KR101678185B1 - Web application server capable of tracing access to personal information and web service providing system having the same - Google Patents
Web application server capable of tracing access to personal information and web service providing system having the same Download PDFInfo
- Publication number
- KR101678185B1 KR101678185B1 KR1020150074547A KR20150074547A KR101678185B1 KR 101678185 B1 KR101678185 B1 KR 101678185B1 KR 1020150074547 A KR1020150074547 A KR 1020150074547A KR 20150074547 A KR20150074547 A KR 20150074547A KR 101678185 B1 KR101678185 B1 KR 101678185B1
- Authority
- KR
- South Korea
- Prior art keywords
- connection
- personal information
- session
- database
- service
- Prior art date
Links
Images
Classifications
-
- H04L67/22—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H04L67/16—
Abstract
The web application server includes a login module, a plurality of service modules, a database, a DB connection pool, and a management module. When receiving a login request signal including a user ID and a password from each of a plurality of user terminals, the login module assigns a session ID to each of the plurality of user terminals, associates the session ID with the user ID, . A plurality of service modules provide a web service to each of a plurality of user terminals. The database stores the data necessary to provide the Web service. The DB connection pool controls the behavior of the database. Each of the plurality of service modules, when receiving a DB access command from the corresponding user terminal, provides a DB access request signal together with the session ID to the DB connection pool. When receiving the DB access request signal and the session ID from the service module, the DB connection pool assigns the DB connection ID to the service module, stores the DB connection ID in the second table in association with the session ID, When accessing the personal information stored in the database using the connection ID, the access information for the personal information is stored in the third table in association with the DB connection ID. When receiving a search signal from an administrator terminal, the management module provides an access history of personal information for each user ID based on data stored in the first to third tables.
Description
BACKGROUND OF THE
Recently, as the number of web based services has increased, there have been an increasing number of applications providing services using important data such as personal information on the web. Accordingly, security incidents such as leakage of personal information are frequently occurring.
In order to prevent security incidents such as personal information leakage, there is a need for a technology that collects information about who has access to certain important data, as well as a technology that essentially blocks the leakage of important data.
However, a general web application server (WAS) has a problem in that it is difficult to know who has access to important data stored in the database because a plurality of users are controlled by using one database account.
An object of the present invention is to provide a web application server capable of effectively tracking access history of important data for each user.
Another object of the present invention is to provide a web service providing system including the web application server.
In order to accomplish one object of the present invention, a web application server according to an embodiment of the present invention includes a login module, a plurality of service modules, a database, a DB connection pool, and a management module . The login module, when receiving a login request signal including a user ID and a password from each of the plurality of user terminals, assigns a session ID to each of the plurality of user terminals, associates the session ID with the user ID And stores it in the first table. The plurality of service modules provide a web service to each of the plurality of user terminals. The database stores data necessary for providing the web service. The DB connection pool controls the operation of the database. Each of the plurality of service modules provides a DB access request signal to the DB connection pool together with the session ID when receiving a DB access command from a corresponding user terminal. Wherein the DB connection pool assigns a DB connection ID to the service module when the DB access request signal and the session ID are received from the service module, associates the DB connection ID with the session ID, When the service module accesses the personal information stored in the database using the DB connection ID, the service module stores the access information for the personal information in the third table in association with the DB connection ID. When receiving the search signal from the administrator terminal, the management module provides an access history of the personal information for each user ID based on the data stored in the first to third tables.
In one embodiment, the DB connection pool includes: a connection manager for giving the DB connection ID to the service module when receiving the DB access request signal and the session ID from the service module; A connection monitor unit for associating the DB connection ID with the session ID and storing the DB connection ID in the second table each time the DB connection ID is assigned in response to the access request signal and the session ID; A DB driver for performing a read operation on the database based on a query statement received via the database, and if the query statement corresponds to a statement accessing the personal information stored in the database, And a query analyzer for storing the information in the third table in association with the DB connection ID.
The DB driver and the query analyzer may simultaneously receive the query statement from the service module and operate in parallel based on the query statement.
Wherein the DB connection pool further includes a table information file storing names of personal information tables storing the personal information in the database and names of personal information columns storing the personal information in the personal information table, The analyzing unit compares the query sentence received from the service module with the name of the personal information table stored in the table information file and the name of the personal information column to access the personal information stored in the database Quot ;, or " corresponding to "
Wherein the query statement analyzing unit is configured to determine whether the query statement includes a name of the personal information table stored in the table information file and a name of the personal information column in the query statement, .
When the query statement is determined to correspond to a statement for accessing the personal information stored in the database, associating the name of the table and the name of the table included in the query statement with the DB connection ID, Can be stored in the third table.
In one embodiment, when receiving the search signal from the administrator terminal, the management module extracts the session ID corresponding to each of the user IDs using the first table, and uses the second table Extracting the DB connection ID corresponding to the extracted session ID, calculating the number of times of accessing the personal information through the extracted DB connection ID using the third table, May be provided to the administrator terminal.
According to an aspect of the present invention, there is provided a web service providing system including a plurality of user terminals, a web application server, and an administrator terminal. The web application server provides a web service to the plurality of user terminals. The administrator terminal manages the web application server. Wherein the web application server, when receiving a login request signal including a user ID and a password from each of the plurality of user terminals, assigns a session ID to each of the plurality of user terminals, A plurality of service modules each providing the web service to each of the plurality of user terminals, a database storing data necessary for providing the web service, A DB connection pool for controlling the DB, and a management module. Wherein each of the plurality of service modules provides a DB access request signal to the DB connection pool together with the session ID when receiving a DB access command from a corresponding user terminal, Wherein the service module receives the DB access request signal and the session ID, gives a DB connection ID to the service module, stores the DB connection ID in the second table in association with the session ID, When accessing stored personal information, stores access information on the personal information in association with the DB connection ID in a third table, and when the management module receives a search signal from the administrator terminal, And provides access history of the personal information for each user ID based on data stored in three tables.
The web application server according to the embodiments of the present invention can provide access histories of personal information stored in the database on a user-by-user basis.
1 is a conceptual diagram illustrating a web service provision system according to an embodiment of the present invention.
2 is a block diagram illustrating an example of a web application server included in the web service provision system of FIG.
3 is a diagram showing an example of a first table included in the web application server of FIG.
4 is a diagram showing an example of a second table included in the web application server of FIG.
5 is a diagram illustrating an example of a table information file included in the web application server of FIG.
6 is a diagram illustrating an example of a third table included in the web application server of FIG.
For the embodiments of the invention disclosed herein, specific structural and functional descriptions are set forth for the purpose of describing an embodiment of the invention only, and it is to be understood that the embodiments of the invention may be practiced in various forms, The present invention should not be construed as limited to the embodiments described in Figs.
The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms may be used for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprise", "having", and the like are intended to specify the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, , Steps, operations, components, parts, or combinations thereof, as a matter of principle.
Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be construed as meaning consistent with meaning in the context of the relevant art and are not to be construed as ideal or overly formal in meaning unless expressly defined in the present application .
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.
1 is a conceptual diagram illustrating a web service provision system according to an embodiment of the present invention.
Referring to FIG. 1, a web
Each of the plurality of user terminals 100-1 to 100-n is connected to the
Each of the plurality of user terminals 100-1 to 100-n may be a beacon electronic device such as a computer or a mobile device such as a smart phone or the like.
In one embodiment, the
The web service provided by the
The
As described later, the
2 is a block diagram illustrating an example of a web application server included in the web service provision system of FIG.
2, the
Each of the plurality of user terminals 100-1 to 100-n receives a login request signal including a user ID (U_ID) and a password to the
When the
3 is a diagram showing an example of a first table included in the web application server of FIG.
Referring to FIG. 3, the first table 251 may include a user ID field U_ID_F, a session ID field SS_ID_F, an IP address field IP_ADDR_F, and a time field DT_F.
As shown in FIG. 3, the
The first table 251 shown in FIG. 3 is an example, and the present invention is not limited thereto. According to the embodiment, the first table 251 may include a name of the user corresponding to the user ID U_ID, May further store user information such as < RTI ID = 0.0 >
Referring again to FIG. 2, each of the plurality of user terminals 100-1 to 100-n receives a session ID (SS_ID) from the
Each of the plurality of
Thus, each of the plurality of
The
2 illustrates that the
In one embodiment, each of the plurality of user terminals 100-1 to 100-n uses a DB access command (DB_CMD) to the
Each of the plurality of
The
Specifically, the
The
The
4 is a diagram showing an example of a second table included in the web application server of FIG.
Referring to FIG. 4, the second table 252 may include a session ID field (SS_ID_F), and a DB connection ID field (DB_ID_F).
4, the
The second table 252 shown in FIG. 4 is illustrative, and the present invention is not limited thereto. According to an embodiment, the second table 252 may include a new DB connection ID (DB_ID) And information such as a given time may be further stored.
2, when the
The query statement QR transmitted from the
The
The
In one embodiment, the
5 is a diagram illustrating an example of a table information file included in the web application server of FIG.
5, the table information file 239 includes names (TABLEA, TABLEB) of personal information tables including the personal information, names of personal information columns in which the personal information is stored in each of the personal information tables (JUMIN, TEL, CARDNUM) in association with each other.
5 exemplarily shows that the resident registration number and the telephone number are stored as the personal information in the first table TABLEA and the resident registration number and the card number are stored as the personal information in the second table TABLEB .
2, the
For example, when the query statement (QR) includes the name of the personal information table and the name of the personal information column stored in the table information file 239, the query
If it is determined that the query statement QR corresponds to a statement for accessing the personal information stored in the
6 is a diagram illustrating an example of a third table included in the web application server of FIG.
Referring to FIG. 6, the third table 253 may include a DB connection ID field (DB_ID_F) and a query information field (QR_F).
6, when the name of the personal information table and the name of the personal information column stored in the table information file 239 are included in the query statement QR, the query
6, the present invention is not limited to this. According to the embodiment, the
2, when the
For example, when the
In one embodiment, the
In one embodiment, when an access history to specific personal information (for example, a resident number) is to be retrieved, the
As described above with reference to FIGS. 1 to 6, the
The web application server according to the embodiments of the present invention provides a history of accessing personal information stored in a database for each user, and thus can be useful for preventing leakage of personal information from a web application server.
Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims. It will be understood that the invention may be modified and varied without departing from the scope of the invention.
10: Web service providing systems 100-1 to 100-n:
200: Web application server 300: administrator terminal
Claims (8)
A plurality of service modules for providing a web service to each of the plurality of user terminals;
A database for storing data necessary for providing the web service;
A DB connection pool for controlling the operation of the database; And
Management module,
Wherein each of the plurality of service modules provides a DB access request signal to the DB connection pool together with the session ID when receiving a DB access command from a corresponding user terminal,
Wherein the DB connection pool assigns a DB connection ID to the service module when the DB access request signal and the session ID are received from the service module, associates the DB connection ID with the session ID, Storing the access information for the personal information in the third table in association with the DB connection ID when the service module accesses the personal information stored in the database using the DB connection ID,
Wherein the management module provides a history of access to the personal information for each user ID based on data stored in the first to third tables when receiving a search signal from the administrator terminal,
The DB connection pool includes:
A connection management unit for providing the DB connection ID to the service module when receiving the DB access request signal and the session ID from the service module;
A connection monitor unit for associating the DB connection ID with the session ID and storing the DB connection ID in the second table whenever the connection management unit gives the DB connection ID in response to the DB access request signal and the session ID;
A DB driver for performing a read operation on the database based on a query sent from the service module via the DB connection ID; And
And a query analyzer for associating information on the query statement with the DB connection ID and storing the query statement in the third table when the query statement corresponds to a statement for accessing the personal information stored in the database. .
Wherein the query analyzer compares the query received from the service module with a name of the personal information table stored in the table information file and a name of the personal information column, A web application server that determines whether it corresponds to an accessing statement.
A web application server for providing a web service to the plurality of user terminals; And
And an administrator terminal for managing the web application server,
The web application server,
When receiving a login request signal including a user ID and a password from each of the plurality of user terminals, assigning a session ID to each of the plurality of user terminals, associating the session ID with the user ID, A login module for storing the password in the login module;
A plurality of service modules for providing the web service to each of the plurality of user terminals;
A database for storing data necessary for providing the web service;
A DB connection pool for controlling the operation of the database; And
Management module,
Wherein each of the plurality of service modules provides a DB access request signal to the DB connection pool together with the session ID when receiving a DB access command from a corresponding user terminal,
Wherein the DB connection pool assigns a DB connection ID to the service module when the DB access request signal and the session ID are received from the service module, associates the DB connection ID with the session ID, Storing the access information for the personal information in the third table in association with the DB connection ID when the service module accesses the personal information stored in the database,
Wherein the management module provides an access history of the personal information for each user ID based on data stored in the first to third tables when receiving a search signal from the administrator terminal,
The DB connection pool includes:
A connection management unit for providing the DB connection ID to the service module when receiving the DB access request signal and the session ID from the service module;
A connection monitor unit for associating the DB connection ID with the session ID and storing the DB connection ID in the second table whenever the connection management unit gives the DB connection ID in response to the DB access request signal and the session ID;
A DB driver for performing a read operation on the database based on a query sent from the service module via the DB connection ID; And
And a query analyzer for associating information on the query statement with the DB connection ID and storing the information in the third table when the query statement corresponds to a statement for accessing the personal information stored in the database system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150074547A KR101678185B1 (en) | 2015-05-28 | 2015-05-28 | Web application server capable of tracing access to personal information and web service providing system having the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150074547A KR101678185B1 (en) | 2015-05-28 | 2015-05-28 | Web application server capable of tracing access to personal information and web service providing system having the same |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101678185B1 true KR101678185B1 (en) | 2016-11-21 |
Family
ID=57537866
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150074547A KR101678185B1 (en) | 2015-05-28 | 2015-05-28 | Web application server capable of tracing access to personal information and web service providing system having the same |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101678185B1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114095514A (en) * | 2020-07-29 | 2022-02-25 | 华为技术有限公司 | Database access method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060042330A (en) * | 2004-11-09 | 2006-05-12 | 한국전자통신연구원 | A method for managing the session channel according to each service class of mobile terminal |
KR20100088861A (en) * | 2009-02-02 | 2010-08-11 | 주식회사 유섹 | Method and system for protecting customer's privacy information in contact center |
-
2015
- 2015-05-28 KR KR1020150074547A patent/KR101678185B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060042330A (en) * | 2004-11-09 | 2006-05-12 | 한국전자통신연구원 | A method for managing the session channel according to each service class of mobile terminal |
KR20100088861A (en) * | 2009-02-02 | 2010-08-11 | 주식회사 유섹 | Method and system for protecting customer's privacy information in contact center |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114095514A (en) * | 2020-07-29 | 2022-02-25 | 华为技术有限公司 | Database access method and system |
CN114095514B (en) * | 2020-07-29 | 2023-03-10 | 华为技术有限公司 | Database access method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103886529A (en) | Health archive information management service system and method | |
ATE311063T1 (en) | UNITED LOGIN PROCESS | |
WO2018093961A1 (en) | Systems and methods for digital presence profiler service | |
JP2007214978A (en) | Object person management system | |
US20140114991A1 (en) | Providing access to information | |
CN103761603A (en) | Mobile card punching system suitable for outworkers | |
KR101678185B1 (en) | Web application server capable of tracing access to personal information and web service providing system having the same | |
KR20130064447A (en) | Method and appratus for providing search results using similarity between inclinations of users and device | |
JP2011100268A (en) | Service providing system, authentication device, service providing device, control method, and program | |
CN104378202A (en) | Information processing method, electronic terminal and server | |
JP5069168B2 (en) | Network operation monitoring system, manager device, and network operation monitoring method | |
CN104092681A (en) | Personalized multi-media smart campus content distribution and interactive system based on location-based service | |
KR20080079708A (en) | Imformation offering system for individual and method | |
CN104680467A (en) | Political propaganda and election review platform and safe operation method thereof | |
KR20090131967A (en) | The individual tailored portal site providing system and management method using smart card | |
JP2008197919A (en) | Processing mode switching device | |
KR20150083589A (en) | Server for sharing and managing bookmarks, system and method for sharing and managing bookmarks using the same | |
JP2016018337A (en) | Information processing system, information processing method, and program | |
CN107592373A (en) | A kind of information requesting method, device and the user terminal of more domain name pages | |
JP2014035655A (en) | Access control system | |
KR20120022199A (en) | Content providing system using the serial number of mobile memory devices and method thereof | |
CN111048196B (en) | Hospital equipment management system and management method thereof | |
KR101792187B1 (en) | System and method for question answering service using statistical method | |
WO2023192521A1 (en) | System and method for analyzing patient data and managing interactions with a patient via a display device having multiple display windows | |
CN106572462A (en) | Alarm information sending method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GRNT | Written decision to grant |