CN116975802A - Method and device for adding authority control for server software system - Google Patents

Method and device for adding authority control for server software system Download PDF

Info

Publication number
CN116975802A
CN116975802A CN202311016799.9A CN202311016799A CN116975802A CN 116975802 A CN116975802 A CN 116975802A CN 202311016799 A CN202311016799 A CN 202311016799A CN 116975802 A CN116975802 A CN 116975802A
Authority
CN
China
Prior art keywords
data
request
software system
proxy service
server software
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202311016799.9A
Other languages
Chinese (zh)
Inventor
高正
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Lanbing Technology Co ltd
Original Assignee
Shenzhen Lanbing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Lanbing Technology Co ltd filed Critical Shenzhen Lanbing Technology Co ltd
Priority to CN202311016799.9A priority Critical patent/CN116975802A/en
Publication of CN116975802A publication Critical patent/CN116975802A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Automation & Control Theory (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the technical field of authority control, and discloses a method and a device for adding authority control for a server software system, wherein the method comprises the following steps: the proxy service receives a request of a client software system; carrying out identity authentication according to the certificate attached to the request; when the identity authentication is passed, judging that the request is a data access request or a data authorization request; and executing corresponding processing on the request according to the judging result. The application performs authority control by adding the unified proxy service, standardizes the authorization and authentication methods, expands and adapts on a standard proxy service, reduces the technical complexity and improves the maintainability of the proxy service; through the proxy to the data access interface of the server software system, the client software system can access the proxy service as if it were accessing the native server software system.

Description

Method and device for adding authority control for server software system
Technical Field
The present application relates to the technical field of rights control, and in particular, to a method and apparatus for adding rights control to a server software system.
Background
At present, with the development of internet technology, when a client software system operates data in a server software system through an interface, if the server software system does not have a very strict authority control policy on the operated data, the operation of a plurality of client software systems cannot be isolated, and some data may be illegally accessed and tampered.
However, in the prior art, the solution to the above problem is generally to customize and develop a proxy service with a permission control function for an interface of a server software system, and provide a new set of interfaces, where the client software system accesses the proxy service through the new interfaces, and the proxy service authenticates and authenticates an access request of the client software system, and after the authentication is passed, the proxy service converts the access request of the client software system into an interface call identifiable by the server software system, and then uses an administrator account to call the interface of the server software system.
However, the present inventors have found that the above-mentioned technique has at least the following problems:
problem one: the method needs to customize and develop corresponding proxy service for each server software system, and the authentication and authentication methods in the proxy service are not standard and cannot be reused.
And a second problem: the interface of the proxy service in the method is not compatible with the interface of the server software system, and the client software system needs to be correspondingly adapted and modified.
Disclosure of Invention
The application aims to provide a method and a device for adding authority control for a server-side software system, and aims to solve the problem that in the prior art, corresponding proxy services need to be customized and developed for each server-side software system.
The application is realized in such a way that a method for increasing authority control for a server software system comprises the following steps:
the proxy service receives a request of a client software system;
carrying out identity authentication according to the certificate attached to the request;
when the identity authentication is passed, judging that the request is a data access request or a data authorization request;
executing corresponding processing on the request according to the judging result; the data corresponding to the request is file path format data, and path mapping is performed on the protected data in the server software system in advance in proxy service.
Further, the step of executing corresponding processing on the request according to the judgment result includes:
if the request is a data access request, loading a data access policy base;
authenticating the data access request;
if the authentication is passed, the data access request is forwarded to a server software system interface and is called;
returning the calling result to the client software system;
if the request is a data authorization request, loading a data authorization policy base;
authenticating the data authorization request;
and if the authentication is passed, the authority information of the data authorization request is written into a data access strategy library.
Further, the step of performing path mapping on the protected data in the server software system in advance in the proxy service includes:
the proxy service manages the protected data in the server software system in a file path format, and maps the parameter format of the data access interface of the server software system with the file path format, so that the parameter of any one protected data access interface is converted into a determined file path format data.
Further, in the loading data access policy library, the data access policy library maintains that the client side A has Y permission on X data, and the proxy service loads the whole content of the data access policy library for further calculation.
In the authentication of the access request, the authentication mode is to convert the data requested in the parameters into a file path format, and find whether the related authority policies can be successfully matched in the data access policy library according to the identity information of the client and the file path format data.
Further, the data authorization policy library maintains Y permission that the client A can authorize the X data to the client B, and the proxy service loads the whole content of the data authorization policy library for further calculation.
Further, the authority information is written into the data access policy library, and the proxy service converts the content in the request into a data format of 'the client side A has Y authority on X data', and writes the data into the data access policy library.
The application also provides a device for adding authority control for the server software system, which comprises:
the request receiving module is used for receiving the request of the client software system by the proxy service;
the authentication module is used for carrying out identity authentication according to the certificate attached to the request;
the judging module is used for judging whether the request is a data access request or a data authorization request;
the processing module is used for executing corresponding processing on the request according to the judging result; the data corresponding to the request is file path format data, and path mapping is performed on the protected data in the server software system in advance in proxy service.
Further, the path mapping is performed on the protected data in the server software system in advance in the proxy service, which specifically includes:
the proxy service manages the data in the server software system in a file path format, and maps the parameter format of the data access interface of the server software system with the file path format, so that the parameters of any one data access interface can be converted into a determined file path data.
Compared with the prior art, because the path mapping is carried out on the data protected in the server software system in advance in the proxy service, the parameters of any one data access interface can be converted into the determined file path data, the technology does not need to customize and develop the proxy service for different server software systems, only needs to expand and adapt on one standard proxy service, reduces the technical complexity and improves the maintainability of the proxy service; the client software system does not need to make any modification when calling the data access interface of the server software system.
Drawings
FIG. 1 is a schematic diagram of steps in a method for adding rights control to a server software system according to an embodiment of the present application;
FIG. 2 is a schematic diagram showing the steps of step S4 according to an embodiment of the present application;
FIG. 3 is a schematic diagram showing the steps of step S4 according to another embodiment of the present application;
fig. 4 is a schematic diagram of an apparatus for adding rights control to a server software system according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
Referring to fig. 1, in one embodiment of the present application, a method for adding rights control to a server software system is provided, including the following steps:
step S1, proxy service receives the request of client software system;
step S2, identity authentication is carried out according to the certificate attached to the request;
step S3, when the identity authentication is passed, judging that the request is a data access request or a data authorization request;
step S4, corresponding processing is executed on the request according to the judging result; the data corresponding to the request is file path format data, and path mapping is performed on the protected data in the server software system in advance in proxy service.
In this embodiment, the above scheme is mainly applied to the strict authority control of the data operated in the server software system when the client software system accesses the server software system. The scheme solves the problems that the proxy service can not be reused in the prior scheme, and the interface of the proxy service is incompatible with the interface of the server software system.
As described in the above step S1, the proxy service is a special network service, and allows one network terminal (typically a client) to make an indirect connection with another network terminal (typically a server) through the service. The proxy service provides two types of interfaces: data authorization and data access. The data authorization interface is a proxy service custom interface, which supports the authorization of the appointed operation authority of the appointed data to the appointed client, and the authorized data is in a file path format; the data access interface is an interface of the full proxy server software system and provides relevant operation capability for data in the server software system. Because the proxy service manages data in the server software system in a file path format, for example, a name of secret may be expressed by "/product/project/secret", and the parent level includes concrete data of project and product; the data under the product can be expressed by "/product/", so the proxy service can perform path mapping on the protected data in the server software system in advance, wherein the path mapping is to convert the parameters of any one data access interface into a certain file path data. In this embodiment, the proxy service may receive the request of the client software system because the address of the proxy service interface is consistent with the address of the client software system interface.
In this embodiment, the proxy service needs to sign a certificate with identity information for each client software system, as described in the above step S2, when the client software system requests an interface of the proxy service, the client software system needs to attach the self certificate to the request, the proxy service authenticates the identity of the client according to the content of the certificate, if the authentication fails, the request is denied, and if the authentication is successful, as described in the above step S3, because the proxy service provides two types of interfaces: data authorization and data access, the proxy service may determine from the request path and parameters that the type of request by the client software system is a data access request or a data authorization request. Finally, as described in the above step S4, the following corresponding processing is performed on the request according to the determination result.
In the embodiment, path mapping is performed on the data protected in the server software system in advance in the proxy service, so that parameters of any one data access interface can be converted into a determined file path data, and therefore the technology does not need to customize and develop the proxy service for different server software systems, only needs to expand and adapt on one standard proxy service, reduces technical complexity and improves maintainability of the proxy service; the client software system does not need to make any modification when calling the data access interface of the server software system.
In an embodiment, referring to fig. 2, the step S4 of executing corresponding processing on the request according to the determination result includes:
step S41, if the request is a data access request, loading a data access policy library;
step S42, authenticating the data access request;
step S43, the data access request is forwarded to a server software system interface and is called through authentication;
and step S44, returning the calling result to the client access system.
In this embodiment, the proxy service maintains two policy libraries: the data authorization policy base and the data access policy base maintain that the client A has Y rights to X data. As described above in step S41, when a request is a data access request, the proxy service needs to load the entire contents of the data access policy library for the next calculation. In the next calculation, as described in the above step S42, the proxy service converts the data requested in the parameters into the file path format according to the mapping relationship in S4, and searches the relevant authority policy in the data access policy library according to the client identity information and the file path format data obtained in S2, if the matching is successful, it indicates that the current request passes authentication. After passing the authentication, the proxy service logs in to the server software system through the administrator account, and forwards the request as it is to the interface of the server software system, as described in step S43 above. The proxy service then removes the return value of the interface from the server software system, as described in S44 above, and returns the return value to the client software system as it is.
In an embodiment, referring to fig. 3, the step S4 of executing corresponding processing on the request according to the determination result includes:
step S401, if the request is a data authorization request, loading a data authorization policy library;
step S402, authenticating the data authorization request;
step S403, the right information of the data authorization request is written into a data access policy library through authentication.
In this embodiment, the data authorization policy repository maintains "the a client may grant the B client Y rights for the X data". As described above in step S401, when the request is a data authorization request, the proxy service needs to load the entire contents of the data authorization policy library for the next calculation. In the next calculation, as described in the above step S402, the proxy service searches the data authorization policy library for the relevant authority policy according to the client identity information acquired in S2 and the authorized client information in the request, and if the matching is successful, it indicates that the current request passes authentication. After the authentication is passed, the proxy service converts the content in the request into a data format of "the a client has Y authority on the X data" and writes it into the data access policy repository, as described in step S403 above.
In an embodiment, the authentication mode in the authentication of the access request is to convert the data requested in the parameters into a file path format, and find whether the related authority policy can be successfully matched in the data access policy library according to the identity information of the client and the file path format data, if so, the current request passes the authentication.
In an embodiment, the step of performing path mapping on the protected data in the server software system in advance in the proxy service includes:
the proxy service manages the protected data in the server software system in a file path format, and maps the parameter format of the data access interface of the server software system with the file path format, so that the parameter of any one protected data access interface is converted into a determined file path format data.
In an embodiment, in the loading data access policy repository, the data access policy repository maintains that "the client a has Y authority on the X data", and the proxy service loads the entire content of the data access policy repository for further calculation.
In an embodiment, in the authentication of the access request, the authentication mode is to convert the data requested in the parameters into a file path format, and find whether the related authority policies can be successfully matched in the data access policy library according to the identity information of the client and the file path format data.
In an embodiment, the data authorization policy library maintains "the client a can authorize the client B with the Y authority of the X data", and the proxy service loads the entire content of the data authorization policy library for further calculation.
In one embodiment, the authority information is written into the data access policy library, and the proxy service converts the content in the request into a data format of "the client a has Y authority on the X data" and writes into the data access policy library.
In an embodiment, further comprising: data classification and sensitivity classification: firstly, classifying and grading all data in a server software system, and determining data with different levels according to the sensitivity and confidentiality of the data. The evaluation and decision can be made according to the value, privacy sensitivity, regulatory requirements and other factors of the data. For example, data is classified into public data, internal data, confidential data, and the like.
Dynamic data protection policy formulation: based on the classification and grading of the data, a corresponding dynamic data protection strategy is formulated. Such policies may include, but are not limited to, encryption, data desensitization, data fragmentation, data occlusion, and the like. And selecting proper protection measures according to the context information of the data access request and the user authority. For example, for highly sensitive data, strong encryption techniques may be applied and access rights limited; for generally sensitive data, desensitization techniques may be applied to provide only a portion of the data content.
Context-aware dynamic protection policy enforcement: the proxy service considers the context information of the data access request when executing the protection policy. And according to the classification and grading of the data, dynamically selecting an appropriate protection strategy to protect the data by combining the attribute of the access request, the identity and the authority of the visitor. The method can be realized by a context-aware policy engine, and the measures of data protection are decided in real time according to a predefined rule or model.
The data protection strategy is flexibly adjusted and optimized: as the system and environment change, the data protection policy also needs to be dynamically adjusted and optimized. The proxy service can monitor the protection strategy in real time and flexibly adjust according to the security event, the performance index and the service requirement. This allows real-time knowledge of the state and risk of the system by integrating monitoring and analysis tools to optimize the data protection strategy.
Security audit and continuous improvement: to ensure the validity and compliance of the data protection policy, the proxy service should record and audit the execution of the data access requests and their protection measures. This includes logging, access reporting, security lookups, etc. for security auditing and continued improvement. By analyzing the audit data, potential security risks and opportunities for improvement can be discovered and data protection strategies optimized
In summary, the method for adding authority control to the server software system provided in the embodiment of the application is as follows; the proxy service receives a request of a client software system; carrying out identity authentication according to the certificate attached to the request; when the identity authentication is passed, judging that the request is a data access request or a data authorization request; and executing corresponding processing on the request according to the judging result. In the application, the authority control is carried out by adding the unified proxy service, so that the authorization and authentication methods are standardized, and the standard proxy service is expanded and adapted, thereby reducing the technical complexity and improving the maintainability of the proxy service; through the proxy to the data access interface of the server software system, the client software system can access the proxy service as if it were accessing the native server software system.
Referring to fig. 4, in an embodiment, the present application further provides an apparatus for adding rights control to a server software system, including:
a request receiving module 10, configured to receive a request of a client software system by a proxy service;
an authentication module 20, configured to perform identity authentication according to a certificate attached to the request;
a judging module 30, configured to judge whether the request is a data access request or a data authorization request;
a processing module 40, configured to execute corresponding processing on the request according to the determination result; the data corresponding to the request is file path format data, and path mapping is performed on the protected data in the server software system in advance in proxy service.
In this embodiment, the above scheme is mainly applied to the strict authority control of the data operated in the server software system when the client software system accesses the server software system. The scheme solves the problems that the proxy service can not be reused in the prior scheme, and the interface of the proxy service is incompatible with the interface of the server software system.
As described in the request receiving module 10, the proxy service is a special network service, and allows one network terminal (typically a client) to make an indirect connection with another network terminal (typically a server) through the service. The proxy service provides two types of interfaces: data authorization and data access. The data authorization interface is a proxy service custom interface, which supports the authorization of the appointed operation authority of the appointed data to the appointed client, and the authorized data is in a file path format; the data access interface is an interface of the full proxy server software system and provides relevant operation capability for data in the server software system. Because the proxy service manages data in the server software system in a file path format, for example, a name of secret may be expressed by "/product/project/secret", and the parent level includes concrete data of project and product; the data under the product can be expressed by "/product/", so the proxy service can perform path mapping on the protected data in the server software system in advance, wherein the path mapping is to convert the parameters of any one data access interface into a certain file path data. In this embodiment, the proxy service may receive the request of the client software system because the address of the proxy service interface is consistent with the address of the client software system interface.
In this embodiment, the proxy service needs to sign a certificate with identity information for each client software system, as described in the above authentication module 20, when the client software system requests an interface of the proxy service, the client software system needs to attach the certificate of itself to the request, the proxy service authenticates the identity of the client according to the content of the certificate, if the authentication fails, the request is denied, and if the authentication succeeds, as described in the above determination module 30, because the proxy service provides two types of interfaces: data authorization and data access, the proxy service may determine from the request path and parameters that the type of request by the client software system is a data access request or a data authorization request. Finally, as described in the processing module 40, according to the determination result, the following corresponding processing is performed on the request.
In the embodiment, path mapping is performed on the data protected in the server software system in advance in the proxy service, so that parameters of any one data access interface can be converted into a determined file path data, and therefore the technology does not need to customize and develop the proxy service for different server software systems, only needs to expand and adapt on one standard proxy service, reduces technical complexity and improves maintainability of the proxy service; the client software system does not need to make any modification when calling the data access interface of the server software system.
In an embodiment, the path mapping is performed on the protected data in the server software system in advance in the proxy service, and specifically includes:
the proxy service manages the data in the server software system in a file path format, and maps the parameter format of the data access interface of the server software system with the file path format, so that the parameters of any one data access interface can be converted into a determined file path data.
In this embodiment, for specific implementation of each module in the above embodiment of the apparatus, please refer to the description in the above embodiment of the method, and no further description is given here.
In summary, the method and the device for adding authority control to the server software system are provided in the embodiments of the present application; the proxy service receives a request of a client software system; carrying out identity authentication according to the certificate attached to the request; when the identity authentication is passed, judging that the request is a data access request or a data authorization request; and executing corresponding processing on the request according to the judging result. In the application, the authority control is carried out by adding the unified proxy service, so that the authorization and authentication methods are standardized, and the standard proxy service is expanded and adapted, thereby reducing the technical complexity and improving the maintainability of the proxy service; through the proxy to the data access interface of the server software system, the client software system can access the proxy service as if it were accessing the native server software system.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium provided by the present application and used in embodiments may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM, among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article or method that comprises the element. The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the application.

Claims (9)

1. The method for adding the authority control for the server software system is characterized by comprising the following steps:
the proxy service receives a request of a client software system;
carrying out identity authentication according to the certificate attached to the request;
when the identity authentication is passed, judging that the request is a data access request or a data authorization request;
executing corresponding processing on the request according to the judging result; the data corresponding to the request is file path format data, and path mapping is performed on the protected data in the server software system in advance in proxy service.
2. The method of claim 1, wherein the step of performing a corresponding process on the request according to the determination result comprises:
if the request is a data access request, loading a data access policy base;
authenticating the data access request;
if the authentication is passed, the data access request is forwarded to a server software system interface and is called;
returning the calling result to the client software system;
if the request is a data authorization request, loading a data authorization policy base;
authenticating the data authorization request;
and if the authentication is passed, the authority information of the data authorization request is written into a data access strategy library.
3. The method of claim 1, wherein the step of pre-mapping the path of the protected data in the server software system in the proxy service comprises:
the proxy service manages the protected data in the server software system in a file path format, and maps the parameter format of the data access interface of the server software system with the file path format, so that the parameter of any one protected data access interface is converted into a determined file path format data.
4. The method of claim 3, wherein the rights information is written to a data access policy repository, and the proxy service converts the content in the request to a data format in which "a client has Y rights to X data" and writes to the data access policy repository.
5. The method of claim 3, wherein the data authorization policy repository maintains "the Y rights that the a client can authorize the X data to the B client", and the proxy service loads the entire contents of the data authorization policy repository for further calculation.
6. The method of claim 3, wherein the data access policy repository maintains "the a client has Y rights to the X data" in the loading data access policy repository, and the proxy service loads the entire contents of the data access policy repository for further calculation.
7. The method of claim 3, wherein in the authentication of the access request, the authentication mode is to convert the data requested in the parameters into a file path format, and find whether the related authority policies can be successfully matched in the data access policy library according to the client identity information and the file path format data.
8. An apparatus for adding rights control to a server-side software system, comprising:
the request receiving module is used for receiving the request of the client software system by the proxy service;
the authentication module is used for carrying out identity authentication according to the certificate attached to the request;
the judging module is used for judging whether the request is a data access request or a data authorization request;
the processing module is used for executing corresponding processing on the request according to the judging result; the data corresponding to the request is file path format data, and path mapping is performed on the protected data in the server software system in advance in proxy service.
9. The apparatus of claim 8, wherein the proxy service performs path mapping on data protected in a server software system in advance, and specifically includes:
the proxy service manages the data in the server software system in a file path format, and maps the parameter format of the data access interface of the server software system with the file path format, so that the parameters of any one data access interface can be converted into a determined file path data.
CN202311016799.9A 2023-08-14 2023-08-14 Method and device for adding authority control for server software system Withdrawn CN116975802A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311016799.9A CN116975802A (en) 2023-08-14 2023-08-14 Method and device for adding authority control for server software system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311016799.9A CN116975802A (en) 2023-08-14 2023-08-14 Method and device for adding authority control for server software system

Publications (1)

Publication Number Publication Date
CN116975802A true CN116975802A (en) 2023-10-31

Family

ID=88473074

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311016799.9A Withdrawn CN116975802A (en) 2023-08-14 2023-08-14 Method and device for adding authority control for server software system

Country Status (1)

Country Link
CN (1) CN116975802A (en)

Similar Documents

Publication Publication Date Title
CN104683336B (en) A kind of Android private data guard method and system based on security domain
CN111478910B (en) User identity authentication method and device, electronic equipment and storage medium
US9647993B2 (en) Multi-repository key storage and selection
US20090150990A1 (en) Integrated access authorization
CN106330958A (en) Secure accessing method and device
CN113468576B (en) Role-based data security access method and device
JP4636607B2 (en) How to protect sensitive files in security application
US20140230012A1 (en) Systems, methods, and media for policy-based monitoring and controlling of applications
CN111177741A (en) Pre-authorization data access method and device based on enterprise browser
CN112800397A (en) Data asset protection method, system, electronic equipment and storage medium
JP5069369B2 (en) Integrated access authorization
WO2023241366A1 (en) Data processing method and system, and electronic device and computer-readable storage medium
US20240163264A1 (en) Real-time data encryption/decryption security system and method for network-based storage
CN115664772A (en) Access request processing method and device, computer equipment and storage medium
CN116319026A (en) Trust assessment method and device in zero-trust architecture and electronic equipment
CN114006735B (en) Data protection method, device, computer equipment and storage medium
CN116975802A (en) Method and device for adding authority control for server software system
CN117610079B (en) Data security processing method, device and storage medium
WO2022252609A1 (en) Plug-in protection method and apparatus, and device and storage medium
US8627072B1 (en) Method and system for controlling access to data
CN118487796A (en) Multi-program user access authority management method based on framework
CN111368285A (en) Security threat analysis method and device based on digital features
CN118586029A (en) Private data access method, system, terminal equipment and storage medium
CN117034324A (en) Data access authority control method, device, computer equipment and storage medium
CN117786724A (en) Rule-based network sensitive data encryption method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20231031