing method and block chain link point
US10764052B2 (en) User identity and trust models in decentralized and distributed systems
CN113472720B (en) Digital certificate key processing method, device, terminal equipment and storage medium
CN111628863B (en) Data signature method and device, electronic equipment and storage medium
CN112202779B (en) Block chain based information encryption method, device, equipment and medium
CN111770112A (en) Information sharing method, device and equipment
CN110912892B (en) Certificate management method and device, electronic equipment and storage medium
CN112231755A (en) Data authorization method, device and system based on block chain
CN111817859A (en) Data sharing method, device, equipment and storage medium based on zero knowledge proof
CN116881936A (en) Trusted computing method and related equipment
CN110888716A (en) Data processing method and device, storage medium and electronic equipment
CN113051622B (en) Index construction method, device, equipment and storage medium
US20220191034A1 (en) Technologies for trust protocol with immutable chain storage and invocation tracking
CN105049209A (en) Dynamic password generation method and apparatus
CN116049318A (en) Data storage method and communication device
CN115577048A (en) Data synchronization process encryption method and device, computer equipment and storage medium
WO2018233638A1 (en) Method and apparatus for determining security state of ai software system
CN111698227B (en) Information synchronization management method, device, computer system and readable storage medium
CN111147477B (en) Verification method and device based on block chain network
CN111695987A (en) Client registration processing method, device, equipment and storage medium
CN112311716A (en) Data access control method and device based on openstack and server
CN113946864B (en) Confidential information acquisition method, device, equipment and storage medium
CN116757857B (en) Block chain-based business insurance data management method, system, terminal and storage medium
CN117499159B (en) Block chain-based data transaction method and device and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination