CN118282705A - Safety protection method and device for service scheduling intensive platform - Google Patents

Safety protection method and device for service scheduling intensive platform Download PDF

Info

Publication number
CN118282705A
CN118282705A CN202410180438.6A CN202410180438A CN118282705A CN 118282705 A CN118282705 A CN 118282705A CN 202410180438 A CN202410180438 A CN 202410180438A CN 118282705 A CN118282705 A CN 118282705A
Authority
CN
China
Prior art keywords
target
data
information
preset
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410180438.6A
Other languages
Chinese (zh)
Inventor
朱大智
王岩
隋海滨
许家伟
郭舒扬
吉俊霖
连晓斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Communication Branch of Hainan Power Grid Co Ltd
Original Assignee
Information Communication Branch of Hainan Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Communication Branch of Hainan Power Grid Co Ltd filed Critical Information Communication Branch of Hainan Power Grid Co Ltd
Priority to CN202410180438.6A priority Critical patent/CN118282705A/en
Publication of CN118282705A publication Critical patent/CN118282705A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The application discloses a safety protection method and device of a service scheduling intensive platform, a storage medium and computer equipment, wherein the method comprises the following steps: responding to a login request of a service scheduling intensive platform from a target client to acquire information to be verified of a target user; verifying the first information, calling a target verification interface after the first information is successfully verified, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user authority list stored in the preset database; and after receiving the valid bill returned by the target verification interface, creating a session for the target user so as to receive the operation data of the target user through the session. The method and the device can prevent malicious attackers from bypassing login authentication to perform illegal operation and obtain login rights in a mode of illegally tampering the user rights list, so that the operation safety of the service scheduling intensive platform can be effectively improved.

Description

Safety protection method and device for service scheduling intensive platform
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and apparatus for protecting security of a service scheduling intensive platform, a storage medium, and a computer device.
Background
With the rapid development of the power industry, the power grid business also becomes more and more complex and diversified. In order to facilitate the management of the power grid service, a power grid service platform is generated.
The safety of the power grid service platform is particularly important because various power grid service data are stored on the power grid service platform. In the prior art, when a user logs in a power grid service platform, the platform usually only verifies whether a user name and a password input by the user are correct, and the login mode greatly reduces the login security and is easy to attack by illegal molecules.
Disclosure of Invention
In view of this, the application provides a security protection method and device, a storage medium and a computer device for a service dispatching intensive platform, which can prevent malicious attackers from bypassing login authentication to perform illegal operation and obtain login rights in a mode of illegally tampering a user rights list, so that the operation security of the service dispatching intensive platform can be effectively improved.
According to one aspect of the present application, there is provided a security protection method for a service dispatch intensive platform, including:
Responding to a login request from a service dispatching intensive platform of a target client to obtain information to be verified of a target user, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service dispatching intensive platform, and the second information comprises personal information of the target user;
Verifying the first information, and after the first information is successfully verified, calling a target verification interface, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database manager of the preset database;
And after receiving the valid bill returned by the target verification interface, creating a session for the target user so as to receive the operation data of the target user through the session.
According to another aspect of the present application, there is provided a safety protection device of a service dispatch intensive platform, including:
The information acquisition module is used for responding to a login request of a service dispatching intensive platform from a target client to acquire information to be verified of a target user, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service dispatching intensive platform, and the second information comprises personal information of the target user;
The information verification module is used for verifying the first information, calling a target verification interface after the first information is successfully verified, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database administrator of the preset database;
And the session creation module is used for creating a session for the target user after receiving the valid bill returned by the target verification interface so as to receive the operation data of the target user through the session.
According to still another aspect of the present application, there is provided a storage medium having stored thereon a computer program which, when executed by a processor, implements the security protection method of the service dispatch intensive platform described above.
According to still another aspect of the present application, there is provided a computer device including a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor implements the security protection method of the service scheduling intensive platform when executing the program.
By means of the technical scheme, the safety protection method and device for the service scheduling intensive platform, the storage medium and the computer equipment provided by the application are used for verifying whether a user logging in the service scheduling intensive platform is a machine illegally logged in or not through the first information of the target user, and verifying whether the user logging in the service scheduling intensive platform has login permission or not through the second information of the target user. Therefore, the target user can be fully verified before the target user successfully logs in the service dispatching intensive platform, so that illegal users can be prevented from successfully logging in the service dispatching intensive platform. In addition, the user authority list is stored in a preset database which only has update authority by a database manager, and is strictly managed, so that illegal users can be prevented from maliciously tampering with the user authority list. Compared with the platform login method in the prior art, the method and the device can avoid malicious attackers from bypassing login authentication to perform illegal operation and obtain login rights in a way of illegally tampering with the user rights list, so that the operation safety of the service scheduling intensive platform can be effectively improved.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 shows a flow diagram of a security protection method of a service scheduling intensive platform according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a security protection method of another service scheduling intensive platform according to an embodiment of the present application;
Fig. 3 is a schematic structural diagram of a security protection device of a service scheduling intensive platform according to an embodiment of the present application;
fig. 4 shows a schematic device structure of a computer device according to an embodiment of the present application.
Detailed Description
The application will be described in detail hereinafter with reference to the drawings in conjunction with embodiments. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other.
In this embodiment, a method for protecting security of a service scheduling intensive platform is provided, as shown in fig. 1, where the method includes:
Step 101, responding to a login request from a service dispatching intensification platform of a target client to obtain information to be verified of a target user, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service dispatching intensification platform, and the second information comprises personal information of the target user;
The safety protection method for the service dispatching intensification platform provided by the embodiment of the application can be operated on the service dispatching intensification platform, and can improve the operation safety of the service dispatching intensification platform. The service scheduling intensive platform in the embodiment of the application can be a power grid service platform, on which each power grid service module can be integrated, various power grid service data can be stored, and a user can log in the platform to realize the related operation of various power grid services. When the target user wants to log in the service dispatching intensive platform, the target user can log in through the client. Specifically, the target user may send a login request through the target client, after the service scheduling intensive platform receives the login request, the service scheduling intensive platform may respond to the login request, and then may directly obtain information to be verified of the target user, where the information to be verified of the target user may include two parts, that is, first information and second information, respectively. The first information may be information determined according to a preset verification rule of the service scheduling intensive platform. For example, the preset verification rule may be that the verification code is randomly generated according to the mobile phone number of the target user, where the first information may be the verification code received by the mobile phone of the target user. It should be noted that the mobile phone number of the target user may be input when the target user logs in the service dispatching intensive platform; the method can also be prestored on the service dispatching intensification platform, and when the target user logs in, the target user is identified from the service dispatching intensification platform according to the login account information of the target user. The preset verification rule may also be that verification letters, verification numbers, etc. are randomly generated according to a preset algorithm, and at this time, the first information may be letters, numbers, etc. input by the target user. The second information may be personal information of the target user, and the personal information may include unique identification information of the target user, such as an identification card number, a mobile phone number, an employee number, and the like, and may further include image information such as a screenshot of an avatar when the target user logs in. When the second information includes the head portrait screenshot of the target user when logging in, the service scheduling intensification platform can call a camera of the target client when responding to the logging in request, and shoot the head portrait of the target user through the camera, and then take the unique identification of the target user and the head portrait screenshot together as the second information of the target user.
Step 102, verifying the first information, and when the first information is successfully verified, calling a target verification interface, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database manager of the preset database;
In this embodiment, after the first information and the second information are acquired, the first information and the second information may be verified, respectively. Firstly, the service dispatching intensification platform can directly verify the first information of the target user, and if the first information passes the verification, the service dispatching intensification platform can call a target verification interface at the moment, and access a preset database through the target verification interface. The preset database may store a user authority list in advance, and the user authority list may include user information of users having access authority of the service dispatch intensive platform, and specifically may include unique identifiers of the users. In this way, it is possible to determine whether the second information of the target user can pass the authentication by presetting the user authority list stored in the database. It should be noted that only the database administrator has the authority to update the user authority list in the preset database, and the other users have no corresponding authority.
And step 103, after receiving the valid bill returned by the target verification interface, creating a session for the target user so as to receive the operation data of the target user through the session.
In this embodiment, if the service dispatch intensive platform receives the valid ticket returned by the target verification interface, it indicates that the second information of the target user passes the verification, and a session can be created for the target user at this time, so that all subsequent operation data of the target user can be ensured to be performed in the valid session. Here, the valid ticket may be a related ticket indicating that the second information of the target user is authenticated.
By applying the technical scheme of the embodiment, whether the user logged in the service dispatching enhancement platform is illegally logged in by the machine is verified through the first information of the target user, and whether the user logged in the service dispatching enhancement platform has login permission is verified through the second information of the target user. Therefore, the target user can be fully verified before the target user successfully logs in the service dispatching intensive platform, so that illegal users can be prevented from successfully logging in the service dispatching intensive platform. In addition, the user authority list is stored in a preset database which only has update authority by a database manager, and is strictly managed, so that illegal users can be prevented from maliciously tampering with the user authority list. Compared with the platform login method in the prior art, the method and the device can avoid malicious attackers from bypassing login authentication to perform illegal operation and obtain login rights in a way of illegally tampering with the user rights list, so that the operation safety of the service scheduling intensive platform can be effectively improved.
Further, as a refinement and extension of the foregoing embodiment, in order to fully describe a specific implementation process of the embodiment, another method for protecting security of a service scheduling intensification platform is provided, as shown in fig. 2, where the method includes:
step 201, obtaining information to be verified of a target user in response to a login request from a service scheduling intensive platform of the target client, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service scheduling intensive platform, and the second information comprises personal information of the target user;
Step 202, verifying the first information, and when the first information is verified successfully, calling a target verification interface, accessing a preset database through the target verification interface, so as to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database manager of the preset database;
Step 203, counting the total number of current sessions after receiving the valid ticket returned by the target verification interface, comparing the total number of current sessions with a preset session number threshold, and creating sessions for the target user when the total number of current sessions is smaller than or equal to the preset session number threshold.
In this embodiment, if the service dispatch intensive platform receives a valid ticket returned by the target verification interface, the service dispatch intensive platform may count the number of sessions that have been created by itself currently at this time to obtain the current total number of sessions. Thereafter, the current session total number may be compared to a preset session number threshold. Here, the preset session number threshold may be the number of sessions that can be accepted by the service scheduling intensification platform and can be stably operated. After the comparison, if the current session total number of the service dispatch intensive platform is less than or equal to the preset session number threshold, a session may be created for the target user. Otherwise, a session is not created for the target user, and the corresponding target client of the target user returns a prompt word such as 'current service number reaches the maximum value, please try again later', and the like to prompt the target user. The embodiment of the application can effectively avoid the occurrence of service breakdown and the like of the service scheduling intensive platform by setting the preset session number threshold, and is beneficial to providing a stable platform operation environment for users.
In an embodiment of the present application, optionally, after step 203, the method further includes: monitoring the time when the session does not receive the operation data, and cutting off the session when the time when the session does not receive the operation data exceeds a preset time threshold.
In this embodiment, after the session is created for the target user, the operation behavior of the target user may also be monitored at all times, if the monitored time when the session is not receiving data exceeds the preset time threshold, which indicates that the target user has not interacted with the service dispatch intensive platform for a long time, the target user is likely to have finished operating, or for other reasons, the operation is not needed to be continued temporarily, and then the session may be cut off directly. According to the embodiment of the application, the time of not receiving the data of each session is monitored in real time, when the time of not receiving the data of the session exceeds the preset time threshold, the session is automatically cut off, so that an illegal user can be effectively prevented from attacking the session and illegally stealing the data, and on the premise of a certain total acceptable session number, other users needing to log in a service dispatching intensive platform to operate can be ensured to log in successfully as soon as possible.
In an embodiment of the present application, optionally, after step 203, the method further includes: responding to a data downloading request from a target client, and determining a preset feasible downloading path of target downloading data corresponding to the data downloading request; identifying a request generation path corresponding to the data downloading request, and judging whether the request generation path belongs to the preset feasible downloading path or not; and when the request generation path belongs to the preset feasible downloading path, releasing the data downloading request.
In this embodiment, after the target user successfully logs into the service dispatch intensive platform, the data may also be downloaded from the service dispatch intensive platform. Specifically, the target user may generate a data download request through the target client, and send the data download request to the service dispatch intensive platform. After the service scheduling intensive platform receives the data downloading request, target downloading data corresponding to the data downloading request can be determined, and a preset feasible downloading path corresponding to the target downloading data can be determined. Here, different preset available download paths corresponding to the downloadable data may be pre-stored on the service scheduling intensive platform, where the preset available download paths are allowed download paths. Then, a request generation path corresponding to the data download request can be identified, and from the request generation path, it can be seen how the target user generates the request through the client, for example, the request generation path can indicate which icons on the service dispatch intensive platform the target user has finally generated the data download request by triggering. Then, the service scheduling intensification platform can judge whether the request generation path is one of preset feasible download paths corresponding to the target download data. If so, then the data download request of the target user may be released at this time. In contrast, the service dispatch intensification platform may intercept the data download request. According to the embodiment of the application, the preset feasible download paths corresponding to different downloadable data are preset, and whether the request generation path belongs to the preset feasible download paths is judged, so that an attacker can be effectively prevented from acquiring data resources by using an illegal path.
It should be noted that some data are not downloadable, so a preset feasible downloading path is not preset, so when the target downloading data of the target user does not query a corresponding preset feasible downloading path, it is indicated that the target downloading data cannot be downloaded, at this time, a data downloading request can be directly intercepted, and an alarm message can be returned for the target client to prompt that the target user data cannot be downloaded. According to the embodiment of the application, whether the target download data corresponds to the preset feasible download path is firstly inquired before the target user downloads the target download data, so that the rest data without download permission on the user illegal download service scheduling intensive platform can be effectively avoided, and the safety of data downloading is further improved.
In the embodiment of the present application, optionally, the valid ticket includes an operation authority level of the target user; after the "responding to the data download request from the target client", the method further includes: determining the operation authority level of the target download data corresponding to the data download request; executing the step of determining a preset feasible downloading path of the target downloading data corresponding to the data downloading request when the operation authority level of the target user is higher than or equal to the operation authority level of the target downloading data; and intercepting the data downloading request when the operation authority level of the target user is lower than the operation authority level of the target downloading data.
In this embodiment, the user authority list stored in the preset database may further include an operation authority level of each user having authority of the login service scheduling intensive platform. After the service scheduling intensive platform responds to the data downloading request of the target user, the operation authority level of the target downloading data corresponding to the data downloading request can be determined, and the operation authority level of the target user can be determined according to the user authority list in the preset database. And then judging the relation between the operation authority level of the target user and the operation authority level of the target download data. If the operation authority level of the target user is higher than or equal to the operation authority level of the target download data, the target user has the data download authority, the step of determining the preset feasible download path of the target download data corresponding to the data download request can be returned, and whether the request generation path of the data download request accords with the preset feasible download path of the target download data can be continuously judged; if the target user's operating rights level is lower than the operating rights level of the target download data, then the data download request may be intercepted at this point. According to the embodiment of the application, through verifying the relation between the operation authority level of the target user and the operation authority level of the target download data, when the operation authority level of the target user is higher than or equal to the operation authority level of the target download data, the subsequent steps are allowed to be carried out, and the data download security can be further improved.
In an embodiment of the present application, optionally, after the "release the data download request", the method further includes: acquiring target downloading data corresponding to the data downloading request, calculating the sum of data volumes corresponding to the target downloading data, and packaging the sum of data volumes and the target downloading data into a target data packet; and sending the target data packet to the target client, so that after the target client receives the target data packet, judging whether the target data packet is tampered or not based on the data quantity in the target data packet and the sum of the data quantities.
In this embodiment, after the data download request is released, the service scheduling intensification platform may further acquire target download data corresponding to the data download request, and calculate the data amount of the target download data to obtain a total data amount. Then, the data of the sum of the data amounts and the target download data can be put together and packaged to obtain the target data packet. The service dispatching intensive platform can send the target data packet to the target client, so that after the target client receives the target data packet, the data volume calculation can be carried out on the rest data except the data of the total data volume in the target data packet, and whether the total data volume calculated at the target client is consistent with the total data volume carried in the target data packet is determined. If so, the integrity of the target data packet is not destroyed in the transmission process. For example, the target data packet includes target download data a and data B indicating the total data amount, after the target client receives the target data packet, the total data amount corresponding to the rest data except the data B in the target data packet can be calculated to obtain data C, and then whether the data B and the data C are consistent or not can be compared, if so, it is indicated that the integrity of the target download data a is good in the transmission process. According to the embodiment of the application, the data of the total data quantity of the target download data is carried in the target data packet, so that the client can rapidly verify the integrity of the target download data after receiving the target data packet, and whether the target download data is attacked and tampered in the transmission process can be effectively identified.
In an embodiment of the present application, optionally, after "after the first information is verified successfully" in step 202, the method further includes: acquiring a target network address corresponding to the login request and a target access mode of the target client; determining whether the target network address belongs to a preset feasible network address or not, and determining whether the target access mode belongs to a preset feasible access mode or not; and when the results are yes, executing the step of calling the target verification interface, otherwise, intercepting the login request of the target user.
In this embodiment, after the first information of the target user passes the verification, the service scheduling intensification platform may obtain the target network address corresponding to the login request, and may also obtain the target access mode of the target client. Here, a network address range and a terminal access mode which allow access can be preset on the service scheduling intensive platform. And then, judging whether the target network address belongs to a network address range which is stored in advance on the service dispatching intensification platform and allows access, and judging whether the target access mode belongs to a terminal access mode which is stored in advance on the service dispatching intensification platform and allows access. If the determination results of the two are yes, it is indicated that the target user passes the authentication of both the network address and the access mode, and the step of calling the target authentication interface in the step 202 may be returned at this time, so as to continuously determine whether the second information of the target user passes the authentication. If one of the two judging results is no, or if both judging results are no, the login request sent by the target client can be intercepted at the moment. After the first information of the target user passes the verification, the target network address and the target access mode of the target user are continuously verified, the login authority of the target user can be further verified, and the verification is performed on the target user from all directions and multiple angles, so that the safety and the stability of the service scheduling intensive platform can be greatly improved.
In an embodiment of the present application, optionally, the method further includes: obtaining data to be backed up according to a first preset time interval, and storing the data to be backed up into a backup medium; accordingly, the method further comprises: reading backup data to be tested from the backup medium according to a second preset time interval, and storing the backup data to be tested into a target storage space; randomly selecting a target fault from preset faults, and simulating the service scheduling intensive platform to generate the target fault in a virtual machine; restarting the service scheduling intensive platform in the virtual machine, and loading the backup data to be tested from the target storage space; judging whether a service dispatching intensification platform in the virtual machine can normally operate or not, generating a backup medium unavailable notification when the service dispatching intensification platform cannot normally operate, and sending the backup medium unavailable notification to a target management terminal.
In this embodiment, in order to ensure the security of the service dispatch intensive platform data, the data on the service dispatch intensive platform may be backed up periodically. Generally, data to be backed up on the service dispatch intensive platform may include file service data, log information files, and the like. The file service data refers to data in a non-database form generated and used when the service dispatching intensive platform runs, such as: unstructured data such as text files and picture files can be backed up by data stored as separate files. The log information file refers to data information which is produced by each application software and recorded in the form of a file, and the log information is classified into three types according to importance thereof: important, general, prompt information. For the important day information file, increment or full backup can be carried out, and general and prompt information can be selected for backup according to requirements. When the data is backed up, the data to be backed up can be obtained from the service dispatching intensification platform according to a first preset time interval, and the data to be backed up is stored in the backup medium. Here, the backup medium may be a hard disk, a tape, or the like. In order to ensure high availability of data, for data to be backed up with higher importance level, multiple backup means can be adopted to perform mixed backup.
And then, the backup data to be tested can be read from the backup medium according to a second preset time interval, and the backup data to be tested are stored in the target storage space. Here, the target storage space is a storage space in which the subsequent virtual machine can directly read data. Different fault operation modes can be preset in the virtual machine. Then, one of the preset faults can be randomly selected as a target fault, and the target fault occurs in the virtual machine by simulating the service scheduling intensification platform, and the whole process is performed in the virtual machine, so that the real service scheduling intensification platform can normally run without being influenced. After the target fault is simulated, the service scheduling intensive platform can be restarted in the virtual machine, and the stored backup data to be tested can be loaded from the target storage space. After the backup data to be tested is loaded, whether the service scheduling intensive platform in the virtual machine can normally run or not can be judged. If the backup media cannot normally run, a backup media unavailable notification can be correspondingly generated at the moment, and meanwhile, the backup media unavailable notification is sent to the target management terminal so as to prompt that the backup media have availability risk. According to the embodiment of the application, the data corresponding to the service dispatching intensification platform is stored into the backup medium at regular intervals, so that the platform data can be prevented from being deleted, modified or covered unexpectedly, and the service can be restored in the shortest time once the service dispatching intensification platform fails or is attacked to cause the service dispatching intensification platform to fail to operate normally. In addition, the availability of the backup medium is tested regularly, so that the safety of core data can be ensured, the subsequent data to be backed up can be ensured to be normally used after being stored, and invalid storage can be avoided.
In an embodiment of the present application, optionally, after step 203, the method further includes: responding to a data uploading request from a target client, and acquiring target uploading data corresponding to the data uploading request; invoking a malicious code detection interface, and identifying whether malicious codes are contained in the target uploading data through the malicious code detection interface; and when the target uploading data is not contained, storing the target uploading data.
In this embodiment, the target user may also upload data to the service dispatch intensive platform. Specifically, the target user may send a data upload request through the target client. After the service dispatching intensification platform receives the data uploading request, target uploading data corresponding to the data uploading request can be obtained. And then, the service scheduling intensive platform can also call a malicious code detection interface, query a malicious code library by using the malicious code detection interface, match target uploading data with preset malicious codes in the malicious code library, and store the target uploading data at the moment if the target uploading data does not contain the malicious codes, wherein the target uploading data is indicated to be not successfully matched. The malicious codes in the malicious code library are updated in real time, and each time new malicious codes are found, the new malicious codes can be timely added into the malicious code library. According to the embodiment of the application, by setting the malicious code library and the malicious code detection interface, whether malicious codes exist in the target uploading data can be effectively judged, and the threat of the target user uploading the malicious codes to the safe operation of the service scheduling intensive platform is avoided.
In an embodiment of the present application, optionally, the method further includes: and acquiring configuration parameters of the service scheduling intensive platform, and storing the configuration parameters into a target block chain.
In this embodiment, the service dispatch intensive platform may also automatically obtain configuration parameters after being configured and store the configuration parameters in the target blockchain. The embodiment of the application stores the configuration parameters of the service dispatching intensification platform in the blockchain, so that the configuration parameters stored in the blockchain are difficult to tamper and can be traced in the whole course, when the configuration parameters of the service dispatching intensification platform are tampered by illegal molecules later, the configuration parameters can be directly read from the chain, and the configuration is carried out again according to the configuration parameters, thereby ensuring that the service dispatching intensification platform is quickly recovered to normal operation.
Further, as a specific implementation of the method of fig. 1, an embodiment of the present application provides a security protection device of a service scheduling intensive platform, as shown in fig. 3, where the device includes:
The information acquisition module is used for responding to a login request of a service dispatching intensive platform from a target client to acquire information to be verified of a target user, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service dispatching intensive platform, and the second information comprises personal information of the target user;
The information verification module is used for verifying the first information, calling a target verification interface after the first information is successfully verified, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database administrator of the preset database;
And the session creation module is used for creating a session for the target user after receiving the valid bill returned by the target verification interface so as to receive the operation data of the target user through the session.
Optionally, the session creation module is configured to:
After receiving the valid bill returned by the target verification interface, counting the total number of current conversations, comparing the total number of the current conversations with a preset conversation number threshold value, and creating conversations for the target user when the total number of the current conversations is smaller than or equal to the preset conversation number threshold value;
correspondingly, the device further comprises:
and the session cutting-off module is used for monitoring the time when the session does not receive the operation data after the session is created for the target user, and cutting off the session when the time when the session does not receive the operation data exceeds a preset time threshold.
Optionally, the apparatus further comprises:
The path determining module is used for determining a preset feasible downloading path of target downloading data corresponding to a data downloading request in response to the data downloading request from a target client after the session is created for the target user;
The path identification module is used for identifying a request generation path corresponding to the data downloading request and judging whether the request generation path belongs to the preset feasible downloading path or not;
And the request release module is used for releasing the data downloading request when the request generation path belongs to the preset feasible downloading path.
Optionally, the valid ticket includes an operation authority level of the target user; the apparatus further comprises:
The level determining module is used for determining the operation authority level of the target downloading data corresponding to the data downloading request after responding to the data downloading request from the target client;
The path determining module is further configured to execute the step of determining a preset feasible download path of the target download data corresponding to the data download request when the operation permission level of the target user is higher than or equal to the operation permission level of the target download data;
And the request interception module is used for intercepting the data downloading request when the operation authority level of the target user is lower than the operation authority level of the target downloading data.
Optionally, the apparatus further comprises:
The data acquisition module is used for acquiring target downloading data corresponding to the data downloading request after the data downloading request is released, calculating the sum of data volumes corresponding to the target downloading data, and packaging the sum of data volumes and the target downloading data into a target data packet;
And the data packet sending module is used for sending the target data packet to the target client so that the target client can judge whether the target data packet is tampered or not based on the data quantity in the target data packet and the total data quantity after receiving the target data packet.
Optionally, the apparatus further comprises:
The address acquisition module is used for acquiring a target network address corresponding to the login request and a target access mode of the target client after the first information is successfully verified;
the judging module is used for determining whether the target network address belongs to a preset feasible network address or not and determining whether the target access mode belongs to a preset feasible access mode or not;
and the information verification module is also used for executing the step of calling the target verification interface when the results are yes, otherwise, intercepting the login request of the target user.
Optionally, the apparatus further comprises:
The backup module is used for acquiring data to be backed up according to a first preset time interval and storing the data to be backed up into a backup medium;
correspondingly, the device further comprises:
The test module is used for reading backup data to be tested from the backup medium according to a second preset time interval and storing the backup data to be tested into a target storage space; randomly selecting a target fault from preset faults, and simulating the service scheduling intensive platform to generate the target fault in a virtual machine; restarting the service scheduling intensive platform in the virtual machine, and loading the backup data to be tested from the target storage space; judging whether a service dispatching intensification platform in the virtual machine can normally operate or not, generating a backup medium unavailable notification when the service dispatching intensification platform cannot normally operate, and sending the backup medium unavailable notification to a target management terminal.
It should be noted that, other corresponding descriptions of each functional unit related to the safety protection device of the service scheduling centralized platform provided by the embodiment of the present application may refer to corresponding descriptions in the methods of fig. 1 to fig. 2, and are not repeated herein.
The embodiment of the application also provides a computer device, which can be a personal computer, a server, a network device and the like, and as shown in fig. 4, the computer device comprises a bus, a processor, a memory and a communication interface, and can also comprise an input/output interface and a display device. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is for storing location information. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement the steps in the method embodiments.
It will be appreciated by persons skilled in the art that the architecture shown in fig. 4 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer readable storage medium is provided, which may be non-volatile or volatile, and on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims (10)

1. The safety protection method of the service scheduling intensification platform is characterized by comprising the following steps of:
Responding to a login request from a service dispatching intensive platform of a target client to obtain information to be verified of a target user, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service dispatching intensive platform, and the second information comprises personal information of the target user;
Verifying the first information, and after the first information is successfully verified, calling a target verification interface, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database manager of the preset database;
And after receiving the valid bill returned by the target verification interface, creating a session for the target user so as to receive the operation data of the target user through the session.
2. The method of claim 1, wherein the creating a session for the target user upon receiving the valid ticket returned by the target authentication interface comprises:
After receiving the valid bill returned by the target verification interface, counting the total number of current conversations, comparing the total number of the current conversations with a preset conversation number threshold value, and creating conversations for the target user when the total number of the current conversations is smaller than or equal to the preset conversation number threshold value;
Accordingly, after the session is created for the target user, the method further includes:
Monitoring the time when the session does not receive the operation data, and cutting off the session when the time when the session does not receive the operation data exceeds a preset time threshold.
3. The method of claim 2, wherein after the session is created for the target user, the method further comprises:
Responding to a data downloading request from a target client, and determining a preset feasible downloading path of target downloading data corresponding to the data downloading request;
identifying a request generation path corresponding to the data downloading request, and judging whether the request generation path belongs to the preset feasible downloading path or not;
And when the request generation path belongs to the preset feasible downloading path, releasing the data downloading request.
4. A method according to claim 3, wherein the valid ticket includes an operating rights level of the target user; after the responding to the data download request from the target client, the method further comprises:
Determining the operation authority level of the target download data corresponding to the data download request;
Executing the step of determining a preset feasible downloading path of the target downloading data corresponding to the data downloading request when the operation authority level of the target user is higher than or equal to the operation authority level of the target downloading data;
And intercepting the data downloading request when the operation authority level of the target user is lower than the operation authority level of the target downloading data.
5. The method of claim 3 or 4, wherein after said issuing said data download request, said method further comprises:
acquiring target downloading data corresponding to the data downloading request, calculating the sum of data volumes corresponding to the target downloading data, and packaging the sum of data volumes and the target downloading data into a target data packet;
And sending the target data packet to the target client, so that after the target client receives the target data packet, judging whether the target data packet is tampered or not based on the data quantity in the target data packet and the sum of the data quantities.
6. The method of claim 1, wherein after the first information is verified, the method further comprises:
Acquiring a target network address corresponding to the login request and a target access mode of the target client;
Determining whether the target network address belongs to a preset feasible network address or not, and determining whether the target access mode belongs to a preset feasible access mode or not;
And when the results are yes, executing the step of calling the target verification interface, otherwise, intercepting the login request of the target user.
7. The method according to claim 1, wherein the method further comprises:
obtaining data to be backed up according to a first preset time interval, and storing the data to be backed up into a backup medium;
accordingly, the method further comprises:
reading backup data to be tested from the backup medium according to a second preset time interval, and storing the backup data to be tested into a target storage space;
randomly selecting a target fault from preset faults, and simulating the service scheduling intensive platform to generate the target fault in a virtual machine;
Restarting the service scheduling intensive platform in the virtual machine, and loading the backup data to be tested from the target storage space;
Judging whether a service dispatching intensification platform in the virtual machine can normally operate or not, generating a backup medium unavailable notification when the service dispatching intensification platform cannot normally operate, and sending the backup medium unavailable notification to a target management terminal.
8. A safety device for a service dispatch intensive platform, comprising:
The information acquisition module is used for responding to a login request of a service dispatching intensive platform from a target client to acquire information to be verified of a target user, wherein the information to be verified comprises first information and second information, the first information comprises information determined based on a preset verification rule of the service dispatching intensive platform, and the second information comprises personal information of the target user;
The information verification module is used for verifying the first information, calling a target verification interface after the first information is successfully verified, and accessing a preset database through the target verification interface to determine whether the second information passes verification according to a user permission list stored in the preset database, wherein the user permission list is updated by a database administrator of the preset database;
And the session creation module is used for creating a session for the target user after receiving the valid bill returned by the target verification interface so as to receive the operation data of the target user through the session.
9. A storage medium having stored thereon a computer program, which when executed by a processor, implements the method of any of claims 1 to 7.
10. A computer device comprising a storage medium, a processor and a computer program stored on the storage medium and executable on the processor, characterized in that the processor implements the method of any one of claims 1 to 7 when executing the computer program.
CN202410180438.6A 2024-02-18 2024-02-18 Safety protection method and device for service scheduling intensive platform Pending CN118282705A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410180438.6A CN118282705A (en) 2024-02-18 2024-02-18 Safety protection method and device for service scheduling intensive platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410180438.6A CN118282705A (en) 2024-02-18 2024-02-18 Safety protection method and device for service scheduling intensive platform

Publications (1)

Publication Number Publication Date
CN118282705A true CN118282705A (en) 2024-07-02

Family

ID=91640809

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410180438.6A Pending CN118282705A (en) 2024-02-18 2024-02-18 Safety protection method and device for service scheduling intensive platform

Country Status (1)

Country Link
CN (1) CN118282705A (en)

Similar Documents

Publication Publication Date Title
CN108989355B (en) Vulnerability detection method and device
CN111737752B (en) Monitoring data access control method, device and equipment and storage medium
WO2021121382A1 (en) Security management of an autonomous vehicle
CN112328558B (en) Access log storage method and system of medical system based on block chain
CN112422527B (en) Threat assessment system, method and device for substation power monitoring system
WO2024125108A1 (en) On-demand enabling method and apparatus for security aspect of mobile terminal
CN113922975A (en) Security control method, server, terminal, system and storage medium
CN115935414A (en) Block chain based data verification method and device, electronic equipment and storage medium
WO2020000753A1 (en) Device security monitoring method and apparatus
CN118282705A (en) Safety protection method and device for service scheduling intensive platform
CN113868628B (en) Signature verification method, signature verification device, computer equipment and storage medium
CN112732676B (en) Block chain-based data migration method, device, equipment and storage medium
CN114386047A (en) Application vulnerability detection method and device, electronic equipment and storage medium
CN114979109A (en) Behavior track detection method and device, computer equipment and storage medium
CN110597557B (en) System information acquisition method, terminal and medium
CN113297628A (en) Modification behavior auditing method, device, equipment and readable storage medium
CN113596600B (en) Security management method, device, equipment and storage medium for live broadcast embedded program
CN117648100B (en) Application deployment method, device, equipment and storage medium
CN112947864B (en) Metadata storage method, apparatus, device and storage medium
KR102343406B1 (en) Apparatus and computer program for protecting data files
CN114329515A (en) Data verification method for preventing process jump
CN113596600A (en) Security management method, device, equipment and storage medium for live broadcast embedded program
CN114978710A (en) Webpage data tamper-proof processing method and device and electronic equipment
CN115408685A (en) Data detection method, device and equipment for sql injection
CN117879926A (en) Webpage login security verification method and device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination