CN117852005B - Safety verification method and system between graph database and client - Google Patents
Safety verification method and system between graph database and client Download PDFInfo
- Publication number
- CN117852005B CN117852005B CN202410264379.0A CN202410264379A CN117852005B CN 117852005 B CN117852005 B CN 117852005B CN 202410264379 A CN202410264379 A CN 202410264379A CN 117852005 B CN117852005 B CN 117852005B
- Authority
- CN
- China
- Prior art keywords
- user
- client
- graph
- white list
- responding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000004044 response Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 10
- 238000012423 maintenance Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9024—Graphs; Linked lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of graph databases, solves the security problem of scanning data directly docked with a storage service in a graph database system in the prior art, and discloses a security check method and a system between a graph database and a client, wherein the method comprises the following steps: establishing connection with a server and performing handshake key verification, wherein the server is configured with a storage service and a query service; requesting the inquiry service to perform user identity authentication; responding to the passing of user identity authentication, acquiring authority information from the inquiry service and storing the authority information into a white list; and carrying out data scanning according to the access requirement and the white list request storage service, carrying out handshake check by adding an interface of a handshake key at the client, and carrying out identity authority check at the client access inquiry service, thereby ensuring the safety and reliability of data access through the graph database storage service.
Description
Technical Field
The application relates to the technical field of graph databases, in particular to a safety verification method and a safety verification system between a graph database and a client.
Background
For the database, business information inside the enterprise and even personal information of a large number of users are stored, so the requirement on data security is extremely high. In order to ensure the security of data, policies of identity authentication, role authority and encrypted transmission are generally adopted in the industry. Identity authentication is a security mechanism of a database system for verifying and authorizing a user's rights to access a database, which ensures that only properly authenticated users can access information in the database. The authentication system will typically require the user to provide a user name and password, after which the system will compare this information with information stored in a database and grant the user a certain access right if there is a match. The identity authentication system of the database plays an important role in protecting sensitive information, preventing unauthorized access and data leakage.
The graph database system NebulaGraph includes a graph query service, a metadata service, and a graph storage service, and provides capabilities including queries and data scans, all query requests being sent to the graph query service, and data scan requests being sent to the graph storage service. However, in the present authentication system for user identity authentication for the graph database system NebulaGraph, the graph storage service is not provided with the function of identity authentication only in the graph query service. For the function of data scanning, no identity authentication exists, and any user can read and process the data in the graph database through the client side by utilizing the scanning function, so that the method has great safety hazard.
Disclosure of Invention
The application aims to solve the security problem of scanning data directly interfacing with a storage service in a graph database system in the prior art, and provides a security check method and a security check system between a graph database and a client.
In a first aspect, a method for security verification between a graph database and a client is provided, including:
establishing connection with a server and performing handshake key verification, wherein the server is configured with a storage service and a query service;
Requesting the inquiry service to perform user identity authentication;
Responding to the passing of user identity authentication, acquiring authority information from the inquiry service and storing the authority information into a white list;
And carrying out data scanning according to the access requirement and the white list request storage service.
Further, performing handshake key verification includes:
Configuring a handshake key of a client;
Judging whether the handshake key is in a handshake key list of a server side or not;
responding to the judgment result, and if the judgment result is yes, checking the handshake key;
And responding to the judgment result of no, and failing to verify the handshake key.
Further, the request inquiry service performs user identity authentication, including:
transmitting the user name and the password to a query service, so that the query service performs consistency verification on the user name and the password;
responding to the fact that the user name is consistent with the password, passing user identity authentication, and receiving an ID of a session connected with the query service, wherein the ID is used for requesting data with the query service;
And if the user name is inconsistent with the password, the user identity authentication fails.
Further, the permission information comprises roles and access permissions of the roles to graph spaces and point-to-point types in the graph spaces in the graph data.
Further, the Map data structure is adopted in the white list to store authority information, wherein keys of the white list represent a graph space, and corresponding values of the keys in the white list represent a point type and an edge type set of the user with access authority in the graph space.
Further, obtaining rights information from the query service and saving the rights information to the white list includes:
Acquiring roles from the query service through query sentences;
judging whether the role of the user is GOD user;
in response to the user being a GOD user, the user has readable rights to all graph spaces, and the white list is set to be empty;
responding to the situation that the user is not a GOD user, judging whether the role of the user is an Admin user or a DBA user of the designated graph space;
Responding to the user being an Admin user or a DBA user, wherein the user has the readable authority of all points and edges under the corresponding graph space, storing the corresponding graph space in a white list, and setting a point edge list under the corresponding graph space to be empty;
Responding to whether the user is an Admin user or a DBA user, and judging whether the role of the user is a BASIC user of the designated graph space;
And responding to the condition that the user is a BASIC user for designating the graph space, acquiring a set of points and edges with readable rights in the corresponding graph space through a query command, storing the corresponding graph space in a white list, and storing the set of points and edges in a point edge list under the corresponding graph space.
Further, the data scanning according to the access requirement and the white list request storage service comprises:
Judging whether the white list is empty or not;
Responding to the fact that the white list is empty, and enabling the permission verification to pass, so that data scanning can be performed;
Judging whether the graph space to be accessed in the access requirement is in the white list or not in response to the white list being non-empty;
Responding to that the graph space to be accessed is not in the white list, and failing to pass the permission verification, so that data scanning cannot be performed;
Responding to the graph space to be accessed in the white list, and judging whether a point edge list of the graph space to be accessed in the white list is empty or not;
responding to the fact that the point edge list is empty, and enabling the permission verification to pass, so that data scanning can be performed;
If the point edge list is non-empty, judging whether points and edges to be accessed in the access requirement are in the point edge list of the white list;
Responding to the point and the edge to be accessed in the point edge list of the white list, and performing data scanning if the authority verification passes;
and responding to that the point and the edge to be accessed are not in the point edge list of the white list, the permission verification is not passed, and the data scanning cannot be performed.
In a second aspect, a security verification system between a graph database and a client is provided, including:
a client for performing the steps of the method as described in any of the implementations of the first aspect;
the server is configured with a storage service and a query service;
The storage service is used for carrying out handshake key verification on the client and carrying out data scanning according to the data scanning request of the client;
And the query service is used for carrying out user identity authentication on the client and returning authority information of the user according to the user identity authentication result.
In a third aspect, there is provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the method of the first aspect described above.
In a fourth aspect, a computer readable storage medium is provided, the computer readable medium storing program code for execution by a device, the program code comprising steps for performing the method as in any one of the implementations of the first aspect.
The application has the following beneficial effects: the application adds the interface of the handshake key to the client to carry out handshake verification and accesses the inquiry service to carry out identity authority verification on the client, thereby ensuring the safety and reliability of data access through the image database storage service, and reducing the functional redundancy of the server of the image database on the basis of keeping the existing capability of the image database inquiry service and the storage service by utilizing the existing user identity authority verification system based on the image database of the inquiry service.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application.
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a security verification method between the database of FIG. 1 and a client according to an embodiment of the present application;
FIG. 2 is a flow chart of creating a white list in the security check method between the database and the client in embodiment 1 of the present application;
FIG. 3 is a flowchart of user rights verification in the security verification method between the database and the client in accordance with embodiment 1 of the present application;
Fig. 4 is a block diagram of the security check system between the database of fig. 2 and the client according to embodiment 2 of the present application.
Reference numerals:
100. A client; 200. a server; 201. a storage service; 202. and querying the service.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
The security verification method between the graph database and the client according to the embodiment 1 of the application comprises the following steps: establishing connection with a server 200 and performing handshake key verification, wherein the server 200 is configured with a storage service 201 and a query service 202; requesting the query service 202 to perform user identity authentication; in response to the user identity authentication passing, acquiring rights information from the query service 202 and saving the rights information to the whitelist; according to the access requirement and the white list request storage service 201, the method ensures the safety and reliability of data access through the graph database storage service 201 by adding a handshake check at an interface of a handshake key at the client 100 and checking the identity authority at the client 100 to access the query service 202, and reduces the functional redundancy of the server 200 of the graph database on the basis of maintaining the existing capabilities of the graph database query service 202 and the storage service 201 by using the existing user identity authority checking system based on the graph database of the query service 202 and adopting the same user identity authentication to reduce the maintenance cost of functional consistency.
Specifically, the storage service 201 is responsible for providing data scanning capabilities, and the client 100 may directly access the storage service 201 to obtain data specifying a graph space without going through the query service 202. The query service 202 is responsible for providing query capability and authentication capability, and when a user performs user login and data query, the query service 202 needs to be accessed, and the method for performing data security verification between the client 100 and the storage service 201 without authentication capability is provided in this embodiment, so that in this embodiment, the storage service 201 is responsible for verification of handshake keys, and the query service 202 is responsible for verification of user identity authority, fig. 1 is a flowchart illustrating a method for applying security verification between a graph database and a client in embodiment 1, and includes:
s100, establishing connection with a server 200 and performing handshake key verification, wherein the server 200 is configured with a storage service 201 and a query service 202;
Specifically, first, the client 100 establishes a TCP connection with the server 200, and the server 200 allows configuring a list of handshake keys (i.e., keys), and at the same time, the client 100 also allows the user to configure the handshake keys of the client 100, so long as the handshake keys of the client 100 pass the handshake verification in the handshake key list of the server 200.
S200, requesting the query service 202 to perform user identity authentication;
specifically, for the data scanning function, the client 100 only needs to establish a connection with the storage service 201, but the visitor identity needs to be authenticated for data security.
Before the user performs the data scanning function, a user name and a password need to be set for the client 100, the client 100 is firstly connected with the query service 202 according to user configuration and requests for identity information authentication, the query service 202 obtains the user name and the password transmitted by the client 100 to be hashed and compared with the user name and the password stored by the system, when the user name and the password are consistent, the user identity authentication request passes, the client 100 can obtain an ID of a Session (Session) connected with the query service 202, and a safe data request can be performed through the ID.
S300, acquiring authority information from the query service 202 and storing the authority information to a white list in response to the user identity authentication, wherein the authority information comprises roles and access authorities of the roles to graph spaces and point-to-edge types in the graph spaces in graph data;
Specifically, after user identity authentication is performed, the client 100 requests authority information of the current user by using a connection session with the query service 202, and obtains an identity role of the current user and an access authority of the role to a graph space and a point-to-edge type in the graph space in the graph database.
It should be noted that, the user roles supported by the graph database include a GOD user, an Admin user, a DBA user, a BASIC user, etc., where the GOD user is the user role with the highest authority, and has the authority to all operations of all graph spaces, similar to the root user in Linux; the Admin user and the DBA user have read authorities to all point edges in the graph space in the authorities; the BASIC user has read rights to points and edges in the graph space within the rights that have been granted rights.
In this embodiment, according to the user role authority setting on the graph database, the client 100 uses a Map data structure to store a white List of the user's access authority to the graph space and the dot edges, where the keys of the white List represent the graph space, the corresponding values of the keys in the white List represent the dot types and edge type sets of the user having the access authority to the graph space, for example, < test, list [ person, layer, and figure ] represent that the user has a readable authority to the person category, the layer category, and the figure category in the graph space of test.
Map data structure: map < String >, list < String > > WRITELIST = NEW HASHMAP < String >, list < String > >.
The client 100 first looks up the role of the current user name through a query statement, which is exemplary: "DESC user $user_name".
As shown in fig. 2, the flow of building the whitelist is as follows:
S301, judging whether the current user is a GOD user according to the result of the query statement, namely, whether role in the query result is GOD, if so, the user has readable rights to all graph spaces, and the white list maintained by the client 100 is null, namely WRITELIST =null.
S302, judging whether the current user is an Admin or DBA user of some space according to the result of the query statement, namely whether role in the query result is Admin or DBA, if so, the role has the readable authority of all points and edges under the corresponding graph space, and the white list maintained by the client 100 is as follows: space- > null. null indicates that the user has readable rights to all points and edges under the space. Namely: writelist.put ("sf 10", null);
s3033, judging whether the current user is a BASIC user of some space according to the result of the query statement, namely, whether the role value in the query result is BASIC, if so, further checking which points and edges under the corresponding graph space the role has the readable authority. The point and edge that the user has readable rights to view by command "SHOW GRANTS $ user_name". The white List information stored in the client 100 is space- > List [ Labels ], and since the same name of the point class and the edge class is not allowed in the same map space, one List is used to store the point and edge class information. I.e., writelist.put ("basketballplayer", list ("layer")).
S400, data scanning is carried out according to the access requirement and the white list request storage service 201, namely, before data scanning is carried out, user permission checking is carried out according to the access requirement (namely, information such as a picture space to be accessed by a user and point edges under the picture space) and the white list, and then a data scanning function is carried out according to a user permission checking result.
As shown in fig. 3, the flow of user rights verification is as follows:
when the client 100 performs the data scanning function according to the access requirement, the graph space and the authority verification of the point-to-side class under the graph space are performed according to the data access authority white list which is already constructed by the client 100.
When the white list is empty, the current user is a GOD user, the permission passes, and data scanning can be performed according to the access requirement.
When the white list is not empty, firstly judging whether the picture space to be accessed in the access requirement is in the white list, and if so, acquiring point-side list information corresponding to the picture space. If the point edge list in the white list is null, the user has access rights to all point edges in the graph space, and data scanning can be performed according to access requirements; if the point edge list is not null, judging whether the point edge to be accessed in the access requirement is in the point edge list of the white list, and if so, carrying out data scanning according to the access requirement by the user with the access authority of the point edge type. In addition, the operation is terminated, and error reporting information without access rights is given.
In this embodiment, the security and reliability of data access by the graph database storage service 201 are ensured by adding a handshake key interface to the client 100to perform handshake verification and adding an optional user identity authentication function to the client 100to perform identity authority verification, and by using the existing user identity authority verification system based on the graph database of the query service 202, on the basis of keeping the existing capabilities of the graph database query service 202 and the storage service 201, the functional redundancy of the server 200 of the graph database is reduced, the maintenance cost of functional consistency is reduced by adopting the same user identity authentication, and in addition, by adding an optional user identity authentication function to the client 100, the user can freely set whether identity authority authentication is required, so that the authentication function of the system has enough flexibility.
Example 2
As shown in fig. 4, a security verification system between a graph database and a client according to embodiment 2 of the present application includes:
a client 100 for performing the steps of the method as described in any one of the embodiments 1;
a server 200, where the server 200 is configured with a storage service 201 and a query service 202;
A storage service 201, configured to perform handshake key verification on the client 100 and perform data scanning according to a data scanning request of the client 100;
The query service 202 is configured to perform user identity authentication on the client 100, and return authority information of the user according to the user identity authentication result.
It should be noted that, in the embodiment of the present invention, other specific embodiments of the security check system between the graph database and the client may refer to specific embodiments of the security check method between the graph database and the client, and in order to avoid redundancy, the description is omitted here.
Example 3
A computer program product according to embodiment 3 of the present application is a computer program product for storing a computer program, which when run on a computer implements the method according to any one of the implementations of embodiment 1 of the present application.
Example 4
A computer-readable storage medium according to embodiment 4 of the present application stores program code for execution by a device, the program code including steps for performing the method as in any one of the implementations of embodiment 1 of the present application;
Wherein the computer readable storage medium may be a Read Only Memory (ROM), a static storage device, a dynamic storage device, or a random access memory (random access memory, RAM); the computer readable storage medium may store a program code which, when executed by a processor, is adapted to perform the steps of the method as in any one of the implementations of embodiment 1 of the application.
The above is only a preferred embodiment of the present application; the scope of the application is not limited in this respect. Any person skilled in the art, within the technical scope of the present disclosure, may apply to the present application, and the technical solution and the improvement thereof are all covered by the protection scope of the present application.
Claims (9)
1. A method for security verification between a graph database and a client, comprising:
establishing connection with a server and performing handshake key verification, wherein the server is configured with a storage service and a query service;
Requesting the inquiry service to perform user identity authentication;
Responding to the passing of user identity authentication, acquiring authority information from the inquiry service and storing the authority information into a white list;
performing data scanning according to the access requirement and the white list request storage service;
The method for acquiring the authority information from the query service and storing the authority information to the white list comprises the following steps:
Acquiring roles from the query service through query sentences;
judging whether the role of the user is GOD user;
in response to the user being a GOD user, the user has readable rights to all graph spaces, and the white list is set to be empty;
responding to the situation that the user is not a GOD user, judging whether the role of the user is an Admin user or a DBA user of the designated graph space;
Responding to the user being an Admin user or a DBA user, wherein the user has the readable authority of all points and edges under the corresponding graph space, storing the corresponding graph space in a white list, and setting a point edge list under the corresponding graph space to be empty;
Responding to whether the user is an Admin user or a DBA user, and judging whether the role of the user is a BASIC user of the designated graph space;
And responding to the condition that the user is a BASIC user for designating the graph space, acquiring a set of points and edges with readable rights in the corresponding graph space through a query command, storing the corresponding graph space in a white list, and storing the set of points and edges in a point edge list under the corresponding graph space.
2. The method for security verification between a graph database and a client according to claim 1, wherein performing handshake key verification comprises:
Configuring a handshake key of a client;
Judging whether the handshake key is in a handshake key list of a server side or not;
responding to the judgment result, and if the judgment result is yes, checking the handshake key;
And responding to the judgment result of no, and failing to verify the handshake key.
3. The method for security verification between a graph database and a client according to claim 1, wherein requesting the query service for user identity authentication comprises:
transmitting the user name and the password to a query service, so that the query service performs consistency verification on the user name and the password;
responding to the fact that the user name is consistent with the password, passing user identity authentication, and receiving an ID of a session connected with the query service, wherein the ID is used for requesting data with the query service;
And if the user name is inconsistent with the password, the user identity authentication fails.
4. The method for securely checking between a graph database and a client according to claim 1, wherein the rights information includes roles and access rights of the roles to graph space and point-to-point type in the graph space in the graph data.
5. The method for checking security between a graph database and a client according to claim 4, wherein a Map data structure is used in the whitelist to store authority information, wherein keys in the whitelist represent a graph space, and corresponding values of keys in the whitelist represent a set of point types and edge types of which a user has access authority.
6. The method of claim 1, wherein the data scanning according to the access requirements and the whitelist request storage service comprises:
Judging whether the white list is empty or not;
Responding to the fact that the white list is empty, and enabling the permission verification to pass, so that data scanning can be performed;
Judging whether the graph space to be accessed in the access requirement is in the white list or not in response to the white list being non-empty;
Responding to that the graph space to be accessed is not in the white list, and failing to pass the permission verification, so that data scanning cannot be performed;
Responding to the graph space to be accessed in the white list, and judging whether a point edge list of the graph space to be accessed in the white list is empty or not;
responding to the fact that the point edge list is empty, and enabling the permission verification to pass, so that data scanning can be performed;
If the point edge list is non-empty, judging whether points and edges to be accessed in the access requirement are in the point edge list of the white list;
Responding to the point and the edge to be accessed in the point edge list of the white list, and performing data scanning if the authority verification passes;
and responding to that the point and the edge to be accessed are not in the point edge list of the white list, the permission verification is not passed, and the data scanning cannot be performed.
7. A security verification system between a graph database and a client, comprising:
A client for performing the steps of the method according to any of claims 1-6;
the server is configured with a storage service and a query service;
The storage service is used for carrying out handshake key verification on the client and carrying out data scanning according to the data scanning request of the client;
And the query service is used for carrying out user identity authentication on the client and returning authority information of the user according to the user identity authentication result.
8. A computer program product having stored therein computer instructions which, when executed by a processor, implement the method of any of claims 1-6.
9. A computer readable storage medium storing program code for execution by a device, the program code comprising steps for performing the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410264379.0A CN117852005B (en) | 2024-03-08 | 2024-03-08 | Safety verification method and system between graph database and client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410264379.0A CN117852005B (en) | 2024-03-08 | 2024-03-08 | Safety verification method and system between graph database and client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117852005A CN117852005A (en) | 2024-04-09 |
| CN117852005B true CN117852005B (en) | 2024-05-14 |
Family
ID=90536594
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410264379.0A Active CN117852005B (en) | 2024-03-08 | 2024-03-08 | Safety verification method and system between graph database and client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117852005B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018077169A1 (en) * | 2016-10-31 | 2018-05-03 | 中兴通讯股份有限公司 | Image repository authorization, access and management method, server, and client |
| CN111935094A (en) * | 2020-07-14 | 2020-11-13 | 北京金山云网络技术有限公司 | Database access method, device, system and computer readable storage medium |
| CN112800287A (en) * | 2021-04-15 | 2021-05-14 | 杭州欧若数网科技有限公司 | Full-text indexing method and system based on graph database |
| CN113127848A (en) * | 2019-12-31 | 2021-07-16 | 华为技术有限公司 | Storage method of permission system data and related equipment |
| CN114443908A (en) * | 2022-01-07 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Graph database construction method, system, terminal and storage medium |
| CN114826661A (en) * | 2022-03-18 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data access method, device and medium based on open API |
| CN115150105A (en) * | 2022-09-01 | 2022-10-04 | 杭州悦数科技有限公司 | Identity authentication method and system in distributed graph database |
| CN117195185A (en) * | 2023-10-09 | 2023-12-08 | 浙江创邻科技有限公司 | User authority management method for graph database, electronic equipment and medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US12069056B2 (en) * | 2021-12-29 | 2024-08-20 | Brex Inc. | Authorization and access control system for access rights using relationship graphs |
-
2024
- 2024-03-08 CN CN202410264379.0A patent/CN117852005B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018077169A1 (en) * | 2016-10-31 | 2018-05-03 | 中兴通讯股份有限公司 | Image repository authorization, access and management method, server, and client |
| CN113127848A (en) * | 2019-12-31 | 2021-07-16 | 华为技术有限公司 | Storage method of permission system data and related equipment |
| CN111935094A (en) * | 2020-07-14 | 2020-11-13 | 北京金山云网络技术有限公司 | Database access method, device, system and computer readable storage medium |
| CN112800287A (en) * | 2021-04-15 | 2021-05-14 | 杭州欧若数网科技有限公司 | Full-text indexing method and system based on graph database |
| CN114443908A (en) * | 2022-01-07 | 2022-05-06 | 苏州浪潮智能科技有限公司 | Graph database construction method, system, terminal and storage medium |
| CN114826661A (en) * | 2022-03-18 | 2022-07-29 | 浪潮卓数大数据产业发展有限公司 | Data access method, device and medium based on open API |
| CN115150105A (en) * | 2022-09-01 | 2022-10-04 | 杭州悦数科技有限公司 | Identity authentication method and system in distributed graph database |
| CN117195185A (en) * | 2023-10-09 | 2023-12-08 | 浙江创邻科技有限公司 | User authority management method for graph database, electronic equipment and medium |
Non-Patent Citations (2)
| Title |
|---|
| Authentication Protocol for Cloud Databases Using Blockchain Mechanism;Gaurav Deep等;Sensors 2019;20191014;全文 * |
| 面向CryptDB的用户身份验证方案;薛金红;田秀霞;宋谦;田福粮;;上海电力大学学报;20200415(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117852005A (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10681028B2 (en) | Controlling access to resources on a network | |
| CN111783075B (en) | Authority management method, device and medium based on secret key and electronic equipment | |
| CN104683336B (en) | A kind of Android private data guard method and system based on security domain | |
| JP3415456B2 (en) | Network system, command use authority control method, and storage medium storing control program | |
| US8510818B2 (en) | Selective cross-realm authentication | |
| US7353282B2 (en) | Methods and systems for sharing a network resource with a user without current access | |
| US7827598B2 (en) | Grouped access control list actions | |
| US9769266B2 (en) | Controlling access to resources on a network | |
| KR100389160B1 (en) | Method and apparatus to permit automated server determination for foreign system login | |
| US20050177724A1 (en) | Authentication system and method | |
| US6327658B1 (en) | Distributed object system and service supply method therein | |
| US8650615B2 (en) | Cross domain delegation by a storage virtualization system | |
| US20150188911A1 (en) | System and method for biometric protocol standards | |
| US20100138908A1 (en) | Access Control Method And Apparatus | |
| US10650153B2 (en) | Electronic document access validation | |
| US20160352744A1 (en) | Authorization in a distributed system using access control lists and groups | |
| JPH08314863A (en) | Security system in computer network | |
| CN114422197A (en) | Permission access control method and system based on policy management | |
| US20080289021A1 (en) | Software application access method and system | |
| CN112560006B (en) | Single sign-on method and system under multi-application system | |
| US7072969B2 (en) | Information processing system | |
| CN117852005B (en) | Safety verification method and system between graph database and client | |
| US11870781B1 (en) | Enterprise access management system for external service providers | |
| US20220255970A1 (en) | Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices | |
| KR102408346B1 (en) | Service providing system and method for access control to data stored in database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |