CN117061167A - Method and device for realizing data sharing - Google Patents

Method and device for realizing data sharing Download PDF

Info

Publication number
CN117061167A
CN117061167A CN202311006579.8A CN202311006579A CN117061167A CN 117061167 A CN117061167 A CN 117061167A CN 202311006579 A CN202311006579 A CN 202311006579A CN 117061167 A CN117061167 A CN 117061167A
Authority
CN
China
Prior art keywords
api
data sharing
data
address
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311006579.8A
Other languages
Chinese (zh)
Inventor
林国勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Funo Mobile Communication Technology Co ltd
Original Assignee
Fujian Funo Mobile Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Funo Mobile Communication Technology Co ltd filed Critical Fujian Funo Mobile Communication Technology Co ltd
Priority to CN202311006579.8A priority Critical patent/CN117061167A/en
Publication of CN117061167A publication Critical patent/CN117061167A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Abstract

The invention provides a method and a device for realizing data sharing, wherein the method comprises the following steps: creating and storing a data table required by the data sharing component; acquiring data sharing API information created in a configuration page, storing the data sharing API information into a data table and distributing a data sharing API address; when a first client depends on a data sharing component, intercepting a first API request of the first client through the data sharing component, judging whether a first API address of the first API request is a data sharing API address, and if so, acquiring first data sharing API information corresponding to the first API address from a data table; and executing the query operation according to the first data sharing API information to obtain and return query result data to the first client. The invention does not need to develop interfaces and does not depend on a big data platform, so that the development workload can be reduced to reduce the development cost; and the current application database does not need to be opened, and only a single data sharing service is provided, so that the security risk is reduced.

Description

Method and device for realizing data sharing
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and an apparatus for implementing data sharing.
Background
Data sharing is a process of making the same data resource available to multiple applications, users, or organizations. This process contains technical, practical, legal, and cultural elements that can facilitate secure data access by multiple entities without compromising data integrity.
There are currently two main ways for data sharing in the industry:
1. the data services are provided through the development interface. However, the interface needs to be developed, and the interface needs to be correspondingly changed when the requirement is changed, and the cost is relatively high when the requirement is frequently changed or the requirement is newly increased.
2. And accessing the current database by using a large data platform, and providing data service through a data sharing function on the platform. The above scheme has the following problems:
(1) Data sharing must be platform dependent. If the single application only needs this part of the functions, the whole large data platform must be installed, and the large data platform is relatively heavy, and the installation and deployment are complex, so that many middleware such as kafka, flinkx, hadoop, hdfs and the like need to be installed. When the company does not have the existing big data platform or the external environment does not allow the access to the existing big data platform, the cost of separately building a set of big data platform is relatively high.
(2) An open database is required. The big data platform needs to configure the current database data source, and has a certain security risk.
Therefore, the existing data sharing method has the problems of high development cost and high security risk
Disclosure of Invention
In order to solve the above problems in the prior art, the present invention provides a method and apparatus for implementing data sharing, so as to reduce development cost and reduce security risk.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in a first aspect, the present invention provides a method for implementing data sharing, including the steps of:
creating and storing a data table required by the data sharing component;
acquiring data sharing API information created in a configuration page, storing the data sharing API information into the data table and distributing a data sharing API address;
when a first client depends on the data sharing component, intercepting a first API request of the first client through the data sharing component, judging whether a first API address of the first API request is a data sharing API address, and if so, acquiring first data sharing API information corresponding to the first API address from the data table;
and executing query operation according to the first data sharing API information to obtain and return query result data to the first client.
The invention has the beneficial effects that: the data sharing function is extracted as a component, so that the first client only needs to rely on the data sharing component, at this time, the configuration page on the data sharing component is used for configuring and publishing related information of data sharing, then an API request of the client is connected through an interceptor, and when the API address is found to be the API address of the data sharing, the related information of the data sharing is obtained according to the API address of the data sharing, and query operation is executed, so that the data sharing function is completed. Therefore, the invention does not need to develop interfaces and does not depend on a big data platform, and can reduce the development workload so as to reduce the development cost; and the current application database does not need to be opened, and only a single data sharing service is provided, so that the security risk is reduced.
Optionally, the data table includes an API table, the API table includes a data sharing API address in the data sharing API information and an SQL query statement corresponding to each data sharing API address, and the first data sharing API information is a first SQL query statement corresponding to the first API address;
the query operation is executed according to the first data sharing API information, and the query operation is as follows:
analyzing the first SQL query statement, substituting parameters in the first API request, and executing query operation.
According to the description, the corresponding SQL query statement is found through the API address and is substituted into the parameters in the API request to complete the query operation.
Optionally, the data table includes a permission table, the permission table includes an API access permission in the data sharing API information, and before acquiring the first data sharing API information corresponding to the first API address from the data table, the method further includes:
and authenticating the first API request according to the API access authority corresponding to the first API address.
According to the description, the API access authority is configured on the data sharing API information, so that the data access safety of the database is ensured.
Optionally, the data table includes a current limit table, where the current limit table is used to configure the number of day requests, and before acquiring the first data sharing API information corresponding to the first API address from the data table, the method further includes:
and limiting the first API request according to the number of daily requests corresponding to the first API address.
From the above description, it is known that the API requests are limited by the number of day requests.
Optionally, the acquiring further includes, between the data sharing API information created by the configuration page and the storing the data sharing API information in the data table and issuing a data sharing API address:
and testing the created data sharing API information, wherein the SQL statement in the data sharing API information can only be an SQL query statement.
According to the description, when the creation and the configuration of the data sharing API information are carried out, the created data sharing API information is tested to exclude the SQL statement from containing contents except the SQL query statement, so that the data access safety of the database is ensured.
Optionally, the data sharing component is a jar packet.
According to the description, the data sharing component is a jar package, and can be directly referred to without additional deployment of services, so that development workload can be reduced.
Optionally, after intercepting, by the data sharing component, the first API request of the first client, the method further includes:
the first API request is secured against attacks including SQL injection, xss.
From the above description, security of the data sharing component is ensured by security defenses.
Optionally, the data sharing API address includes a data sharing identifier, and the determining whether the first API address of the first API request is the data sharing API address is:
and judging whether the first API address of the first API request contains the data sharing identifier or not.
Optionally, the data sharing API address includes an API address identifier, where the API address identifier is used for identifying different data sharing API addresses in the data table.
In a second aspect, the present invention provides an implementation apparatus for data sharing, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements a method for implementing data sharing of the first aspect when the processor executes the computer program.
The technical effects corresponding to the implementation device for data sharing provided in the second aspect refer to the related description of the implementation method for data sharing provided in the first aspect.
Drawings
Fig. 1 is a main flow diagram of a method for implementing data sharing according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an API configuration according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an overall flow of request processing according to an embodiment of the present invention;
FIG. 4 is a schematic block diagram of a method for implementing data sharing according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a device for implementing data sharing according to an embodiment of the present invention.
[ reference numerals description ]
1: an implementation device for data sharing;
2: a processor;
3: a memory.
Detailed Description
In order that the above-described aspects may be better understood, exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Example 1
The embodiment is suitable for application scenes needing to carry out data sharing on the application database, does not need to develop interfaces, does not depend on a large data platform, and only needs one data sharing component to provide data sharing service, so that development cost is reduced, and safety risk is reduced. The following description is made in connection with specific methods.
Referring to fig. 1 to 4, a method for implementing data sharing includes the steps of:
s1, creating and storing a data table required by a data sharing component;
in this embodiment, the data sharing component is a jar (a software package file format) package, which can be directly referred to, and can be used by simply configuring an application interceptor, a filter, and the like, without additionally deploying a service, so that development workload can be reduced.
Wherein, the data table stored in the database includes:
(1) The API table comprises data sharing API addresses and definition information such as SQL query sentences corresponding to each data sharing API address.
(2) The rights table includes API access rights.
(3) And the current limiting table is used for configuring the number of daily requests.
(4) And the log table records the request log.
Therefore, when the data sharing service corresponding to the data sharing component is started, it is first determined whether the corresponding data table exists in the database, and if not, step S1 is performed.
S2, acquiring data sharing API information created in a configuration page, storing the data sharing API information into a data table and distributing a data sharing API address;
in this embodiment, step S2 is an API configuration step, and referring to fig. 2, it includes the steps of:
s21, authenticating configuration personnel;
in this embodiment, the data sharing component carries a configuration page, and a configurator needs to configure an API (Application Programming Interface, application program interface) of the database on the configuration page to distribute externally, so that the configurator needs to be authenticated first, and after verifying that the identity authority accords with the identity authority, the configurator is allowed to perform related configuration of the API.
S22, acquiring data sharing API information created in a configuration page;
the data sharing API information comprises the currently created data sharing API address and SQL query sentences corresponding to each data sharing API address. The data sharing API address comprises a data sharing identifier and an API address identifier, the data sharing identifier is used for distinguishing whether the data sharing API address is the data sharing API address or not, the data sharing API address is globally unique, the API address identifier is used for distinguishing different data sharing API addresses of a data table, and the data sharing API address is generally distinguished by name abbreviations of items. For example, the data sharing API address is:http://IP:PORT/contextPath/API/test-user-query,/APIfor data sharing identification, the/test-user-query is an API address identification, and the data table can be searched by the/test-user-query to execute SQL (Structured Query Language ) query sentences in the data table.
S23, testing the created data sharing API information, wherein SQL sentences in the data sharing API information can only be SQL query sentences;
the method mainly comprises the steps of testing the created data sharing API information, and mainly removing whether SQL sentences contain contents except SQL query sentences or not, so that the data access safety of a database is ensured, and the SQL sentences in an API table can only be SQL query sentences.
If the test finds that other types of SQL sentences exist, an abnormal reminding interface is generated and displayed, and configuration personnel are required to modify the SQL sentences to be configured successfully.
S24, configuring API access rights;
wherein an access right is set to the configured data sharing API address such that data access to the database is limited to only users having the access right.
S25, storing the data sharing API information into a data table and distributing a data sharing API address;
s3, when the first client depends on the data sharing component, intercepting a first API request of the first client through the data sharing component, judging whether a first API address of the first API request is a data sharing API address, and if so, acquiring first data sharing API information corresponding to the first API address from a data table;
in this embodiment, the first data sharing API information is a first SQL query statement corresponding to a first API address.
In this embodiment, step S3 is a request processing step, and referring to fig. 3, step S3 includes the steps of:
s31, when the first client depends on the data sharing component, intercepting a first API request of the first client through the data sharing component;
wherein the first API request is:
http://IP:PORT/contextPath/API/test-user-queryuName=zhangsan&token =xxxxxxxxxxxxxxxxxxxxxxxxxxxx&appId=systemA
s32, performing security defense including SQL injection and xss attack on the first API request;
thus, the security of the data sharing component is ensured by protecting the component from attacks such as SQL injection, xss (Cross Site Scripting, cross-site scripting attack) and the like.
S33, judging whether a first API address of the first API request contains a data sharing identifier, if so, the first API address is the data sharing API address;
wherein, the first API address of the first API request includes/API, and the first API request is a data sharing API address.
S34, authenticating the first API request according to the API access authority corresponding to the first API address;
the token of the first API request needs to be authenticated, and the next step is executed after the authentication is successful. Therefore, the data access security of the database is ensured by configuring the API access authority to the data sharing API information.
S35, limiting the first API request according to the number of daily requests corresponding to the first API address;
wherein, the procedure is concurrent by the sendinel limitation to realize the current limitation.
S36, acquiring first data sharing API information corresponding to the first API address from the data table.
If the authentication is not limited after passing, the user takes/test-user-query to find out a corresponding SQL query sentence in the database, such as selection from sys_user window user_name= $ { uName }.
And S4, executing query operation according to the first data sharing API information, and obtaining and returning query result data to the first client.
Wherein, step S4 includes the steps of:
analyzing the first SQL query statement, substituting parameters in the first API request, executing query operation, and obtaining and returning query result data to the first client.
Therefore, the corresponding SQL query statement is found through the API address and the parameters in the API request are substituted to complete the query operation.
It should be noted that, if the first API address does not include the data sharing identifier in step S33, the first API request needs to be executed according to the original access path of the first client, so as to avoid causing other service processing exceptions of the first client.
As can be seen from the above steps and fig. 4, the data sharing component of the present embodiment includes a configuration authentication module, an API configuration module, a request authentication module, an API request module, and a database instance acquisition and execution module.
The configuration authentication module is a module for adding, deleting and checking the authority table, the API table and other data tables.
Wherein, the API creation, the API test, the API authorization and the API release in the API configuration module respectively execute step S22, step S23, step S24 and step S25.
The request authentication module correspondingly executes step S21, step S32 and step S34.
The request processing in the API request module corresponds to executing step S31, step S33, step S35, and step S36, and the call query in the API request module corresponds to executing step S4.
The database instance acquiring and executing module is used for enabling the data sharing component to be compatible with different service environments, acquiring and executing sentences at the bottom layer, providing a data service interface layer for providing upper service call, and enabling different interfaces to be compatible with different service environments. For example, some older services do not use spring, and code writing requires as many scenarios as possible, which is also the greatest difference with respect to data sharing services on platforms.
Therefore, the embodiment does not need to develop interfaces and does not depend on a big data platform, so that development workload can be reduced, and development cost is reduced; and the current application database does not need to be opened, and only a single data sharing service is provided, so that the security risk is reduced.
Example two
Referring to fig. 5, a data sharing implementation apparatus 1 includes a memory 3, a processor 2, and a computer program stored in the memory 3 and capable of running on the processor 2, where the processor 2 implements the steps in the first embodiment when executing the computer program.
Since the apparatus/device described in the foregoing embodiments of the present invention is an apparatus/device used for implementing the method of the foregoing embodiments of the present invention, those skilled in the art can understand the specific structure and modification of the apparatus/device based on the method of the foregoing embodiments of the present invention, and thus are not described herein. All devices/apparatuses used in the methods of the above embodiments of the present invention are within the scope of the present invention.
It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the terms first, second, third, etc. are for convenience of description only and do not denote any order. These terms may be understood as part of the component name.
Furthermore, it should be noted that in the description of the present specification, the terms "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., refer to a specific feature, structure, material, or characteristic described in connection with the embodiment or example being included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art upon learning the basic inventive concepts. Therefore, the appended claims should be construed to include preferred embodiments and all such variations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, the present invention should also include such modifications and variations provided that they come within the scope of the following claims and their equivalents.

Claims (10)

1. The method for realizing data sharing is characterized by comprising the following steps:
creating and storing a data table required by the data sharing component;
acquiring data sharing API information created in a configuration page, storing the data sharing API information into the data table and distributing a data sharing API address;
when a first client depends on the data sharing component, intercepting a first API request of the first client through the data sharing component, judging whether a first API address of the first API request is a data sharing API address, and if so, acquiring first data sharing API information corresponding to the first API address from the data table;
and executing query operation according to the first data sharing API information to obtain and return query result data to the first client.
2. The method according to claim 1, wherein the data table includes an API table, the API table includes data sharing API addresses in data sharing API information and SQL query statements corresponding to each data sharing API address, and the first data sharing API information is a first SQL query statement corresponding to the first API address;
the query operation is executed according to the first data sharing API information, and the query operation is as follows:
analyzing the first SQL query statement, substituting parameters in the first API request, and executing query operation.
3. The method for implementing data sharing according to claim 1, wherein the data table includes a permission table, the permission table includes an API access permission in the data sharing API information, and before acquiring the first data sharing API information corresponding to the first API address from the data table, the method further includes:
and authenticating the first API request according to the API access authority corresponding to the first API address.
4. The method for implementing data sharing according to claim 1, wherein the data table includes a current limit table, the current limit table is used for configuring the number of day requests, and before acquiring the first data sharing API information corresponding to the first API address from the data table, the method further includes:
and limiting the first API request according to the number of daily requests corresponding to the first API address.
5. The method according to claim 1, wherein the acquiring further comprises, between the data sharing API information created by the configuration page and the storing the data sharing API information in the data table and issuing a data sharing API address:
and testing the created data sharing API information, wherein the SQL statement in the data sharing API information can only be an SQL query statement.
6. A method of implementing data sharing according to any one of claims 1 to 5, wherein the data sharing component is a jar packet.
7. The method according to any one of claims 1 to 5, wherein after intercepting, by the data sharing component, the first API request of the first client, further comprises:
the first API request is secured against attacks including SQL injection, xss.
8. The method for implementing data sharing according to any one of claims 1 to 5, wherein the data sharing API address includes a data sharing identifier, and the determining whether the first API address of the first API request is a data sharing API address is:
and judging whether the first API address of the first API request contains the data sharing identifier or not.
9. The method according to any one of claims 1 to 5, wherein the API address includes an API address identifier, and the API address identifier is used for identifying different API addresses of the data table.
10. An apparatus for implementing data sharing, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements a method for implementing data sharing according to any one of claims 1 to 9 when executing the computer program.
CN202311006579.8A 2023-08-10 2023-08-10 Method and device for realizing data sharing Pending CN117061167A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311006579.8A CN117061167A (en) 2023-08-10 2023-08-10 Method and device for realizing data sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311006579.8A CN117061167A (en) 2023-08-10 2023-08-10 Method and device for realizing data sharing

Publications (1)

Publication Number Publication Date
CN117061167A true CN117061167A (en) 2023-11-14

Family

ID=88654595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311006579.8A Pending CN117061167A (en) 2023-08-10 2023-08-10 Method and device for realizing data sharing

Country Status (1)

Country Link
CN (1) CN117061167A (en)

Similar Documents

Publication Publication Date Title
Costin et al. A {Large-scale} analysis of the security of embedded firmwares
JP6559694B2 (en) Automatic SDK acceptance
EP3552098B1 (en) Operating system update management for enrolled devices
US20140115659A1 (en) System and Methods for Secure Utilization of Attestation in Policy-Based Decision Making for Mobile Device Management and Security
JP4848430B2 (en) Virtual role
CN113392415A (en) Access control method and system for data warehouse and electronic equipment
Babar et al. Understanding container isolation mechanisms for building security-sensitive private cloud
US9374377B2 (en) Mandatory protection control in virtual machines
US11531763B1 (en) Automated code generation using analysis of design diagrams
Banse et al. Cloud property graph: Connecting cloud security assessments with static code analysis
Fu et al. Data correlation‐based analysis methods for automatic memory forensic
Honkaranta et al. Towards practical cybersecurity mapping of stride and cwe—a multi-perspective approach
Fischmeister et al. Evaluating the security of three Java-based mobile agent systems
Carr et al. Revisiting security vulnerabilities in commercial password managers
US11783049B2 (en) Automated code analysis tool
CN106897078A (en) Information obtaining method and device
CN117061167A (en) Method and device for realizing data sharing
CN115827589A (en) Authority verification method and device, electronic equipment and storage medium
Mishra et al. CONTAIN4n6: a systematic evaluation of container artifacts
Paule Securing DevOps: detection of vulnerabilities in CD pipelines
Jadidi et al. Capexec: Towards transparently-sandboxed services (extended version)
Freitas Application security in continuous delivery
Køien et al. A Call for Mandatory Input Validation and Fuzz Testing
Amthor The entity labeling pattern for modeling operating systems access control
Palacios et al. Security analysis protocol for android-based mobile applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication