CN115664794A

CN115664794A - Method, system and device for detecting request information

Info

Publication number: CN115664794A
Application number: CN202211303455.1A
Authority: CN
Inventors: 邵新娟; 吴意乐; 许微微; 宋永政
Original assignee: Hillstone Networks Co Ltd
Current assignee: Hillstone Networks Co Ltd
Priority date: 2022-10-24
Filing date: 2022-10-24
Publication date: 2023-01-31

Abstract

The application discloses a method, a system and a device for detecting request information. The method comprises the following steps: the network server receives operation request information sent by a front-end server; acquiring a second IP address and second authority information stored in a network server, comparing the first IP address with the second IP address, and comparing the first authority information with the second authority information to obtain a first detection result; and under the condition that the first detection result represents that the operation request information is not abnormal, the network server sends the operation request information to the back-end server, and the back-end server detects the encrypted data to obtain a second detection result. By the method and the device, the problem that unauthorized access cannot be accurately prevented by binding the secret key and the user identity to prevent unauthorized access in the related technology is solved.

Description

Method, system and device for detecting request information

Technical Field

The present application relates to the field of internet information processing, and in particular, to a method, a system, and an apparatus for detecting request information.

Background

The network security product relates to various industries, and the learning cost of configuration, management and maintenance of the network security product is relatively high. With the rapid development of the related technologies of the Web system and the continuous enhancement of the Web safety capability, the mainstream management mode of the network safety product is to pass through the Web system at present, so that the learning cost of the network safety product can be greatly reduced.

The network security product is configured through the Web system, so that a lot of information is exposed to the client conveniently and quickly, if the control related to the authority is not carried out or the control is not thorough, the network security product is easily and maliciously utilized by people, HTTP (Hyper Text Transfer Protocol) requests sent by the Web system are falsified or replayed by various means, horizontal override, vertical override or unauthorized override is caused, and a series of serious consequences on services such as network paralysis, information leakage and the like are generated. Because each administrator has limited capability and some special industries have strict authority requirements on administrators with different roles (such as system administrators, security administrators and audit administrators), the Web system of the network security product needs to be safely and strictly controlled in unauthorized behaviors, so that the normal use of the network security product is ensured.

In the prior art, when unauthorized access is prevented, the method is adopted to bind user information and a dynamically distributed key and determine the identity of a user according to the key, so that unauthorized access behavior is prevented. However, the method only binds through the user information and the key, and when other contents are modified in the HTTP access sent to the Web system, the operation of unauthorized access can be completed under the condition that the user information and the key are not changed.

Aiming at the problem that the unauthorized access cannot be accurately prevented by binding the secret key and the user identity in the related technology, an effective solution is not provided at present.

Disclosure of Invention

The application provides a method, a system and a device for detecting request information, which aim to solve the problem that unauthorized access cannot be accurately prevented by binding a secret key and a user identity in the related art.

According to one aspect of the present application, a method of detecting request information is provided. The method comprises the following steps: the method comprises the steps that a network server receives operation request information sent by a front-end server, wherein the operation request information is information sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data are obtained by encrypting the target data; acquiring a second IP address and second authority information stored in a network server, comparing the first IP address with the second IP address, and comparing the first authority information with the second authority information to obtain a first detection result, wherein the second IP address is the IP address when a user logs in a front-end server, and the second authority information is the authority information when the user logs in the front-end server; and under the condition that the first detection result represents that the operation request information is not abnormal, the network server sends the operation request information to the back-end server, and the encrypted data is detected through the back-end server to obtain a second detection result, wherein under the condition that the second detection result represents that the operation request information is not abnormal, the operation request information is determined to be non-risk request information.

Optionally, comparing the first IP address with the second IP address, and comparing the first permission information with the second permission information, respectively, and obtaining the first detection result includes: comparing the first IP address with the second IP address to obtain a first comparison result; under the condition that the first comparison result represents that the first IP address is different from the second IP address, determining that the operation request information is abnormal, obtaining a first abnormal detection result, and sending first alarm information, wherein the first alarm information represents that the IP address of the user is abnormal; comparing the first authority information with the second authority information under the condition that the first comparison result represents that the first IP address is the same as the second IP address to obtain a second comparison result; under the condition that the second comparison result represents that the first permission information is different from the second permission information, determining that the operation request information is abnormal, obtaining a second abnormal detection result, and sending out second alarm information, wherein the second alarm information represents that the permission information is changed; and under the condition that the second comparison result represents that the first permission information is the same as the second permission information, determining that the operation request information is abnormal to obtain a normal detection result, wherein the first detection result comprises a first abnormal detection result, a second abnormal detection result and a normal detection result, and the normal detection result is used for representing that the operation request information is abnormal.

Optionally, the first right information includes at least one of: the preset account, the first role and the first identifier, and the second authority information at least comprises one of the following information: the account, the second identifier and the second role, and the step of comparing the first authority information with the second authority information to obtain a second comparison result comprises the following steps: comparing the first role with the second role to obtain a second comparison result; comparing the first identification with the second identification to obtain a third comparison result; comparing the preset account with the account in the second authority information to obtain a fourth comparison result; determining the second comparison result as that the first authority information is different from the second authority information under the condition that the second comparison result, the third comparison result and the fourth comparison result have abnormal comparison results, wherein the abnormal comparison results represent that the contents of the comparison object and the compared object are inconsistent; and under the condition that the second comparison result, the third comparison result and the fourth comparison result do not have abnormal comparison results, determining the second comparison result as that the first authority information is the same as the second authority information.

Optionally, before the network server receives the operation request information sent by the front-end server, the method further includes: the network server receives login request information sent by the front-end server and acquires a second IP address, wherein the login request information comprises an account and a password of a user; sending the login request information to a login program through a network server, and receiving a verification result returned by the login program and a second role; under the condition that the verification result represents that the login request information is correct, a second identifier is created through the network server, and the account, the second identifier and the second role are determined as second authority information; and storing the second authority information and the second IP address to a memory of the network server, and sending the second authority information to the front-end server.

Optionally, after storing the second permission information and the second IP address in the memory of the network server, the method further includes: determining the storage duration of the second identifier in the memory to obtain a target duration; judging whether the target time length exceeds a preset time length or not; and deleting the second authority information and the second IP address from the memory of the network server under the condition that the target duration exceeds the preset duration.

Optionally, after storing the second permission information and the second IP address in the memory of the network server, the method further includes: and after receiving a user exit instruction sent by the front-end server, deleting the second authority information and the second IP address from the memory of the network server.

According to one aspect of the present application, a method of detecting request information is provided. The method comprises the following steps: receiving operation request information sent by a network server, and carrying out combined encryption on target data in the operation request information to obtain target encrypted data, wherein the operation request information at least comprises encrypted data and the target data, and the encrypted data is obtained by encrypting the target data; comparing the target encrypted data with the encrypted data in the operation request information to obtain a third comparison result; under the condition that the third comparison result represents that the target encrypted data is different from the encrypted data in the operation request information, determining that the operation request information is abnormal, and sending third alarm information, wherein the third alarm information represents that the operation request information is tampered; and determining that the operation request information has no abnormity under the condition that the third comparison result represents that the target encrypted data is the same as the encrypted data in the operation request information.

According to another aspect of the present application, a detection system for requesting information is provided. The system comprises: the front-end server is used for sending login request information of a user to the network server and sending operation request information of the user to the network server after login is successful, wherein the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, the encrypted data is obtained by encrypting the target data, and the login request information comprises an account and a password of the user; the network server is used for receiving login request information sent by the front-end server, acquiring a second IP address, sending the login request information to a login program, determining second authority information of a user under the condition that the login program passes verification, storing the second authority information and the second IP address, receiving operation request information sent by the front-end server, detecting the operation request information through the second IP address and the second authority information, and sending the operation request information to the back-end server under the condition that the operation request information is detected to be abnormal; the login program is used for receiving login request information, verifying the login request information and sending a message to the network server under the condition of passing the verification; and the back-end server is used for receiving the operation request information, performing combined encryption on the target data in the operation request information to obtain target encrypted data, comparing the target encrypted data with the encrypted data in the operation request information, and determining that the operation request information is risk-free information under the condition that the target encrypted data is the same as the encrypted data in the operation request information.

According to another aspect of the present application, there is provided a detection apparatus for requesting information. The device includes: the system comprises a sending unit, a receiving unit and a sending unit, wherein the sending unit is used for receiving operation request information sent by a front-end server by a network server, the operation request information is information sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data is obtained by encrypting the target data; the first comparison unit is used for acquiring a second IP address and second authority information stored in the network server, comparing the first IP address with the second IP address and comparing the first authority information with the second authority information respectively to obtain a first detection result, wherein the second IP address is an IP address when a user logs in the front-end server, and the second authority information is authority information when the user logs in the front-end server; and the detection unit is used for sending the operation request information to the back-end server by the network server under the condition that the first detection result represents that the operation request information is not abnormal, detecting the encrypted data through the back-end server to obtain a second detection result, and determining that the operation request information is risk-free request information under the condition that the second detection result represents that the operation request information is not abnormal.

According to another aspect of the present application, there is provided a detection apparatus for requesting information. The device comprises: the first receiving unit is used for receiving operation request information sent by the network server and carrying out combined encryption on target data in the operation request information to obtain target encrypted data, wherein the operation request information at least comprises encrypted data and the target data, and the encrypted data is obtained by encrypting the target data; the second comparison unit is used for comparing the target encrypted data with the encrypted data in the operation request information to obtain a third comparison result; the first determining unit is used for determining that the operation request information is abnormal and sending third alarm information under the condition that the third comparison result represents that the target encrypted data is different from the encrypted data in the operation request information, wherein the third alarm information represents that the operation request information is tampered; and the second determining unit is used for determining that the operation request information has no abnormity under the condition that the third comparison result represents that the target encrypted data is the same as the encrypted data in the operation request information.

According to another aspect of the embodiments of the present invention, there is also provided a computer storage medium for storing a program, where the program controls a device in which the computer storage medium is located to execute a method for detecting request information when the program runs.

According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including one or more processors and a memory; the memory has stored therein computer readable instructions, and the processor is configured to execute the computer readable instructions, wherein the computer readable instructions are executed to perform a method for detecting request information.

By the application, the following steps are adopted: the method comprises the steps that a network server receives operation request information sent by a front-end server, wherein the operation request information is information sent by a user after logging in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data are obtained by encrypting the target data; acquiring a second IP address and second authority information stored in a network server, comparing the first IP address with the second IP address, and comparing the first authority information with the second authority information to obtain a first detection result, wherein the second IP address is the IP address when a user logs in a front-end server, and the second authority information is the authority information when the user logs in the front-end server; and under the condition that the first detection result represents that the operation request information is not abnormal, the network server sends the operation request information to the back-end server, and the encrypted data is detected through the back-end server to obtain a second detection result, wherein under the condition that the second detection result represents that the operation request information is not abnormal, the operation request information is determined to be risk-free request information. The problem that unauthorized access cannot be accurately prevented by preventing unauthorized access in a mode of binding the secret key and the user identity in the related technology is solved. The IP address when the operation request is sent is compared with the IP address stored in the network server when the operation request is logged in, the authority information in the operation request information is compared with the second authority information stored in the network server when the operation request information is logged in, and the encrypted information in the operation request information is checked by the back-end server under the condition that the comparison result is not abnormal, so that the difference phenomenon can be timely found and processed under the condition that the difference occurs between the operation request information and the request information registered when the user is allowed to operate on the front-end server, and the effect of accurately and comprehensively preventing the unauthorized access phenomenon caused by information tampering is achieved.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the application and, together with the description, serve to explain the application and are not intended to limit the application. In the drawings:

fig. 1 is a first flowchart of a method for detecting request information according to an embodiment of the present disclosure;

fig. 2 is a flowchart of an alternative method for detecting login request information according to an embodiment of the present application;

fig. 3 is a second flowchart of a method for detecting request information according to an embodiment of the present application;

FIG. 4 is a flowchart of an alternative method for detecting operation request information according to an embodiment of the present application;

FIG. 5 is a schematic diagram of a detection system for requesting information provided in accordance with an embodiment of the present application;

FIG. 6 is a first schematic diagram of an apparatus for detecting request information provided according to an embodiment of the present application;

fig. 7 is a second schematic diagram of a device for detecting request information provided according to an embodiment of the present application.

Detailed Description

It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.

In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the accompanying drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It should be noted that relevant information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data that are authorized by the user or sufficiently authorized by various parties. For example, an interface is provided between the system and the relevant user or institution, and before obtaining the relevant information, an obtaining request needs to be sent to the user or institution through the interface, and after receiving the consent information fed back by the user or institution, the relevant information needs to be obtained.

It should be noted that the method, system, and apparatus for detecting request information determined by the present disclosure may be used in the field of internet information processing, and may also be used in any field other than the field of internet information processing.

According to an embodiment of the present application, there is provided a method for detecting request information.

Fig. 1 is a first flowchart of a method for detecting request information according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:

step S102, the network server receives operation request information sent by the front-end server, wherein the operation request information is information sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data is obtained by encrypting the target data.

Specifically, the front-end server, that is, the front end of the network security product, is used for interacting with a user, and the network server is used for data transmission and storage verification. The operation request information is information carried in a request sent by a user, and may be an HTTP request. The first IP address is an IP address of the user for sending the request information, and the first authority information, namely the authority information of the user, can represent the role, account, attribute and other information of the user, so that whether the user can execute the request can be determined according to the authority information.

When a user configures a network security product by using a Web system, the user can log in a login interface of the network security product, and perform network security configuration on a front-end page of the network security product after logging in, and click and determine after data is filled in, at this time, an operation request of the network security configuration and operation request information are generated in a front-end server, wherein the operation request is an HTTP request, the operation request information carried in the HTTP request includes three parts, a part of the contents is the network security configuration filled in by the user, for example, a user a sets a user B as an administrator of the network security product, a part of the information is the request and information of the user, i.e., target data, wherein a first IP address included in the target data is an IP address of the user who sends the request, first authority information is information of the role, a random identifier, an account and the like of the user obtained from the front-end server by the user, and the last part is encrypted data, and the encrypted data is obtained by the target data, and the encrypted data is information of the role, i.e., the encrypted role, the encrypted data is the encrypted identity of an employee, and the encrypted account number of the administrator, and the encrypted role, wherein the encrypted role, the encrypted role is the encrypted role, and the encrypted role is the encrypted role.

After the front-end server generates operation request information corresponding to the user request, the front-end server sends the operation request information to the network server for content determination, and therefore the operation request information is checked in the network server.

Step S104, a second IP address and second authority information stored in the network server are obtained, the first IP address is compared with the second IP address, the first authority information is compared with the second authority information, and a first detection result is obtained, wherein the second IP address is the IP address when the user logs in the front-end server, and the second authority information is the authority information when the user logs in the front-end server.

Specifically, after the network server receives the operation request information, it is first determined whether the IP address of the user sending the operation request information is changed, and therefore, a first IP address in the target data in the operation request information needs to be verified, and the verification method is to compare a second IP address stored by the network server when the user logs in with the first IP address, so as to determine whether the IP address is abnormal according to the comparison result.

Further, under the condition that the IP address is normal, whether the authority information is the same or not is further determined, and the determination method is to compare second authority information stored by a network server when a user logs in with the first authority information, so that whether the authority information is abnormal or not is determined according to the comparison result.

And step S106, under the condition that the first detection result represents that the operation request information is not abnormal, the network server sends the operation request information to the back-end server, and the encrypted data is detected through the back-end server to obtain a second detection result, wherein under the condition that the second detection result represents that the operation request information is not abnormal, the operation request information is determined to be non-risk request information.

Specifically, under the condition that neither the first authority information nor the first IP address is abnormal, the network server sends the operation request information to the back-end server, the back-end server checks the encrypted data, and under the condition that the encrypted data is not abnormal, it is determined that the operation request has no unauthorized access phenomenon, and the network security product can be configured according to the network security configuration filled in by the user in the operation request information. The method for checking the encrypted data may be to encrypt the target data by the same encryption method in the backend server, and compare the encryption result with the encrypted data, thereby determining whether the target data is tampered according to the comparison result.

The method for detecting the request information provided by the embodiment of the application receives the operation request information sent by the front-end server through the network server, wherein the operation request information is information sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data are obtained by encrypting the target data; acquiring a second IP address and second authority information stored in a network server, comparing the first IP address with the second IP address, and comparing the first authority information with the second authority information to obtain a first detection result, wherein the second IP address is the IP address when a user logs in a front-end server, and the second authority information is the authority information when the user logs in the front-end server; and under the condition that the first detection result represents that the operation request information is not abnormal, the network server sends the operation request information to the back-end server, and the encrypted data is detected through the back-end server to obtain a second detection result, wherein under the condition that the second detection result represents that the operation request information is not abnormal, the operation request information is determined to be risk-free request information. The problem that unauthorized access cannot be accurately prevented by preventing unauthorized access in a mode of binding the secret key and the user identity in the related technology is solved. The IP address when the operation request is sent is compared with the IP address stored in the network server when the operation request is logged in, the authority information in the operation request information is compared with the second authority information stored in the network server when the operation request information is logged in, and the encrypted information in the operation request information is checked by the back-end server under the condition that the comparison result is not abnormal, so that the difference phenomenon can be timely found and processed under the condition that the difference occurs between the operation request information and the request information registered when the user is allowed to operate on the front-end server, and the effect of accurately and comprehensively preventing the unauthorized access phenomenon caused by information tampering is achieved.

Optionally, in the method for detecting request information provided in this embodiment of the present application, before the network server receives the operation request information sent by the front-end server, the method further includes: the network server receives login request information sent by the front-end server and acquires a second IP address, wherein the login request information comprises an account and a password of a user; sending the login request information to a login program through a network server, and receiving a verification result returned by the login program and a second role; under the condition that the verification result represents that the login request information is correct, a second identifier is created through the network server, and the account, the second identifier and the second role are determined as second authority information; and storing the second authority information and the second IP address into a memory of the network server, and sending the second authority information to the front-end server.

Specifically, the second IP address is an IP address of the user obtained by the front end when the user logs in the network security product, the login request includes an account name and a password of the user, the network server temporarily stores the second IP address after obtaining the login request and the IP address, sends the login request to the login program, and the login program determines whether the account and the password in the login request information are correct or not, and returns a verification result.

Optionally, in the method for detecting request information provided in the embodiment of the present application, the login program is configured to determine whether an account and a password in the login request information are correct, and is further configured to send the second role to the web server.

It should be noted that, the login program stores an account-password-role comparison table, after receiving the login request information, the login program determines whether an account in the login request information exists in the comparison table, determines whether the password is the same as the corresponding password if the account exists, and acquires the role corresponding to the account from the comparison table to obtain the second role and returns the second role and the authentication result to the network server if the account passwords are all correct, where the authentication result is that the login request information is correct.

If the account does not exist in the comparison table or the password corresponding to the comparison table is incorrect, the verification result is determined to be abnormal and returned to the network server, and the network server returns the abnormal verification result to the front-end server, so that the user is informed of login failure.

Furthermore, under the condition that the verification result received by the network server is that the login request information is correct, a random identifier, namely a second identifier, is created, the second identifier, a second role and the account of the user are determined as second authority information, and the second authority information is stored in the network server, so that the request is identified when the user sends a subsequent request, and the phenomenon that the request information is accessed by unauthorized access is avoided.

It should be noted that, after the second permission information is obtained, the network server sends the second permission information to the front-end server and stores the second permission information in the front-end server, and when the front-end server receives the operation request, the target information is regenerated according to the information of the operation request and the second permission information, at this time, the second permission information in the front-end server may be tampered, so as to be changed into the first permission information, and therefore, it may be determined whether the first permission information is tampered by checking the first permission information and the second permission information.

Fig. 2 is a flowchart of an optional method for detecting login request information according to an embodiment of the present application, where as shown in fig. 2, after a user inputs an account and a password at a client in a front-end server, the client generates login request information, and the method includes: the method comprises the steps that an account, a password and an IP address of a user are obtained, login request information is sent to a network server, the network server stores the IP address and judges whether the request information is login request information, the login request information is sent to a login program under the condition that the login request information is the login request information, whether the user can log in is determined through a comparison table of the account, the password and a role stored in the login program, abnormal information is returned to a client through the network server under the condition that the account or the password is incorrect, the role of the user is obtained under the condition that the account or the password is correct, the role is sent to the network server, and the role, the account and the identity are sent to the client by the network server after a random identity is generated, so that the user can log in.

Optionally, in the method for detecting request information provided in the embodiment of the present application, comparing the first IP address with the second IP address, and comparing the first permission information with the second permission information, respectively, and obtaining the first detection result includes: comparing the first IP address with the second IP address to obtain a first comparison result; under the condition that the first comparison result represents that the first IP address is different from the second IP address, determining that the operation request information is abnormal, obtaining a first abnormal detection result, and sending first alarm information, wherein the first alarm information represents that the IP address of the user is abnormal; comparing the first authority information with the second authority information under the condition that the first comparison result represents that the first IP address is the same as the second IP address to obtain a second comparison result; under the condition that the second comparison result represents that the first permission information is different from the second permission information, determining that the operation request information is abnormal, obtaining a second abnormal detection result, and sending out second alarm information, wherein the second alarm information represents that the permission information is changed; and under the condition that the second comparison result represents that the first authority information is the same as the second authority information, determining that the operation request information is abnormal, and obtaining a normal detection result, wherein the first detection result comprises a first abnormal detection result, a second abnormal detection result and a normal detection result, and the normal detection result is used for representing that the operation request information is abnormal.

Specifically, after the network server receives the operation request information, a first IP address in the operation request information is obtained first, the first IP address is compared with a second IP address stored in the network server, and when the IP address is changed, the first IP address is different from the second IP address, and at this time, it is determined that the user has changed the IP address, which may cause a risk, and therefore first warning information is sent, and it is determined that the operation request information is abnormal, so that the operation request is blocked.

Optionally, in the method for detecting request information provided in the embodiment of the present application, the first permission information at least includes one of: the method comprises the steps of presetting an account, a first role and a first identifier, wherein second authority information at least comprises one of the following information: the account, the second identifier and the second role, and the step of comparing the first permission information with the second permission information to obtain a second comparison result comprises the following steps: comparing the first role with the second role to obtain a second comparison result; comparing the first identification with the second identification to obtain a third comparison result; comparing the preset account with the account in the second authority information to obtain a fourth comparison result; determining the second comparison result as that the first authority information is different from the second authority information under the condition that the second comparison result, the third comparison result and the fourth comparison result have abnormal comparison results, wherein the abnormal comparison results represent that the contents of the comparison object and the compared object are inconsistent; and under the condition that the second comparison result, the third comparison result and the fourth comparison result do not have abnormal comparison results, determining the second comparison result as that the first authority information is the same as the second authority information.

Further, under the condition that the first IP address is the same as the second IP address, the first permission information in the operation request information is obtained, and the preset account information, the first role, and the first identifier in the first permission information are respectively compared with the account information, the second role, and the second identifier in the second permission information in a corresponding manner, wherein the preset account information is the account information of the account used when the user sends the operation request information, and the account information in the second permission information is the account information recorded when the user logs in. Since the first right information is the second right information sent by the network server to the front-end server, the first right information should be identical to the second right information if the first right information is not tampered. Therefore, when the account information, the first role and the first identifier in the first permission information are completely the same as the account information, the second role and the second identifier in the second permission information, it is indicated that the first permission information is the same as the second permission information, and the operation request information is not abnormal. By the method, whether the user tampers with the role, the identification and the account information in the operation request information when sending the operation request can be accurately determined, so that the phenomenon that the request information is accessed without being unauthorized is ensured.

Optionally, in the method for detecting request information provided in this embodiment of the present application, after the second permission information and the second IP address are stored in the memory of the network server, the method further includes: determining the storage time length of the second identifier in the memory to obtain a target time length; judging whether the target time length exceeds a preset time length or not; and deleting the second authority information and the second IP address from the memory of the network server under the condition that the target duration exceeds the preset duration.

It should be noted that, in order to prevent the memory occupation in the network server from being too large and affecting the normal operation of the network server, the authority information of each request stored in the network server needs to be deleted periodically.

Specifically, when each identifier is created by the network server, the generation time of the identifier is recorded at the same time, and the time difference between the current time and the generation time, that is, the storage time of the identifier in the memory is periodically determined.

Optionally, in the method for detecting request information provided in the embodiment of the present application, after the second permission information and the second IP address are stored in the memory of the network server, the method further includes: and after receiving a user exit instruction sent by the front-end server, deleting the second authority information and the second IP address from the memory of the network server.

Similarly, whether the second authority information and the second IP address are deleted or not is determined according to the existence duration of the identifier, and whether the user corresponding to the second authority information and the second IP address exits from the front-end login interface of the network security product or not can be determined according to the existence duration of the identifier.

Fig. 3 is a second flowchart of a method for detecting request information according to an embodiment of the present application. As shown in fig. 3, the method comprises the steps of:

step S302, receiving operation request information sent by the network server, and performing combined encryption on target data in the operation request information to obtain target encrypted data, wherein the operation request information at least comprises encrypted data and the target data, and the encrypted data is obtained by encrypting the target data.

Specifically, the back-end server receives operation request information sent by the network server, at this time, the first IP address and the first permission information in the operation request information are both correct, and at this time, it is necessary to determine whether the rest of contents in the operation request information are correct. The target encrypted data can be obtained by encrypting the target data in the operation request information, that is, the URI, the HTTP method, the account, the role, the network security configuration content, and the random identifier are combined and encrypted, so that the encrypted data is determined according to the target encrypted data.

Step S304, comparing the target encrypted data with the encrypted data in the operation request information to obtain a third comparison result.

Specifically, after the target encrypted data is obtained, the target encrypted data may be compared with the encrypted data carried in the operation request information, so as to determine whether the target encrypted data is correct.

Step S306, under the condition that the third comparison result represents that the target encrypted data is different from the encrypted data in the operation request information, determining that the operation request information is abnormal, and sending out third alarm information, wherein the third alarm information represents that the operation request information is tampered.

Specifically, when the target encrypted data is different from the encrypted data in the operation request information, it is characterized that the target encrypted data is abnormal, and further it can be characterized that parameters in the request sending process, such as URI or HTTP method, in the operation request information are changed, so as to find the unauthorized operation of the user.

For example, when the URI or HTTP method or the contents of the network security configuration in the request message change, the encrypted data in the corresponding request message also needs to be updated synchronously, and since the data falsifier does not know the encryption method agreed by the front-end server and the back-end server, the data falsifier cannot modify the encrypted data synchronously, that is, the encrypted data calculated by the back-end server according to the request message is inconsistent with the encrypted data actually carried in the request message, and thus the data falsification in the request message can be detected, and the unauthorized operation can be found.

Step S308, under the condition that the third comparison result represents that the target encrypted data is the same as the encrypted data in the operation request information, determining that the operation request information has no abnormity.

Specifically, under the condition that the target encrypted data is the same as the encrypted data in the operation request information, the operation request information representing the user is all correct and accords with the identity information and the access authority corresponding to the user, and at the moment, the network security configuration filled in the operation request information of the user can be executed, so that the request is completed.

According to the detection method of the request information provided by the embodiment of the application, the operation request information sent by the network server is received, and the target data in the operation request information is subjected to combined encryption to obtain the target encrypted data, wherein the operation request information at least comprises encrypted data and the target data, and the encrypted data is obtained by encrypting the target data; comparing the target encrypted data with the encrypted data in the operation request information to obtain a third comparison result; under the condition that the third comparison result represents that the target encrypted data is different from the encrypted data in the operation request information, determining that the operation request information is abnormal, and sending third alarm information, wherein the third alarm information represents that the operation request information is tampered; and in the case that the third comparison result represents that the target encrypted data is the same as the encrypted data in the operation request information, determining that the operation request information has no abnormality. The problem that unauthorized access cannot be accurately prevented by binding the secret key and the user identity in the related art is solved. The IP address when the operation request is sent is compared with the IP address stored in the network server when the operation request is logged in, the authority information in the operation request information is compared with the second authority information stored in the network server when the operation request information is logged in, and the encrypted information in the operation request information is checked by the back-end server under the condition that the comparison result is not abnormal, so that the difference phenomenon can be timely found and processed under the condition that the difference occurs between the operation request information and the request information registered when the user is allowed to operate on the front-end server, and the effect of accurately and comprehensively preventing the unauthorized access phenomenon caused by information tampering is achieved.

Fig. 4 is a flowchart of an optional operation request information detection method provided according to an embodiment of the present application, and as shown in fig. 4, after a user logs in a front-end server, the user may fill in configuration information, where the configuration information is network security configuration content, and after the network security configuration content is filled in, the front-end server performs combined encryption on an HTTP request method, a URI, an account, a role, network security configuration content, and a random identifier to obtain encrypted data, and sends the encrypted data, the HTTP request method, the URI, the account, the role, the network security configuration content, the random identifier, and an IP address to the network server as operation request information.

Further, after receiving the operation request information, the network server firstly determines whether the IP address of the request is consistent with the IP address stored by the user during login, and represents that the request has an unauthorized risk under the condition of inconsistency, so that the request is blocked.

Finally, the back-end server performs combined encryption on the HTTP request method, the URI, the account, the role, the network security configuration content and the random identifier in the request information to obtain new encrypted data, determines whether the new encrypted data is the same as the encrypted information in the request information, and if the new encrypted data is not the same as the encrypted information in the request information, the request is tampered, and the request is blocked; if the request is not modified by the override, the network security configuration content in the request can be executed. Therefore, under the condition that the difference occurs between the operation request information and the request information registered when the user is allowed to operate on the front-end server, the difference phenomenon can be timely found and processed, and the effect of accurately and comprehensively preventing the unauthorized access phenomenon caused by information tampering is achieved.

It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than presented herein.

The embodiment of the present application further provides a system for detecting request information, and it should be noted that the system for detecting request information of the embodiment of the present application may be used to execute the method for detecting request information provided in the embodiment of the present application. The following describes a system for detecting request information provided in an embodiment of the present application.

Fig. 5 is a schematic diagram of a detection system for requesting information according to an embodiment of the present application. As shown in fig. 5, the system includes:

the front-end server 51 is configured to send login request information of a user to the network server 52, and send operation request information of the user to the network server 52 after login is successful, where the operation request information at least includes encrypted data and target data, the target data at least includes a first IP address and first permission information, the encrypted data is obtained by encrypting the target data, and the login request information includes an account and a password of the user.

Specifically, the front-end server 51 includes a client, and the user can fill an account and a password in the client to log in the network security product, and after receiving the account and the password, the client sends the account and the password to the network server 52, that is, to log in the request information, and receives a verification result of the log in request information. Under the condition of no error in verification, the user can perform network security configuration content in the client, and the front-end server 51 sends operation request information to the network server 52 according to the content of the network security configuration content and the user information, so that the user can configure the network security product.

It should be noted that, after the user successfully logs in, the front-end server 51 receives the second authority information of the user during login, which includes: the method includes the steps of randomly identifying, role and account at login, storing second authority information as first authority information in the front-end server 51, when the user sends operation request information to the network server 52, because the operation request is an HTTP request, the front-end server 51 obtains an HTTP request method and a URI of the operation request information, encrypts the HTTP request method, the URI, the first authority information and network security configuration content to obtain encrypted data, and sends an IP address, the HTTP request method, the URI, the first authority information and the encrypted data to the network server 52 as the operation request information.

The network server 52 is configured to receive the login request information sent by the front-end server 51, acquire the second IP address, send the login request information to the login program 53, determine second authority information of the user when the login program 53 passes the verification, store the second authority information and the second IP address, receive the operation request information sent by the front-end server 51, detect the operation request information through the second IP address and the second authority information, and send the operation request information to the back-end server 54 when it is detected that the operation request information is not abnormal.

Specifically, when receiving the request sent by the front-end server 51, the web server 52 first determines whether the request is a login request according to the request information of the request, and in the case of a login request, acquires an account and a password from the login request information, and sends an IP address of the request, and sends the account and the password to the login program 53, and receives authentication information returned by the login program 53, and in the case of passing the authentication information, the login program 53 also returns a second role, and the web server 52 generates a random identifier, sends the identifier, the role, and the account information back to the front-end server 51, and stores the identifier, the role, the account information (i.e., the second permission information), and the IP address in the login request information in the web server 52.

When the user successfully logs in the client of the front-end server 51, the user may send an operation request message carrying network security configuration content to the network server 52 and send the operation request message to the network server 52, at this time, the network server 52 may obtain the first right information from the operation request message, and since the first right information is the second right information sent by the network server 52 to the front-end server 51, the first right information should be identical to the second right information when the first right information is not tampered. For this reason, the second authority information and the second IP address stored in the web server 52 may be compared with the first authority information and the first IP address in the operation request information, and in the case of complete agreement, it indicates that the authority information and the IP address have not been tampered, so that the operation request information may be sent to the backend server 54.

And a login program 53 for receiving the login request information, verifying the login request information, and sending a message to the web server 52 if the verification is passed.

Specifically, the login program 53 stores an account-password-role comparison table, and after receiving the login request information, the login program 53 determines whether an account in the login request information exists in the comparison table, determines whether the password is the same as the corresponding password if the account exists, and if the account and the password are all correct, the login program 53 acquires the role corresponding to the account from the comparison table to obtain the second role, and returns the second role and the authentication result to the web server 52, where the authentication result is that the login request information is correct.

If the account does not exist in the comparison table or the password corresponding to the comparison table is incorrect, the verification result is determined to be abnormal, the abnormal verification result is returned to the network server 52, and the network server 52 returns the abnormal verification result to the front-end server 51, so that the user is informed of the login failure.

And the back-end server 54 is configured to receive the operation request information, perform combined encryption on the target data in the operation request information to obtain target encrypted data, compare the target encrypted data with the encrypted data in the operation request information, and determine that the operation request information is risk-free information when the target encrypted data is the same as the encrypted data in the operation request information.

Specifically, after receiving the operation request information, the back-end server 54 extracts the URI, the HTTP method, the account, the role, the network security configuration content, and the random identifier in the operation request, encrypts the URI, the HTTP method, the account, the role, the network security configuration content, and the random identifier to obtain new encrypted data, compares the new encrypted data with the encrypted data carried in the operation request information, and represents that the content in the operation request information is completely error-free when the new encrypted data is completely the same as the carried encrypted data, so as to execute the network security configuration content in the operation request information. Thereby preventing the unauthorized access phenomenon caused by information tampering from occurring.

The embodiment of the present application further provides a device for detecting request information, and it should be noted that the device for detecting request information according to the embodiment of the present application may be used to execute the method for detecting request information according to the embodiment of the present application. The following describes a device for detecting request information provided in an embodiment of the present application.

Fig. 6 is a first schematic diagram of a device for detecting request information provided according to an embodiment of the present application. As shown in fig. 6, the apparatus includes: a transmitting unit 61, a first comparing unit 62 and a detecting unit 63.

The sending unit 61 is configured to receive, by the network server, operation request information sent by the front-end server, where the operation request information is information sent after a user logs in the front-end server, the operation request information at least includes encrypted data and target data, the target data at least includes a first IP address and first permission information, and the encrypted data is obtained by encrypting the target data.

Specifically, when a user configures a network security product by using a Web system, the user may log in a login interface of the network security product, and perform network security configuration on a front-end page of the network security product after logging in, and click to determine after data is filled in, at this time, an operation request of the network security configuration and operation request information are generated in a front-end server, where the operation request is an HTTP request, the operation request information carried in the HTTP request includes three parts, and a part of the content is the network security configuration filled in by the user, for example, a user a sets a user B as an administrator of the network security product, and a part of the information is the request and information of the user, that is, target data, where a first IP address included in the target data is an IP address of the user who sent the request, first authority information is information of a role, a random identifier, an account, and the like of the user obtained from the front-end server by the user, and a last part of the target data is encrypted data, and the encrypted data is obtained by encrypting the HTTP data, where the role, the encrypted account information is a role of the administrator, the random identifier, and the encrypted data is the encrypted role of the identity of the user.

The first comparing unit 62 is configured to obtain a second IP address and second permission information stored in the network server, compare the first IP address with the second IP address, and compare the first permission information with the second permission information to obtain a first detection result, where the second IP address is an IP address when the user logs in the front-end server, and the second permission information is permission information when the user logs in the front-end server.

Further, under the condition that the IP address is normal, whether the authority information is the same or not is further determined, and the determining method is to compare second authority information stored by a network server when a user logs in with the first authority information, so that whether the authority information is abnormal or not is determined according to a comparison result.

The detecting unit 63 is configured to, when the first detection result indicates that the operation request information is not abnormal, the network server sends the operation request information to the backend server, and detects the encrypted data through the backend server to obtain a second detection result, where when the second detection result indicates that the operation request information is not abnormal, the network server determines that the operation request information is risk-free request information.

Specifically, under the condition that the first authority information and the first IP address are not abnormal, the network server sends the operation request information to the back-end server, the back-end server checks the encrypted data, and under the condition that the encrypted data are not abnormal, the phenomenon that the operation request has no unauthorized access is determined, and the network security product can be configured according to the network security configuration filled by the user in the operation request information. The method for checking the encrypted data may be that the target data is encrypted by the same encryption method in the back-end server, and the encrypted result is compared with the encrypted data, so as to determine whether the target data is tampered according to the comparison result.

According to the device for detecting request information provided by the embodiment of the application, the network server receives operation request information sent by the front-end server through the sending unit 61, wherein the operation request information is information sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data is obtained by encrypting the target data. The first comparing unit 62 obtains a second IP address and second permission information stored in the network server, and compares the first IP address with the second IP address, and compares the first permission information with the second permission information, to obtain a first detection result, where the second IP address is an IP address when the user logs in the front-end server, and the second permission information is permission information when the user logs in the front-end server. The detecting unit 63 sends the operation request information to the back-end server by the network server when the first detection result represents that the operation request information is not abnormal, and detects the encrypted data by the back-end server to obtain a second detection result, wherein the operation request information is determined to be risk-free request information when the second detection result represents that the operation request information is not abnormal. The problem that unauthorized access cannot be accurately prevented by preventing unauthorized access in a mode of binding the secret key and the user identity in the related technology is solved. The IP address when the operation request is sent is compared with the IP address stored in the network server when the operation request is logged in, the authority information in the operation request information is compared with the second authority information stored in the network server when the operation request information is logged in, and the encrypted information in the operation request information is checked by the back-end server under the condition that the comparison result is not abnormal, so that the difference phenomenon can be timely found and processed under the condition that the difference occurs between the operation request information and the request information registered when the user is allowed to operate on the front-end server, and the effect of accurately and comprehensively preventing the unauthorized access phenomenon caused by information tampering is achieved.

Optionally, in the detection apparatus for request information provided in the embodiment of the present application, the first comparing unit 62 includes: the first comparison module is used for comparing the first IP address with the second IP address to obtain a first comparison result; the first determining module is used for determining that the operation request information is abnormal under the condition that the first comparison result represents that the first IP address is different from the second IP address, obtaining a first abnormal detection result and sending first alarm information, wherein the first alarm information represents that the IP address of the user is abnormal; the second comparison module is used for comparing the first authority information with the second authority information under the condition that the first comparison result represents that the first IP address is the same as the second IP address, so as to obtain a second comparison result; the second determining module is used for determining that the operation request information is abnormal under the condition that the second comparison result represents that the first permission information is different from the second permission information, obtaining a second abnormal detection result and sending out second alarm information, wherein the second alarm information represents that the permission information is changed; and the third determining module is used for determining that the operation request information is abnormal under the condition that the second comparison result represents that the first permission information is the same as the second permission information, so as to obtain a normal detection result, wherein the first detection result comprises a first abnormal detection result, a second abnormal detection result and a normal detection result, and the normal detection result is used for representing that the operation request information is abnormal.

Optionally, in the apparatus for detecting request information provided in the embodiment of the present application, the first permission information at least includes one of: the preset account, the first role and the first identifier, and the second authority information at least comprises one of the following information: account, second sign, second role, the second module of comparing includes: the first comparison submodule is used for comparing the first role with the second role to obtain a second comparison result; the second comparison submodule is used for comparing the first identifier with the second identifier to obtain a third comparison result; the third comparison submodule is used for comparing the preset account with the account in the second permission information to obtain a fourth comparison result; the first determining submodule is used for determining the second comparison result as that the first authority information is different from the second authority information under the condition that the second comparison result, the third comparison result and the fourth comparison result have abnormal comparison results, wherein the abnormal comparison results represent that the contents of the comparison object and the compared object are inconsistent; and the second determining submodule is used for determining the second comparison result as the first permission information is the same as the second permission information under the condition that the second comparison result, the third comparison result and the fourth comparison result do not have abnormal comparison results.

Further, under the condition that the first IP address is the same as the second IP address, the first permission information in the operation request information is obtained, and the account information, the first role and the first identifier in the first permission information are respectively and correspondingly compared with the account information, the second role and the second identifier in the second permission information in sequence. Since the first right information is the second right information sent by the network server to the front-end server, the first right information should be identical to the second right information if the first right information is not tampered. Therefore, when the account information, the first role and the first identifier in the first permission information are completely the same as the account information, the second role and the second identifier in the second permission information, it is indicated that the first permission information is the same as the second permission information, and the operation request information is not abnormal. By the method, whether the user tampers with the role, the identification and the account information in the operation request information when sending the operation request can be accurately determined, so that the phenomenon that the request information is accessed without being unauthorized is ensured.

Optionally, in the apparatus for detecting request information provided in this embodiment of the present application, before the network server receives the operation request information sent by the front-end server, the apparatus further includes: the second receiving unit is used for receiving login request information sent by the front-end server by the network server and acquiring a second IP address, wherein the login request information comprises an account and a password of a user; the third receiving unit is used for sending the login request information to the login program through the network server and receiving an authentication result returned by the login program and a second role; the creating unit is used for creating a second identifier through the network server under the condition that the verification result represents that the login request information is correct, and determining the account, the second identifier and the second role as second authority information; and the storage unit is used for storing the second authority information and the second IP address to a memory of the network server and sending the second authority information to the front-end server.

Further, the login program is used for determining whether the account and the password in the login request information are correct or not, and is also used for sending the second role to the network server.

Fig. 2 is a flowchart of an optional method for detecting login request information according to an embodiment of the present application, where as shown in fig. 2, after a user inputs an account and a password at a client in a front-end server, the client generates login request information, and the method includes: the method comprises the steps that an account, a password and an IP address of a user are obtained, login request information is sent to a network server, the network server stores the IP address, the request information is judged to be the login request information, the login request information is sent to a login program under the condition that the login request information is the login request information, whether the user can log in is determined through an account-password-role comparison table stored in the login program, abnormal information is returned to a client through the network server under the condition that the account or the password is incorrect, the role of the user is obtained under the condition that the account or the password is correct, the role is sent to the network server, and the role, the account and the identification are sent to the client by the network server after a random identification is generated, so that the user can log in.

Optionally, in the apparatus for detecting request information provided in the embodiment of the present application, the apparatus further includes: a third determining unit, configured to determine a storage duration of the second identifier in the memory, to obtain a target duration; the judging unit is used for judging whether the target time length exceeds the preset time length or not; and the first deleting unit is used for deleting the second authority information and the second IP address from the memory of the network server under the condition that the target duration exceeds the preset duration.

Optionally, in the apparatus for detecting request information provided in the embodiment of the present application, the apparatus further includes: and the second deleting unit is used for deleting the second authority information and the second IP address from the memory of the network server after receiving the user quitting instruction sent by the front-end server.

Fig. 7 is a second schematic diagram of a device for detecting request information according to an embodiment of the present application. As shown in fig. 7, the apparatus includes: a first receiving unit 71, a second comparing unit 72, a first determining unit 73, a second determining unit 74.

The first receiving unit 71 is configured to receive operation request information sent by the network server, and perform combined encryption on target data in the operation request information to obtain target encrypted data, where the operation request information at least includes encrypted data and the target data, and the encrypted data is obtained by encrypting the target data.

And a second comparing unit 72, configured to compare the target encrypted data with the encrypted data in the operation request information, to obtain a third comparison result.

And a first determining unit 73, configured to determine that the operation request information is abnormal and issue third warning information when the third comparison result indicates that the target encrypted data is different from the encrypted data in the operation request information, where the third warning information indicates that the operation request information is tampered.

A second determining unit 74, configured to determine that there is no abnormality in the operation request information in a case where the third comparison result indicates that the target encrypted data is the same as the encrypted data in the operation request information.

Specifically, under the condition that the target encrypted data is the same as the encrypted data in the operation request information, the operation request information representing the user is all correct and accords with the identity information and the access authority corresponding to the user, and at this time, the network security configuration filled in the operation request information of the user can be executed, so that the request is completed.

The device for detecting request information provided in the embodiment of the present application receives, by using the first receiving unit 71, operation request information sent by a network server, and performs combined encryption on target data in the operation request information to obtain target encrypted data, where the operation request information at least includes encrypted data and the target data, and the encrypted data is obtained by encrypting the target data. The second comparing unit 72 compares the target encrypted data with the encrypted data in the operation request information to obtain a third comparison result. The first determining unit 73 determines that the operation request information is abnormal and sends third warning information when the third comparison result indicates that the target encrypted data is different from the encrypted data in the operation request information, wherein the third warning information indicates that the operation request information is tampered. The second determining unit 74 determines that there is no abnormality in the operation request information in the case where the third comparison result indicates that the target encrypted data is identical to the encrypted data in the operation request information. The problem that unauthorized access cannot be accurately prevented by binding the secret key and the user identity in the related art is solved. The IP address when the operation request is sent is compared with the IP address stored in the network server when the operation request is logged in, the authority information in the operation request information is compared with the second authority information stored in the network server when the operation request information is logged in, and the encrypted information in the operation request information is checked by the back-end server under the condition that the comparison result is not abnormal, so that the difference phenomenon can be timely found and processed under the condition that the difference occurs between the operation request information and the request information registered when the user is allowed to operate on the front-end server, and the effect of accurately and comprehensively preventing the unauthorized access phenomenon caused by information tampering is achieved.

The device for detecting the request information comprises a processor and a memory, wherein the sending unit 61, the first comparing unit 62, the detecting unit 63, the first receiving unit 71, the second comparing unit 72, the first determining unit 73, the second determining unit 74 and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.

The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the problem that the unauthorized access cannot be accurately prevented in the related art by binding the key and the user identity in the related art is solved by adjusting the kernel parameters.

The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.

An embodiment of the present invention provides a computer-readable storage medium on which a program is stored, which, when executed by a processor, implements the method for detecting the request information.

The embodiment of the invention provides a processor, which is used for running a program, wherein the detection method of the request information is executed when the program runs.

The embodiment of the invention provides electronic equipment which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the detection method of the request information is realized when the processor executes the program. The device herein may be a server, a PC, a PAD, a mobile phone, etc.

The present application also provides a computer program product adapted to perform a program of initializing the steps of the detection method with the requested information when executed on a data processing device.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.

The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art to which the present application pertains. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.

Claims

1. A method for detecting request information, comprising:

the method comprises the steps that a network server receives operation request information sent by a front-end server, wherein the operation request information is information sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data are obtained by encrypting the target data;

acquiring a second IP address and second authority information stored in the network server, and comparing the first IP address with the second IP address and the first authority information with the second authority information respectively to obtain a first detection result, wherein the second IP address is the IP address of the user when logging in the front-end server, and the second authority information is the authority information of the user when logging in the front-end server;

and under the condition that the first detection result represents that the operation request information is not abnormal, the network server sends the operation request information to a back-end server, and the encrypted data is detected through the back-end server to obtain a second detection result, wherein under the condition that the second detection result represents that the operation request information is not abnormal, the operation request information is determined to be risk-free request information.

2. The method of claim 1, wherein comparing the first IP address with the second IP address and comparing the first permission information with the second permission information to obtain a first detection result respectively comprises:

comparing the first IP address with the second IP address to obtain a first comparison result;

under the condition that the first comparison result represents that the first IP address is different from the second IP address, determining that the operation request information is abnormal, obtaining a first abnormal detection result, and sending first alarm information, wherein the first alarm information represents that the IP address of the user is abnormal;

comparing the first authority information with the second authority information to obtain a second comparison result under the condition that the first comparison result represents that the first IP address is the same as the second IP address;

under the condition that the second comparison result represents that the first permission information is different from the second permission information, determining that the operation request information is abnormal, obtaining a second abnormal detection result, and sending out second alarm information, wherein the second alarm information represents that the permission information is changed;

and under the condition that the second comparison result represents that the first permission information is the same as the second permission information, determining that the operation request information is abnormal to obtain a normal detection result, wherein the first detection result comprises a first abnormal detection result, a second abnormal detection result and a normal detection result, and the normal detection result is used for representing that the operation request information is abnormal.

3. The method of claim 2, wherein the first permission information comprises at least one of: presetting an account, a first role and a first identifier, wherein the second permission information at least comprises one of the following information: the step of comparing the first authority information with the second authority information to obtain a second comparison result comprises the following steps:

comparing the first role with the second role to obtain a second comparison result;

comparing the first identification with the second identification to obtain a third comparison result;

comparing the preset account with the account in the second permission information to obtain a fourth comparison result;

determining the second comparison result as the first permission information is different from the second permission information under the condition that an abnormal comparison result exists in the second comparison result, the third comparison result and the fourth comparison result, wherein the abnormal comparison result represents that contents of a comparison object and a compared object are inconsistent;

and determining the second comparison result as the first permission information and the second permission information are the same under the condition that the second comparison result, the third comparison result and the fourth comparison result have no abnormal comparison result.

4. The method of claim 3, wherein before the network server receives the operation request information sent by the front-end server, the method further comprises:

the network server receives login request information sent by the front-end server and acquires the second IP address, wherein the login request information comprises an account and a password of the user;

sending the login request information to a login program through the network server, and receiving a verification result returned by the login program and the second role;

under the condition that the verification result represents that the login request information is correct, the second identifier is created through the network server, and the account, the second identifier and the second role are determined to be the second authority information;

and storing the second authority information and the second IP address to a memory of the network server, and sending the second authority information to the front-end server.

5. The method of claim 4, wherein after storing the second privilege information and the second IP address to the memory of the network server, the method further comprises:

determining the storage duration of the second identifier in the memory to obtain a target duration;

judging whether the target time length exceeds a preset time length or not;

and deleting the second authority information and the second IP address from the memory of the network server under the condition that the target duration exceeds the preset duration.

6. The method of claim 4, wherein after storing the second privilege information and the second IP address to the memory of the network server, the method further comprises:

and after receiving a user exit instruction sent by the front-end server, deleting the second authority information and the second IP address from the memory of the network server.

7. A method for detecting request information, comprising:

receiving operation request information sent by a network server, and performing combined encryption on target data in the operation request information to obtain target encrypted data, wherein the operation request information at least comprises encrypted data and the target data, and the encrypted data is obtained by encrypting the target data;

comparing the target encrypted data with encrypted data in the operation request information to obtain a third comparison result;

under the condition that the third comparison result represents that the target encrypted data is different from the encrypted data in the operation request information, determining that the operation request information is abnormal, and sending third alarm information, wherein the third alarm information represents that the operation request information is tampered;

and under the condition that the third comparison result represents that the target encrypted data is the same as the encrypted data in the operation request information, determining that the operation request information has no abnormality.

8. A system for detecting a request for information, comprising:

the system comprises a front-end server and a network server, wherein the front-end server is used for sending login request information of a user to the network server and sending operation request information of the user to the network server after login is successful, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, the encrypted data is obtained by encrypting the target data, and the login request information comprises an account and a password of the user;

the network server is used for receiving the login request information sent by the front-end server, acquiring a second IP address, sending the login request information to a login program, determining second authority information of the user under the condition that the login program passes verification, storing the second authority information and the second IP address, receiving the operation request information sent by the front-end server, detecting the operation request information through the second IP address and the second authority information, and sending the operation request information to a back-end server under the condition that the operation request information is detected to be abnormal;

the login program is used for receiving the login request information, verifying the login request information and sending a message to the network server under the condition that the verification is passed;

the back-end server is configured to receive the operation request information, perform combined encryption on the target data in the operation request information to obtain target encrypted data, compare the target encrypted data with the encrypted data in the operation request information, and determine that the operation request information is risk-free information when the target encrypted data is the same as the encrypted data in the operation request information.

9. A device for detecting a request for information, comprising:

the system comprises a sending unit, a receiving unit and a processing unit, wherein the sending unit is used for receiving operation request information sent by a front-end server by a network server, the operation request information is sent after a user logs in the front-end server, the operation request information at least comprises encrypted data and target data, the target data at least comprises a first IP address and first authority information, and the encrypted data is obtained by encrypting the target data;

the first comparison unit is used for acquiring a second IP address and second authority information stored in the network server, comparing the first IP address with the second IP address and comparing the first authority information with the second authority information respectively to obtain a first detection result, wherein the second IP address is an IP address when the user logs in the front-end server, and the second authority information is authority information when the user logs in the front-end server;

the detection unit is configured to, when the first detection result indicates that the operation request information is not abnormal, send the operation request information to a back-end server by the network server, and detect the encrypted data through the back-end server to obtain a second detection result, where when the second detection result indicates that the operation request information is not abnormal, it is determined that the operation request information is risk-free request information.

10. A device for detecting a request for information, comprising:

the first receiving unit is used for receiving operation request information sent by a network server and carrying out combined encryption on target data in the operation request information to obtain target encrypted data, wherein the operation request information at least comprises encrypted data and the target data, and the encrypted data is obtained by encrypting the target data;

the second comparison unit is used for comparing the target encrypted data with the encrypted data in the operation request information to obtain a third comparison result;

a first determining unit, configured to determine that the operation request information is abnormal and send third warning information when the third comparison result indicates that the target encrypted data is different from the encrypted data in the operation request information, where the third warning information indicates that the operation request information is tampered;

and a second determining unit, configured to determine that there is no abnormality in the operation request information when the third comparison result indicates that the target encrypted data is the same as the encrypted data in the operation request information.