CN117596062A - Horizontal override detection method, device and equipment - Google Patents

Horizontal override detection method, device and equipment Download PDF

Info

Publication number
CN117596062A
CN117596062A CN202311660492.2A CN202311660492A CN117596062A CN 117596062 A CN117596062 A CN 117596062A CN 202311660492 A CN202311660492 A CN 202311660492A CN 117596062 A CN117596062 A CN 117596062A
Authority
CN
China
Prior art keywords
account
information
user
verification information
operation request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311660492.2A
Other languages
Chinese (zh)
Inventor
沈宥臣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202311660492.2A priority Critical patent/CN117596062A/en
Publication of CN117596062A publication Critical patent/CN117596062A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a horizontal override detection method, a horizontal override detection device and horizontal override detection equipment, which can be used in the technical field of computers. The method comprises the following steps: when a service end receives a service operation request initiated by a user at a client end, acquiring account information of the user in the service operation request; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode; acquiring account verification information of the user, which is stored in advance in a cache device preset by a server; wherein, part of fields in the account checking information are hidden by the server according to the preset hiding mode; and determining whether the business operation request has horizontal override according to the account information and the account verification information. The method and the device can detect whether the service operation request initiated by the client side has horizontal override in real time on the basis of preventing the user information from being leaked.

Description

Horizontal override detection method, device and equipment
Technical Field
The present disclosure relates to the field of data security technologies, and in particular, to a method, an apparatus, and a device for detecting horizontal override.
Background
The current Internet application layer is endless, and the problem of unauthorized access is easily triggered in the front-end and back-end transaction process. The override access (Broken Access Control, BAC) is a common vulnerability in Web applications, and the horizontal override is one of them, and generally refers to mutual access between users with the same authority.
In the application development process, particularly, the service with more flows is easy to generate the problem of horizontal override, so that the detection of horizontal override during program development is very important.
However, the existing horizontal override detection mode occupies more system resources in the detection process, so that the system response time is increased; in addition, the front-end information for verification is likely to be intercepted, resulting in leakage of user information.
Disclosure of Invention
The application provides a horizontal override detection method, a horizontal override detection device and horizontal override detection equipment, which can solve the technical problems that the existing horizontal override detection mode occupies more system resources in the detection process, so that the response time of a system is increased, and the information leakage of a user is easy to occur.
In a first aspect, the present application provides a method for detecting horizontal override, applied to a server, where the method includes:
when a service operation request initiated by a user at a client is received, acquiring account information of the user in the service operation request; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode;
acquiring account verification information of the user, which is stored in advance in a cache device preset by the server; wherein, part of fields in the account verification information are hidden by the server according to the preset hiding mode;
and determining whether the business operation request has horizontal override according to the account information and the account verification information.
In some embodiments, the method further comprises:
pre-acquiring user information of the user, wherein the user information comprises sub-account verification information corresponding to each sub-account of the user;
carrying out hiding treatment on partial fields in each sub-account verification information according to the preset hiding mode;
generating an account verification information mapping list based on the corresponding relation between the sub-account serial numbers of the sub-accounts and the sub-account verification information of the sub-accounts;
and storing the account verification information mapping list in the cache device.
In some embodiments, the obtaining the account verification information of the user, which is pre-stored in a cache device preset by the server, includes:
acquiring target sub-account verification information corresponding to the target sub-account serial number from the account verification information mapping list according to the target sub-account serial number in the account information;
the determining whether the business operation request has horizontal override according to the account information and the account verification information comprises the following steps:
and determining whether the business operation request has horizontal override according to the account information and the target sub-account verification information.
In some embodiments, the determining whether the business operation request has a horizontal override according to the account information and the target sub-account verification information includes:
determining whether the account information and the target sub-account verification information are successfully matched;
if the account information is successfully matched with the target sub-account verification information, determining that the service operation request has no horizontal override;
and if the account information is not matched with the target sub-account verification information, determining that the business operation request has horizontal override.
In some embodiments, the method further comprises:
when the user information is detected to change, updating the account verification information mapping list cached in the caching device according to the changed user information.
In some embodiments, the method further comprises:
interrupting the business operation request when determining that the business operation request has horizontal override;
and recording the service operation request and outputting error prompt information or alarm information.
In a second aspect, the present application provides a horizontal override detection device, applied to a server, where the device includes:
the receiving module is used for acquiring account information of a user in a service operation request when the service operation request initiated by the user at a client is received; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode;
the acquisition module is used for acquiring the account verification information of the user, which is stored in advance in a cache device preset by the server; wherein, part of fields in the account verification information are hidden by the server according to the preset hiding mode;
and the detection module is used for determining whether the business operation request has horizontal override according to the account information and the account verification information.
In a third aspect, the present application provides an electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the horizontal override detection method as provided in the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, are adapted to carry out the horizontal override detection method as provided in the first aspect.
In a fifth aspect, the present application provides a computer program product comprising a computer program which, when executed by a processor, implements a horizontal override detection method as provided in the first aspect.
According to the horizontal override detection method, the device and the equipment, the account verification information of the user is stored in the server-side caching device in advance, and the account information of the user can be matched with the stored account verification information in the cache before the follow-up transaction is carried out, so that the horizontal override detection is realized quickly, the whole detection process is simple and quick, more system resources are not occupied, the system efficiency can be improved, and the reliability of the detection result can be ensured. In addition, by hiding part of fields in account information and part of fields in account verification information, user privacy can be protected and user information leakage can be prevented even if the front-end service operation request is intercepted.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic structural diagram of a horizontal override detection system provided in an embodiment of the present application;
FIG. 2 is a schematic flow chart of steps of a horizontal override detection method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating another step of a horizontal override detection method according to an embodiment of the present disclosure;
FIG. 4 is a second step of a horizontal override detection method according to an embodiment of the present disclosure;
FIG. 5 is a schematic program module diagram of a horizontal override detection device according to an embodiment of the present application;
fig. 6 is a schematic hardware structure of an electronic device according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, account information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data complies with the related laws and regulations and standards, and is provided with corresponding operation entries for the user to select authorization or rejection.
Some terms involved in the embodiments of the present application are explained below:
unauthorized access: it means that in an application, a certain user or administrator performs certain operations beyond certain administrative rights outside the scope of their rights. Such behavior may lead to a threat to application security, tampering or leakage of data, and even to an application crash or paralysis.
Horizontal override: the method refers to that the user A accesses data of another user B with the same authority, and the method is a vulnerability caused by design defects of data-based access control. And the server side does not judge unauthorized data access loopholes caused by the affiliated person/affiliated department of the data when receiving the request data for operation. For example, in an enterprise OA system, a common employee sees his colleague's payroll in the system.
Front end/client: refers to an interface opened by the system to the user, such as a Web page accessed through a browser, an App on a mobile phone, etc.
Backend/background/server: refers to a system that processes front-end requests.
Cache (Cache): is a memory capable of high-speed data exchange that provides faster information retrieval without the need to retrieve data from a slower main memory. The purpose of acceleration is achieved by placing the commonly used data in a cache for the next direct query.
Mobile-side web application: refers to a web page program that may run on the operating system of the smartphone. They are accessible through the network and require the installation of specific plug-ins or run directly in the handset device. Common types are native apps and Hybrid apps. The former is developed entirely from the interface design of a specific operating system, and the latter is developed from a part of pages in the form of HTML5 and rendered in JavaScript on Android or iOS.
Customer number: a unique number in the system that identifies the customer information.
Card number: the card number of the customer's bank card.
Sub-account: the customer has an account opened under his bank card, for example, the customer has purchased a regular deposit, which is a sub-account.
Sub-account number: a number identifying the sub-account information.
Banknote identification, currency: related attributes of the sub-account. The sub-account serial number, the banknote collection identification and the currency type are used for uniquely determining one sub-account.
Transaction: and a process of requesting and returning results by the application program once.
Sub-account serial number: the sequence number used to uniquely identify the sub-account may start with a natural number of 1.
With the development of internet technology, the popularity of web applications, especially mobile web applications, is becoming more and more widespread, and network security issues are becoming the focus of internet applications, which bear the important role of protecting user privacy and personal information. In a first aspect, the unauthorized access hole becomes the primary hole of network security, while the horizontal unauthorized problem is more prevalent because it occurs between users with the same rights, with greater difficulty in prevention and blocking. In a second aspect, web applications, particularly mobile-side web applications, have a large number of internal processes, and each step may be subject to horizontal override. For example, in the process of taking the deposit product of the mobile phone bank, the steps of inquiring a card list, inquiring detailed information of the product, purchasing to the last and the like are included, when the detailed information is inquired, the risk of overtaking the product information purchased by other accounts can occur, and when the product information is inquired to the last step, the risk of overtaking the product held by other accounts can occur. For example, the user a inquires about the detailed information of the product 1 held by the user B, and performs the operation of taking out the product 1. In the third aspect, when the server side performs the horizontal override verification by using the user information sent by the front end, the user information may be leaked during the interaction between the front end and the back end.
In the application development process, particularly, the service with more flows is easy to generate the problem of horizontal override, so that the detection of horizontal override during program development is very important. However, the existing horizontal override detection method occupies more system resources in the detection process, so that the system response time is increased. In addition, the front-end information for verification is likely to be intercepted, resulting in leakage of user information; the existing horizontal override detection mode is to monitor horizontal override in an off-line mode, and is not suitable for on-line real-time monitoring.
In view of the above technical problems, the embodiment of the application provides a horizontal override detection method, which can match the account information of a user with the stored account verification information in a cache before a subsequent transaction is performed by storing the account verification information of the user in a server cache device in advance, so that the online real-time detection of horizontal override is realized quickly, the whole detection process is simple and quick, more system resources are not occupied, the system efficiency can be improved, and the reliability of a detection result can be ensured. In addition, by hiding part of fields in account information and part of fields in account verification information, user privacy can be protected and user information leakage can be prevented even if the front-end service operation request is intercepted.
The technical scheme shown in the application is described in detail through specific embodiments. It should be noted that the following embodiments may exist alone or in combination with each other, and for the same or similar content, the description will not be repeated in different embodiments.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a horizontal override detection system provided in an embodiment of the present application, and in some embodiments of the present application, the horizontal override detection system includes: the client 101 is connected to the server 102 by a network, and the client 101 is connected to the server 102 by communication.
The client 101 (or referred to as a client) refers to a program corresponding to the server 102 and providing a local service to a user. Except for some applications that only run locally, which are typically installed on common electronic devices, it is desirable to interoperate with the server 102. More commonly used clients include web browsers, such as those used by the world wide web, and instant messaging client software, among others. The electronic device may include a mobile terminal, a tablet computer, a notebook computer, a desktop computer, an intelligent television, a wearable device, and other network terminals, and the client may include an Application (APP) running in the electronic device, a web browser, and the like, which is not limited in the embodiments of the present Application.
The server 102 includes, but is not limited to, a single-path server, a multi-path server, a distributed server, a cloud server, and the like. Wherein, a cache device is disposed in the server 102.
Alternatively, the above-mentioned horizontal override detection method may be performed by the client 101 or the server 102 alone, or may be performed by the client 101 and the server 102 together. For example, in some embodiments, a user sends a data processing request message to the server 102 via the client 101; after receiving the data processing request message, the server 102 generates a corresponding task item, and feeds back a processing result of the task item to the client 101.
Referring to fig. 2, fig. 2 is a schematic step flow diagram of a horizontal override detection method provided in an embodiment of the present application, and in some embodiments of the present application, the horizontal override detection method may be applied to the server 102, and includes:
s201, when a service operation request initiated by a user at a client is received, acquiring account information of the user in the service operation request; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode.
In some embodiments of the present application, when a service end receives a service operation request initiated by a user at a client end, account information of the user in the service operation request is obtained. Optionally, the account information may include a customer number, a sub-account serial number, a card number, a banknote identifier, a currency, etc.
Wherein, part of fields in the account information are hidden by the client according to a preset hiding mode, and the server can perform corresponding decoding or decryption operation to restore the complete account information.
The hiding mode may be any one of the following hiding modes:
replacement characters: the client may replace the characters in certain fields with specific replacement characters or encodings. For example, the card number 6228000000000001234 is hidden as 6228 and 1234.
Cutting: the client may truncate the number of characters of certain fields and only transmit part of the information. The server side needs to infer the truncated partial information by comparing characters at specific positions or according to the relation between the characters before and after the truncation according to a preset hiding rule.
Encryption algorithm: the client may encrypt certain fields using an encryption algorithm. The server needs to decrypt the encrypted field into the original information using a corresponding decryption algorithm and key.
Custom coding: the client may encode certain fields using a custom encoding scheme. The server needs to analyze the custom coding mode and restore the custom coding mode into the original information.
S202, acquiring account verification information of a user stored in a cache device preset by a server side in advance; wherein, part of fields in the account checking information are hidden by the server according to the preset hiding mode.
In some embodiments, when the user is authenticated for the first time, the server may obtain user information of the user in advance, where the user information includes sub-account verification information corresponding to each sub-account of the user, for example, a client number, a sub-account serial number, a card number, a banknote identifier, a currency, and the like; such information may be obtained by interaction with the user or from other systems.
In some embodiments, the server may conceal a part of fields in each sub-account verification information according to a concealing manner adopted by the client; specific hiding modes may include replacing characters, slicing and cutting, encryption algorithm or custom coding, and the embodiment of the present application is not limited.
In some embodiments, the server may generate an account verification information mapping list based on a correspondence between the sub-account serial number of each sub-account and the sub-account verification information of each sub-account, and store the account verification information mapping list in the cache device.
In some embodiments, after receiving the service operation request and obtaining the account information of the user in the service operation request, the server may obtain, according to a target sub-account serial number in the account information, target sub-account verification information corresponding to the target sub-account serial number in the account verification information mapping list.
S203, determining whether the business operation request has horizontal override according to the account information and the account verification information.
In some embodiments, it may be determined whether the service operation request has a horizontal override based on the account information and the target sub-account verification information.
For example, determining whether the account information and the target sub-account verification information are successfully matched; if the matching is successful, determining that the service operation request does not have horizontal override; if the matching fails, determining that the service operation request has horizontal override.
According to the horizontal override detection method, the account verification information of the user is stored in the server-side caching device in advance, and the account information of the user can be matched with the stored account verification information in the cache before the follow-up transaction is carried out, so that the horizontal override detection is realized quickly, the whole detection process is simple and quick, more system resources are not occupied, the system efficiency can be improved, and the reliability of the detection result can be guaranteed. In addition, by hiding part of fields in account information and part of fields in account verification information, user privacy can be protected and user information leakage can be prevented even if the front-end service operation request is intercepted.
Based on the description in the foregoing embodiments, in some embodiments of the present application, when the user information is detected to change, the account verification information mapping list cached in the cache device may be updated according to the changed user information.
In some embodiments of the present application, when determining that the service operation request has a horizontal override, the server may interrupt the service operation request; in addition, the service operation request can be recorded, and error prompt information, alarm information and the like can be output.
Referring to fig. 3, fig. 3 is a schematic flow chart of another step of a horizontal override detection method provided in an embodiment of the present application, where in some embodiments of the present application, the horizontal override detection method may include:
s301, the server acquires user information (including a client number, a sub-account serial number, a card number, a banknote identifier, a currency type and the like) verified by a user for the first time.
S302, carrying out hiding processing on partial fields in each sub-account verification information according to a preset hiding mode. For example, the card number 6228000000000001234 is hidden as 6228 and 1234.
S303, generating an account verification information mapping list based on the corresponding relation between the sub-account serial numbers of the sub-accounts and the sub-account verification information of the sub-accounts.
S304, storing the account verification information mapping list in a server cache device.
In addition, the horizontal override detection method may include:
s305, feeding back the verification information of each sub-account after the hiding process to the client for the client to use in the subsequent flow.
Referring to fig. 4, fig. 4 is a second flowchart illustrating another step of a horizontal override detection method provided in an embodiment of the present application, where in some embodiments of the present application, the horizontal override detection method may include:
s401, when receiving a service operation request initiated by a user at a client, a server acquires account information of the user in the service operation request. Wherein, part of fields in the account information are hidden by the client according to a preset hiding mode.
S402, acquiring account verification information of a user stored in a cache device in advance; wherein, part of fields in the account checking information are hidden by the server according to the preset hiding mode.
S403, determining whether the account information is matched with the account verification information. If yes, continue to execute S404; if not, then S405 is performed.
S404, determining whether the current transaction service is completed; if yes, ending the current transaction service; if not, return to S401.
S405, interrupting the service operation request.
In addition, the service operation request can be recorded, and error prompt information or alarm information can be output.
In some embodiments of the present application, in each transaction flow, before each request is initiated, the server performs matching based on account information that has been partially hidden and reported by the client, and account verification information that has been pre-stored in a server cache, and if all the information can be successfully matched, verification is passed, it is determined that there is no level override, otherwise, it is determined that there is an operation level override, and the transaction request is prevented from being continuously executed.
By hiding part of fields in the account information and part of fields in the account verification information, the privacy of a user can be protected and leakage of the user information can be prevented even if the front-end service operation request is intercepted.
Based on the foregoing descriptions in the foregoing embodiments, the embodiments of the present application further provide a horizontal override detection device, referring to fig. 5, fig. 5 is a schematic program module of a horizontal override detection device provided in the embodiments of the present application, and in some embodiments, the horizontal override detection device 50 includes:
a receiving module 501, configured to, when receiving a service operation request initiated by a user at a client, obtain account information of the user in the service operation request; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode.
An obtaining module 502, configured to obtain account verification information of the user, which is stored in advance in a cache device preset by the server; wherein, part of fields in the account verification information are hidden by the server according to the preset hiding mode.
And a detection module 503, configured to determine whether the service operation request has a horizontal override according to the account information and the account verification information.
According to the horizontal override detection device, the account verification information of the user is stored in the server-side caching device in advance, and the account information of the user can be matched with the stored account verification information in the cache before the follow-up transaction is carried out, so that the horizontal override detection is realized quickly, the whole detection process is simple and quick, more system resources can not be occupied, the system efficiency can be improved, and the reliability of the detection result can be guaranteed. In addition, by hiding part of fields in account information and part of fields in account verification information, user privacy can be protected and user information leakage can be prevented even if the front-end service operation request is intercepted.
In some embodiments, the horizontal override detection device further includes a preprocessing module for:
pre-acquiring user information of the user, wherein the user information comprises sub-account verification information corresponding to each sub-account of the user;
carrying out hiding treatment on partial fields in each sub-account verification information according to the preset hiding mode;
generating an account verification information mapping list based on the corresponding relation between the sub-account serial numbers of the sub-accounts and the sub-account verification information of the sub-accounts;
and storing the account verification information mapping list in the cache device.
In some embodiments, the obtaining module 502 is configured to:
and acquiring target sub-account verification information corresponding to the target sub-account serial number from the account verification information mapping list according to the target sub-account serial number in the account information.
A detection module 503, configured to:
and determining whether the business operation request has horizontal override according to the account information and the target sub-account verification information.
In some embodiments, the detection module 503 is configured to:
determining whether the account information and the target sub-account verification information are successfully matched;
if the account information is successfully matched with the target sub-account verification information, determining that the service operation request has no horizontal override;
and if the account information is not matched with the target sub-account verification information, determining that the business operation request has horizontal override.
In some embodiments, the above-mentioned horizontal override detection device further includes an update module for:
when the user information is detected to change, updating the account verification information mapping list cached in the caching device according to the changed user information.
In some embodiments, the apparatus further comprises a processing module configured to:
interrupting the business operation request when determining that the business operation request has horizontal override;
and recording the service operation request and outputting error prompt information or alarm information.
It should be noted that, in the embodiment of the present application, details of specific execution of the receiving module 501, the obtaining module 502, and the detecting module 503 may refer to each step in the horizontal override detection method described in the foregoing embodiment, and no description is repeated here.
Further, based on the descriptions in the above embodiments, there is also provided an electronic device including at least one processor and a memory; wherein the memory stores computer-executable instructions; the at least one processor executes computer-executable instructions stored in the memory to perform the steps in the horizontal override detection method as described in the above embodiments.
For a better understanding of the embodiments of the present application, referring to fig. 6, fig. 6 is a schematic hardware structure of an electronic device according to the embodiments of the present application.
As shown in fig. 6, the electronic device 60 of the present embodiment includes: a processor 601 and a memory 602; wherein:
a memory 602 for storing computer-executable instructions;
a processor 601 for executing computer-executable instructions stored in a memory to implement the steps of the horizontal override detection method described in the above embodiments.
Alternatively, the memory 602 may be separate or integrated with the processor 601.
When the memory 602 is provided separately, the device further comprises a bus 603 for connecting said memory 602 and the processor 601.
The present embodiment provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, implement the steps in the horizontal override detection method described in the above embodiments.
Embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the steps of the horizontal override detection method described in the above embodiments.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in each embodiment of the present application may be integrated in one processing unit, or each module may exist alone physically, or two or more modules may be integrated in one unit. The units formed by the modules can be realized in a form of hardware or a form of hardware and software functional units.
The integrated modules, which are implemented in the form of software functional modules, may be stored in a computer readable storage medium. The software functional modules described above are stored in a storage medium and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or processor to perform some of the steps of the methods described in various embodiments of the present application.
It is understood that the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The memory may include a high-speed memory, and may further include nonvolatile storage, such as at least one magnetic disk memory, and may also be a usb disk, a removable hard disk, a read-only memory, a magnetic disk, or an optical disk.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (Peripheral Component, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or one type of bus.
The storage medium may be implemented by any type or combination of volatile or nonvolatile memory devices such as static random access memory, electrically erasable programmable read only memory, magnetic memory, flash memory, magnetic or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. The horizontal override detection method is characterized by being applied to a server, and comprises the following steps:
when a service operation request initiated by a user at a client is received, acquiring account information of the user in the service operation request; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode;
acquiring account verification information of the user, which is stored in advance in a cache device preset by the server; wherein, part of fields in the account verification information are hidden by the server according to the preset hiding mode;
and determining whether the business operation request has horizontal override according to the account information and the account verification information.
2. The horizontal override detection method of claim 1, wherein the method further comprises:
pre-acquiring user information of the user, wherein the user information comprises sub-account verification information corresponding to each sub-account of the user;
carrying out hiding treatment on partial fields in each sub-account verification information according to the preset hiding mode;
generating an account verification information mapping list based on the corresponding relation between the sub-account serial numbers of the sub-accounts and the sub-account verification information of the sub-accounts;
and storing the account verification information mapping list in the cache device.
3. The method for detecting horizontal override according to claim 2, wherein the obtaining the account verification information of the user stored in advance in the cache device preset in the server side includes:
acquiring target sub-account verification information corresponding to the target sub-account serial number from the account verification information mapping list according to the target sub-account serial number in the account information;
the determining whether the business operation request has horizontal override according to the account information and the account verification information comprises the following steps:
and determining whether the business operation request has horizontal override according to the account information and the target sub-account verification information.
4. The method of claim 3, wherein determining whether the business operation request has a horizontal override based on the account information and the target sub-account verification information comprises:
determining whether the account information and the target sub-account verification information are successfully matched;
if the account information is successfully matched with the target sub-account verification information, determining that the service operation request has no horizontal override;
and if the account information is not matched with the target sub-account verification information, determining that the business operation request has horizontal override.
5. The horizontal override detection method of claim 2, wherein the method further comprises:
when the user information is detected to change, updating the account verification information mapping list cached in the caching device according to the changed user information.
6. The horizontal override detection method of claim 4, further comprising:
interrupting the business operation request when determining that the business operation request has horizontal override;
and recording the service operation request and outputting error prompt information or alarm information.
7. A horizontal override detection device, applied to a server, the device comprising:
the receiving module is used for acquiring account information of a user in a service operation request when the service operation request initiated by the user at a client is received; wherein, part of fields in the account information are hidden by the client according to a preset hiding mode;
the acquisition module is used for acquiring the account verification information of the user, which is stored in advance in a cache device preset by the server; wherein, part of fields in the account verification information are hidden by the server according to the preset hiding mode;
and the detection module is used for determining whether the business operation request has horizontal override according to the account information and the account verification information.
8. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the horizontal override detection method of any one of claims 1-6.
9. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to implement the horizontal override detection method of any one of claims 1-6.
10. A computer program product comprising a computer program which, when executed by a processor, implements the horizontal override detection method according to any one of claims 1-6.
CN202311660492.2A 2023-12-05 2023-12-05 Horizontal override detection method, device and equipment Pending CN117596062A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311660492.2A CN117596062A (en) 2023-12-05 2023-12-05 Horizontal override detection method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311660492.2A CN117596062A (en) 2023-12-05 2023-12-05 Horizontal override detection method, device and equipment

Publications (1)

Publication Number Publication Date
CN117596062A true CN117596062A (en) 2024-02-23

Family

ID=89911366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311660492.2A Pending CN117596062A (en) 2023-12-05 2023-12-05 Horizontal override detection method, device and equipment

Country Status (1)

Country Link
CN (1) CN117596062A (en)

Similar Documents

Publication Publication Date Title
CN109690547B (en) System and method for detecting online fraud
US10891689B2 (en) Consent management service system
CN112333198B (en) Secure cross-domain login method, system and server
US8869255B2 (en) Method and system for abstracted and randomized one-time use passwords for transactional authentication
US9350739B2 (en) Recovery from rolling security token loss
US8745151B2 (en) Web page protection against phishing
US20170351852A1 (en) Identity authentication method, server, and storage medium
CN108683667B (en) Account protection method, device, system and storage medium
US11048818B1 (en) Systems and methods for a virtual fraud sandbox
US20100169151A1 (en) Alarming system and method for protecting malicious access to bank accounts
US20170161746A1 (en) Compromised Identity Exchange Systems and Methods
US8452965B1 (en) Self-identification of tokens
CN112150113A (en) Method, device and system for borrowing file data and method for borrowing data
CN112967056A (en) Access information processing method and device, electronic equipment and medium
CN117375986A (en) Application access method, device and server
CN117216798A (en) Access method, device, equipment and storage medium
EP4024757A1 (en) Virtual credential authentication based on browsing context
CN117596062A (en) Horizontal override detection method, device and equipment
CN114625756A (en) Data query method and device and server
CN112528330B (en) Log scanning method, device and equipment
CN112100653B (en) Front-end sensitive information processing method and system
CA3024451C (en) Enhanced security for transaction requests utilizing automatic source identification
CN117560181A (en) Method, device and equipment for processing verification and cancellation information
CN116756774A (en) Secure storage control method and device for user data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination