KR102379098B1 - Database login information management system using virtual driver and control method thereof - Google Patents

Abstract

The present invention relates to a database login information management system using a virtual driver to reduce inconvenience of having to periodically renew a password of a person in charge and a control method thereof. According to the present invention, the database login information management system comprises: a driver manager transmitting a database connection execution request signal to a database driver corresponding to an identifier among at least one database driver when the database connection request signal is received and transferring database connection information included in a database connection execution result signal received from the corresponding database driver to a requesting terminal; a database client driver receiving and transmitting the database connection information by communicating with a corresponding database with the login information when the identifier is the same as the identifier included in the database connection execution request signal received from the driver manager; a virtual driver acquiring additional login information by communicating with the database login information management unit when a primary identifier among the identifiers included in the database connection execution request signal received from the driver manager corresponds to itself and transmitting the acquired additional login information to the driver manager; and a login information management unit managing the additional login information and providing the additional login information corresponding to the request of the virtual driver. The database driver is at least one of the database client driver and the virtual driver.

Description

DATABASE LOGIN INFORMATION MANAGEMENT SYSTEM USING VIRTUAL DRIVER AND CONTROL METHOD THEREOF

The present invention relates to a database login information management system and a control method thereof, and more particularly, to a database login information management system through a virtual driver and a control method thereof.

The database manages data according to a predefined structure. For example, predetermined data can be stored for each field, and the stored data can be easily retrieved and thus widely used.

As such, a large amount of data can be stored in the database because it is easy to search and categorize, so caution is required for security.

In other words, it is necessary to block access to the database from unauthorized persons, and also to prevent unauthorized persons from acquiring database access rights.

For this purpose, a method of granting users access to the database based on a password, and setting an effective period for the password to periodically replace it is widely used.

However, there is a problem in that it is not easy to control to periodically change the password required for database access for each user.

That is, even if each user is instructed to periodically replace the password, the password update is not performed frequently for various reasons.

In addition, there are cases in which a specific administrator changes and informs each user's password.

If the password for database access is not changed periodically, the risk of hacking from outside may increase, and only users with database access rights should know the password. The possibility of leakage increases.

On the other hand, if a password replacement period is forcibly set on the database to enhance security, users who have to change the password every time are inconvenienced. There may be cases in which necessary data cannot be read.

Patent Publication No. 10-2002-0032892

The present invention has been devised to solve the above conventional problems, and an object of the present invention is to provide a system and a control method therefor so that the password can be periodically updated even if each user or administrator does not directly update the password.

In order to achieve the above object, in the database login information management system according to the present invention, when a database connection request signal including an identifier and login information is received from the outside, the login is performed to a database driver corresponding to the identifier among at least one database driver. a driver manager for transmitting a database connection execution request signal including information and transferring database connection information included in a database connection execution result signal received from a corresponding database driver to a place to which the database connection request signal is transmitted; When the primary identifier among the identifiers included in the database connection execution request signal received from the driver manager corresponds to the user, it communicates with the corresponding database using the login information included in the corresponding database connection execution request signal to connect to the database a DB client driver for receiving information and transmitting a database connection execution result signal including the received database connection information to the driver manager; If the primary identifier among the identifiers included in the database connection execution request signal received from the driver manager corresponds to itself, the secondary identifier included in the corresponding database connection execution request signal is extracted and communicated with the login information management unit to communicate with the corresponding 2 Obtain login additional information corresponding to at least one of the secondary identifier and the login information included in the database connection execution request signal, include the obtained login additional information in the login information, and include the secondary identifier as the primary identifier a virtual driver that generates a database connection request signal and transmits it to the driver manager; and a login information management unit that manages login additional information matching at least one of the secondary identifier and the login information, and provides corresponding login additional information according to a request of the virtual driver, wherein the database driver includes the DB It is characterized in that it is at least one of a client driver and the virtual driver.

In addition, in order to achieve the above object, in a method for controlling a database login information management system according to the present invention, when a driver manager receives a database connection request signal including an identifier and login information from a database using unit, at least one of the database drivers transmitting a database connection execution request signal including the login information to a database driver corresponding to the identifier; When the virtual driver corresponds to itself among the identifiers included in the database connection request signal received from the driver manager, the virtual driver extracts the secondary identifier included in the corresponding database connection request signal and communicates with the login information management unit requesting additional login information corresponding to at least one of the secondary identifier and the login information included in the database connection request signal; providing additional login information corresponding to the request of the virtual driver by a login information manager managing additional login information matching at least one of the secondary identifier and the login information; generating, by the virtual driver, a database connection request signal including the login additional information obtained from the login information management unit in login information and the secondary identifier as a primary identifier, and transmitting the generated database connection request signal to the driver manager; transmitting, by the driver manager, a database connection request signal including login information to a DB client driver corresponding to a primary identifier included in a database connection request signal received from the virtual driver; When the DB client driver that has received the database connection execution request signal from the driver manager corresponds to the primary identifier included in the database connection execution request signal, it uses the login information included in the database connection execution request signal. receiving database connection information by communicating with a database corresponding to , and transmitting a database connection execution result signal including the received database connection information to the driver manager; and transferring, by the driver manager, database connection information included in the database connection execution result signal received from the DB client driver, to the database use unit that has transmitted the database connection request signal, wherein the database driver is the DB client driver and at least one of the virtual driver.

As described above, according to the present invention, since a predetermined password required for database access is managed and used by the virtual driver and the login information management unit, the person in charge cannot know the password, so data leakage through direct connection, etc. is impossible. , the inconvenience of having to periodically renew passwords for business personnel is reduced.

In addition, stable service can be provided because the current password is obtained and connected at the last stage of database connection.

In particular, the risk of service interruption due to the failure of the password change of the person in charge (error input or not input, etc.) disappears, and even if the password is not properly delivered to the person in charge, the database can be used without difficulty.

In particular, there is an advantage of facilitating system expansion because it can be applied even if other components are not changed or modified only by additional configuration of the virtual driver and login information management unit.

In particular, it is unnecessary to change the business source (for example, change the source corresponding to the database use part), there is no need to search for passwords scattered in the program, and there is no need to change the password in the compiled library.

1 is a schematic configuration diagram of an entire system including a database login information management system according to an embodiment of the present invention;
2 is a functional block diagram of the database login information management system of FIG. 1 (that is, including a virtual driver and a login information management unit);
3 is a view showing a state in which only the configuration excluding the virtual driver and the driver manager in FIG. 2 is operated;
4 is a view showing a state in which the virtual driver and the login information management unit are included and operated in FIG. 3;
5 to 7 are overall control flowcharts of a database login information management system according to an embodiment of the present invention.

Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

Hereinafter, each embodiment according to the present invention is merely an example for helping the understanding of the present invention, and the present invention is not limited to these embodiments. In particular, the present invention may be composed of a combination of at least any one of individual components, individual functions, or individual steps included in each embodiment.

In particular, some claims of the claims include an alphabet such as '(a)' for convenience, but the alphabet does not define the order of each step.

In addition, each signal referred to in each embodiment according to the present invention below may mean one signal transmitted by one connection, etc., but may also mean a series of signal groups transmitted for the purpose of performing a specific function to be described later. . That is, in each embodiment, a plurality of signals transmitted at a predetermined time interval or after receiving a response signal from a counterpart device may be expressed as one signal name for convenience.

A schematic configuration of the entire system including the database login information management system 100 through the virtual driver 140 according to an embodiment of the present invention has been disclosed.

As shown in the figure, the entire system may be configured to include a database 200 using a terminal, a login information management device, and a database 200 .

Here, the database 200 is configured in the form of a table of predetermined data as described above, and since the configuration of the database 200 itself corresponds to a known technology, a more detailed description will be omitted.

A terminal using the database 200 is a terminal using data stored in the database 200, for example, requests predetermined data to the database 200 (eg, transmits a query to the database 200), and according to the request, a database It may be a device for displaying data received from 200 .

Also, the login information management apparatus manages predetermined login information (eg, a password) for accessing the database 200 , and performs a function of providing pre-stored login information in response to a request from a terminal using the database 200 .

The database login information management system 100 according to the present invention may include a terminal using the database 200 and a login information management device. Although it has been described as an example, it is assumed that the unit is integrated into one device and described below.

Functional blocks of the database login information management system 100 according to an embodiment of the present invention are shown in FIG. 2 .

As shown in the figure, the database login information management system 100 includes a database use unit 110 , a driver manager 120 , a DB client driver 130 , a virtual driver 140 , a database 200 , and a login information management unit. (150) may be included.

Here, the database use unit 110 uses the data stored in the database 200, and requests a connection to the database 200 for the first time or displays the data transmitted by the database 200 so that the user can read it, or receives the data. It can perform functions such as processing the data.

For example, the database use unit 110 provides an interface for a user to access the database 200, and a database 200 connection request signal including login information (eg, ID and password) input by the user. It creates and transmits a function.

In this case, the database 200 connection request signal may include an identifier for identifying each database 200 .

According to such a database 200 connection request signal, the database 200 connection information may be received from the driver manager 120 through a complex process to be described later. The database 200 connection information is, for example, to a specific database 200 . It may correspond to a pointer (resource information, etc.) that makes the included data available.

The DB client driver 130 is matched with a specific database 200 , and may directly connect to the matched database 200 .

For example, the connection method for each database 200 may be different. For this purpose, the DB client driver 130 corresponding to each database 200 is provided to perform the connection.

For example, when the first DB client driver 130 is configured to correspond to the first database 200 and the second DB client driver 130 is configured to correspond to the second database 200 , the first database 200 ), it is possible not to use the second DB client driver 130 but only by using the first DB client driver 130 .

When the function performed by the DB client driver 130 is described in detail, if the primary identifier among the identifiers included in the database 200 connection execution request signal received from the driver manager 120 corresponds to itself, the corresponding database (200) The database 200 connection information is requested while communicating with the database 200 corresponding to the user using the login information included in the connection request signal.

When the database 200 connection information is received from the database 200 when a normal connection is established through an authentication process, etc., the DB client driver 130 performs a database 200 connection including the received database 200 connection information. It performs a function of transmitting a result signal to the driver manager 120 .

As such, the technology for allowing the DB client driver 130 and the database 200 to have a structure corresponding to each other and the technology for connecting the DB client driver 130 to the database 200 corresponding to the DB client driver 130 are well known, so a more detailed description is omitted.

When a plurality of DB client drivers 130 exist, the driver manager 120 determines which DB client driver 130 should be used to access the database 200 .

At this time, the driver manager 120 connects to the database 200 using information included in the database 200 connection request signal received from the outside (the above-described database using unit 110 or the below-described virtual driver 140 ). It performs a function of generating and transmitting an execution request signal. In this case, receiving the database 200 connection execution request signal is not necessarily limited to the above-described DB client driver 130, and such a database 200 connection execution request Anything that can process signals is possible.

That is, to describe comprehensively, the driver manager 120 generates a database 200 connection execution request signal based on information included in the database 200 connection request signal received from the outside to generate at least one database 200 driver. To perform the function of transmitting to the database 200, the driver may include the above-described DB client driver 130 as well as the virtual driver 140 to be described later.

In detail, the function of the driver manager 120 will be described. When a database 200 connection request signal is received from the outside, at least one database 200 driver of the database 200 corresponding to the identifier included in the database 200 connection request signal 200) Sends a database 200 connection request signal including login information (this is also extracted from the database 200 connection request signal) to the driver, and performs a database 200 connection received from the database 200 driver It performs a function of transferring the database 200 connection information included in the result signal to the place where the database 200 connection request signal was previously transmitted (eg, the database use unit 110 or the virtual driver 140 ).

Here, the identifier is information for identifying the database 200 or the DB client driver 130 corresponding to each database 200 as described above, and may be in the form of, for example, a Uniform Resource Locator (URL).

Of course, such an identifier in the form of a URL may be initially included in the database 200 connection request signal of the database using unit 110 .

In particular, the driver manager 120 may transmit the identifier, ID, and device information included in the database 200 connection request signal included in the database 200 connection execution request signal, which will be described in more detail later.

On the other hand, the driver manager 120 may itself be formed in plurality, or may internally drive a plurality of processes or a plurality of threads to process the above-described functions, respectively.

For example, the process (or thread) processing the database 200 connection request signal of the database using unit 110 and the process (or thread) processing the database 200 connection request signal of the virtual driver 140 are different from each other. it could be

On the other hand, the virtual driver 140 communicates with the login information management unit 150 using the information included in the database 200 connection execution request signal received from the driver manager 120 to add a login required for database 200 access. It acquires information and performs a function of transmitting a database 200 connection request signal to the driver manager 120 again using the acquired login additional information.

Furthermore, when predetermined database 200 connection information is received from the driver manager 120 with respect to the transmission of the database 200 connection request signal, the virtual driver 140 transmits the database 200 connection request signal prior to this. It can be transmitted to one driver manager 120 .

That is, as described above, when the driver manager 120 internally drives each process to perform function processing, the virtual driver 140 requests a connection to the database 200 from the first process of the driver manager 120 . Upon receiving the signal, the above-described database 200 connection request signal is transmitted to the second process of the driver manager 120 , and when the database 200 connection information is received from the second process of the driver manager 120 , it is transmitted to the driver. It is to perform the function of transferring to the first process of the manager 120 .

When describing the function of the virtual driver 140 in more detail, it is determined whether the primary identifier among the identifiers included in the database 200 connection execution request signal received from the driver manager 120 corresponds to itself, and as a result of the determination itself In the case of , after extracting the secondary identifier included in the corresponding database 200 connection execution request signal, and communicating with the login information management unit 150, the secondary identifier and the login included in the database 200 connection execution request signal The driver manager ( 120) can be transmitted.

As described above, when the identifier is configured in the form of a URL, the virtual driver 140 analyzes the URL received from the driver manager 120 and, if the primary identifier corresponds to itself, removes the corresponding primary identifier and then adds the secondary identifier. A URL changed to the primary identifier may be generated, and a database 200 connection execution request signal including the generated URL may be generated and transmitted to the driver manager 120 .

In addition, when the identifier, ID, and device information are included in the database 200 connection request signal received from the driver manager 120 , the virtual driver 140 transmits the identifier and ID included in the database 200 connection request signal. After extracting at least one of the following and extracting device information, verification may be performed by comparing it with pre-stored verification information.

Here, the device information may be device information of a corresponding user terminal when the database login information management system 100 according to the present embodiment performs processing according to a request of a separate user terminal.

In this case, the device information may be directly included in a signal transmitted by the user terminal. In this case, the data use terminal transmits the device information by including the device information in the database 200 connection request signal, and eventually the driver manager 120 connects to the database 200 It may be included in the execution request signal.

Subsequently, the virtual driver 140 may transmit a database 200 connection request signal including login additional information to the driver manager 120 only when verification is passed.

This is to verify the user terminal connected to the database 200, and is a method to prevent access from an unauthorized user terminal in the first place.

For this, of course, at least one of an identifier and an ID must be matched with device information in the virtual driver 140 in advance, or an encrypted value must be stored based on the matched information.

As another embodiment, the virtual driver 140 extracts at least one of an identifier and an ID included in the database 200 connection execution request signal, and device information stored in advance or included in the database 200 connection execution request signal, A request signal for obtaining additional login information including authentication information corresponding to the extracted information may be transmitted to the login information management unit 150 .

Accordingly, an authentication process may be performed in the login information management unit 150, which will be described later.

As described above, the login information management unit 150 extracts and provides additional login information according to the request of the virtual driver 140 .

To this end, it goes without saying that the login information management unit 150 must match at least one of a predetermined identifier and login information with additional login information and store the matching information. Furthermore, the login information management unit 150 may also perform a function of periodically updating pre-stored additional login information according to a preset algorithm.

Specifically, when a request for additional login information is received from the virtual driver 140, additional login information matching at least one of an identifier included in the request (that is, the above-described secondary identifier) and login information is extracted, The extracted additional login information may be transmitted to the virtual driver 140 .

Here, the login additional information refers to information additionally managed by the login information management unit 150 in addition to the login information included in the database 200 connection request signal in order to log in normally to the database 200, and the database 200 It may replace the login information included in the connection request signal, or may be information added to the login information included in the database 200 connection request signal.

For example, when the request signal of the virtual driver 140 includes a user ID included in the database 200 connection request signal, the login information management unit 150 may transmit a password corresponding to the ID as additional login information. will be.

At this time, the above-described virtual driver 140 may allow login information including a password received from the login information management unit 150 to be included in the database 200 connection request signal, for example, received from the driver manager 120 . When the database 200 connection request signal includes an ID and a password (in this case, a dummy password), the login information in which the dummy password is replaced with the password received from the login information management unit 150 is included in the database 200 connection request signal. can be included.

Meanwhile, the login information management unit 150 may perform authentication processing before performing the above-described function.

For example, the virtual driver 140 extracts at least one of a predetermined identifier and an ID, and device information stored in advance or included in the database 200 connection execution request signal, and includes authentication information corresponding to the extracted information. When the password request signal is transmitted to the login information management unit 150, the login information management unit 150 compares the authentication information included in the password request signal of the virtual driver 140 with the pre-stored authentication information and performs verification, Only when the verification is passed, the requested password may be transmitted to the virtual driver 140 .

This is more meaningful when the virtual driver 140 and the login information management unit 150 are implemented in separate devices.

That is, in the password request signal of the virtual driver 140 (that is, an example of the login additional information request signal), the identifier, ID, and information of the device in which the virtual driver 140 is implemented (eg, IP, MAC address, etc.) When the value encrypted with a hash function is included, the login information management unit 150 may perform verification by comparing the corresponding hash encrypted value with pre-stored authentication information.

This is to filter out cases where a password request signal is received from an unauthorized device.

3 shows an example in which the functions of the virtual driver 140 and the login information management unit 150 are not implemented in the present invention, and in FIG. 4, the functions of the virtual driver 140 and the login information management unit 150 are implemented. Examples of cases are shown.

Referring to FIG. 3 , the driver manager 120 communicates with each DB client driver 130 to select a specific DB client driver 130 in response to the initial request of the data use unit, and the selected DB client driver 130 . A process of connecting to a specific database 200 through .

When explaining an example of the process of selecting a specific DB client driver 130 , the driver manager 120 extracts a database identifier from the database 200 connection request signal received from the database use unit 110 , and the corresponding database identifier When a confirmation request including .

For example, assuming that the driver manager 120 is a Java-based library and the database 200 connection request signal is 'jdbc:oracle:thin:@192.168.0.101:1521:ORA' in the form of URL, each DB After extracting up to 'jdbc:oracle' as an identifier, the client driver 130 may determine whether to respond by comparing it with its own identifier.

Subsequently, when the DB client driver 130 is selected, the driver manager 120 may request the selected DB client driver 130 to access the database 200 to obtain database 200 connection request information. .

A series of signals requested by the above-described driver manager 120 to the DB client driver 130 may all be included in the database 200 connection execution request signal.

On the other hand, FIG. 4 shows a state in which the process of using the virtual driver 140 is added just before the driver manager 120 connects to the database 200 through the specific DB client driver 130 .

In FIG. 4 , although the identifier included in the request signal for performing the connection to the database 200 of the driver manager 120 is in the form of a URL, the content is different from that of FIG. 3 . That is, in Fig. 4, assuming that the URL is jdbc:unikeydpm:jdbc:oracle:thin:@192.168.0.101:1521:ORA, this URL example includes two identifiers: jdbc:unikeydpm and jdbc:oracle. .

In this case, the identifier included in the front is called a primary identifier, and the identifier included in the back is called a secondary identifier. Assuming that the primary identifier jdbc:unikeydpm is the identifier of the virtual driver 140 , such ) to the connection request signal, other DB client drivers 130 do not respond, and only the virtual driver 140 responds.

Accordingly, the driver manager 120 selects the virtual driver 140 and accesses the database 200 to request that the database 200 connection request information be obtained. In this case, the virtual driver 140 is another DB client. Unlike the driver 130 , it does not directly access the database 200 , but generates another database 200 connection request signal and transmits it back to the driver manager 120 .

Of course, at this time, additional login information is acquired through communication with the login information management unit 150, and the database (that is, jdbc:oracle:thin:@192.168.0.101:1521:ORA) including the URL (ie, jdbc:oracle:thin:@192.168.0.101:1521:ORA) has been removed. 200) A connection request signal may be transmitted to the driver manager 120 .

Login information or additional login information may be included in such a URL, or may be included in a separate transmission signal.

Hereinafter, an overall control flow of the database login information management system 100 according to an embodiment of the present invention will be described with reference to FIGS. 5 to 7 .

First, a process in which the virtual driver 140 obtains a password from the login information management unit 150 in response to a request from the driver manager 120 and processes it will be described with reference to FIG. 5 .

When the database use unit 110 transmits a database 200 connection request signal including an identifier, an ID, and a dummy password (step S1), the driver manager 120 transmits an identifier matching confirmation request signal including the corresponding identifier. (Step S3).

Here, it is assumed that the identifier is in the form of jdbc:unikeydpm:jdbc:oracle:thin:@192.168.0.101:1521:ORA as described above.

Here, jdbc:unikeydpm is a primary identifier and jdbc:oracle is a secondary identifier for convenience, but these are only terms separated for convenience, and the database use unit 110 uses a URL of the same format whether or not there is a secondary identifier. A database 200 including a connection request signal may be transmitted.

This identifier matching confirmation request signal can receive not only the virtual driver 140 but also the DB client driver 130. In this embodiment, it is assumed that the virtual driver 140 corresponds to the identifier 'jdbc:unikeydpm' ( In step S5), only the virtual driver 140 transmits a matching response signal to the driver manager 120 (step S7).

Accordingly, the driver manager 120 transmits the database 200 connection information acquisition request signal to the previously responded virtual driver 140 (step S9).

The above-described identifier matching confirmation request signal and the database 200 connection information acquisition request signal may correspond to the aforementioned database 200 connection request signal.

The virtual driver 140 extracts the secondary identifier jdbc:oracle and the ID from the signal of the driver manager 120 (step S11), generates a password request signal including the secondary identifier and the ID, and generates a login information management unit ( 150) (step S13).

The login information management unit 150 extracts the password matched with the received secondary identifier and ID (step S15) and transmits it to the virtual driver 140 (step S17).

The virtual driver 140 connects to the new database 200 including the password received from the login information management unit 150 and the secondary identifier and ID included in the database 200 connection request signal received from the driver manager 120 . A request signal is generated (step S19) and transmitted to the driver manager 120 (step S21).

That is, the new database 200 connection request signal in which the primary identifier is removed from the database 200 connection request signal of the first database using unit 110 and the dummy password is replaced with the password obtained from the login information management unit 150 is the driver It is transmitted to the manager 120 .

For example, a database 200 connection request signal including jdbc:oracle:thin:@192.168.0.101:1521:ORA as an identifier is transmitted to the driver manager 120 .

Here, the driver manager 120 that has transmitted the database 200 connection request signal to the virtual driver 140 and the driver manager 120 that received the database 200 connection request signal from the virtual driver 140 are each process-by-process. can be distinguished.

For convenience, the driver manager 120 that transmits the database 200 connection request signal to the virtual driver 140 is referred to as a first driver manager, and the driver manager 120 that receives the database 200 connection request signal from the virtual driver 140 ( 120) is referred to as the second driver manager.

Hereinafter, a process after the virtual driver 140 transmits a database 200 connection request signal to the driver manager 120 will be described with reference to FIG. 6 .

The virtual driver 140 transmits a database 200 connection request signal to the driver manager 120 (that is, the second driver manager) (step S21). At this time, the database 200 connection request signal of the virtual driver 140 includes: An identifier, an ID, and a password previously obtained from the login information management unit 150 may be included.

The driver manager 120 transmits an identifier matching confirmation request signal including the identifier included in the database 200 connection request signal to the DB client driver 130 (step S23).

Each DB client driver 130 determines whether the identifier received from the driver manager 120 is the same as its own identifier (step S25), and the DB client driver 130 determined to be the same is sent to the driver manager 120. A coincidence response signal is transmitted (step S27).

Accordingly, the driver manager 120 transmits a database 200 connection information acquisition request signal including the ID and password included in the database 200 connection request signal to the corresponding DB client driver 130 (step S29). Of course, the database 200 connection information acquisition request signal of the driver manager 120 may include an identifier corresponding to the database 200 described above.

The DB client driver 130 extracts the ID and password from the signal received from the driver manager 120 (step S31), and transmits a connection request signal including the extracted ID and password to the database 200 corresponding thereto. do (step S33).

In this case, the DB client driver 130 may use the identifier included in the signal received from the driver manager 120 when accessing the database 200 .

That is, the database 200 may be accessed using a URL such as jdbc:oracle:thin:@192.168.0.101:1521:ORA.

The database 200 compares the information (ie, ID and password) included in the connection request signal received from the DB client driver 130 with previously registered information to perform authentication processing (step S35), if authentication is successful The database 200 connection information is transferred to the DB client driver 130 (step S37).

The DB client driver 130 transmits a database connection execution result signal including the database 200 connection information received from the database 200 to the driver manager 120 (step S39).

Accordingly, the driver manager 120 extracts the database 200 connection information included in the database connection execution result signal (step S41) and transmits it to the virtual driver 140 (step S43).

Meanwhile, FIG. 7 illustrates a process after the driver manager 120 transmits the database 200 connection information to the virtual driver 140 .

The virtual driver 140 that has received the database 200 connection information from the driver manager 120 , that is, the second driver manager, transfers it to the previous driver manager 120 , that is, the first driver manager (step S51 ).

Upon receiving the database 200 connection information from the virtual driver 140, the driver manager 120 transmits it to the database use unit 110 that initially transmitted the database 200 connection request signal (step S53).

Accordingly, the database using unit 110 can extract and use the database connection information (step S55).

Here, as described above, the database 200 connection information is the first thing required to view data included in the database 200, and a database-related subquery can be transmitted using this connection information, and as such, the database 200 Acquiring the database 200 connection information before transmitting the sub-query itself corresponds to a known technique, and thus a more detailed description thereof will be omitted.

The process of transmitting the subquery by the database using unit 110 may be performed via the driver manager 120 as described above, or may be performed by direct communication with each DB client driver 130 .

When the database using unit 110 transmits a database 200 connection request signal including an identifier, an ID, and a dummy password through the process of FIGS. 5 to 7 , authentication can be performed from the actual database 200 instead of the dummy password. The actual password may be used in the middle, and eventually the database 200 connection information may be received from the corresponding database 200 .

Therefore, the database using unit 110 or a user using the same does not need to memorize or periodically update a password for using the database 200 .

Of course, in order to further strengthen security with respect to omitting the password, the user of the database 200 may be forced to input the password prior to updating at least for access to the database 200 .

For example, even if the password update for accessing the database 200 is automatically performed by the login information management unit 150 , providing the updated password includes at least the password before the update from the database using unit 110 . can be limited to

To this end, when a password request signal is received from the virtual driver 140 , the login information management unit 150 receives the password included in the password request signal (that is, the password is input by the database use unit 110 , the driver manager 120 and the virtual The updated password is transmitted to the virtual driver 140 only when the dummy password passed through the driver 140) is the same as the currently updated password or the same as the password set just before the update, otherwise an error message may be transmitted.

This error message may be transmitted to the database using unit 110 through a reliable communication path, and after the user confirms the newly updated password, the database 200 connection request signal including the newly updated password is sent back to the driver. It may be transmitted to the manager 120 .

In this case, a function of additionally blocking access to the database 200 may be performed in response to a request from a user or device who does not know the currently updated password or the password immediately before the update.

That is, as described above, the virtual driver 140 or the login information management unit 150 can operate only in response to a request from a reliable device or the like through a verification or authentication process. This can be done to enhance security.

In the above-described embodiment, each component is expressed as if it is physical hardware, but this may correspond to a function differentiated by software.

For example, at least a portion of each component may correspond to a Java-based module or the like.

A case in which modules are configured based on Java will be described as follows.

The JVM is a virtual machine for executing bytecodes created by compiling programs developed in Java, and the JVM library is a basic library that is basically included in this environment.

At this time, JDBC is Java database connectivity, which means an application program interface that connects the database 200 to execute SQL in a Java program. way to provide it.

Therefore, each database client driver that the database manufacturer provides to be compatible with the JDBC method corresponds to the DB client driver 130 described above.

The original meaning of the driver is a device that connects various hardware and operating systems. In general, the database client library that connects using JDBC is called a driver, so it is also used in the present invention in the same way.

According to the communication rule information among the transmitted URL information, the database driver distinguishes whether each driver is a URL that can be processed by itself. Usually, it may be composed of jdbc:db_info: and the like, and examples of this type are as described above.

In addition, in order to find a desired information resource in a vast computer network, it is necessary to accurately identify the location and type of the corresponding information resource. A set of rules indicating this is called a Uniform Resource Locator (URL).

A URL records the type and location of a particular information resource spread over a computer network. The URL is generally composed of 'communication rule:// access address/path name'. The URL in the present invention is a URL for JDBC and includes database type information, connection information, DB name, and the like.

In addition, the driver manager 120 may correspond to a class included in the java.sql package among the JVM libraries. It is a common class for connecting through various JDBC drivers depending on the database type, and the driver for each database is selected according to the URL. and returns the connection information obtained through URL, ID, and PASSWORD through the driver to the application program.

Also, Connection is a class included in the java.sql package of the JVM library and has information on database connection. The application service transmits query information to the database using the Connection class and receives the result information.

The first thing to be acquired using this connection is the database 200 connection information described above.

In addition to the functions of these Java-based modules, the virtual driver 140 is a kind of database driver that plays a key role for implementing the function according to the present invention. If the authentication is normal after sending, after obtaining the password corresponding to the database/ID, the original URL (that is, removing the driver identification information according to the present invention) to the specific DB client driver 130 via the original driver manager 120 , secondary identifier), ID, and the acquired password are transmitted.

The login information management unit 150 is also a key element for implementing the function according to the present invention, and can manage passwords for each ID belonging to each database, and receives the URL, ID, and authentication information transmitted by the virtual driver 140 and receives authentication information After checking, if there is no problem, the function to transmit the corresponding password is performed.

Here, the authentication information is information that can check the information transmitted by the virtual driver 140, and includes some or all of URL information, part or all of ID, system information such as IP of the requested system, hostname, and login information management unit 150 ) is information that allows the login information management unit 150 to authenticate by configuring so that it cannot be tampered with using one or more of the random information issued and stored by the one-way hash or PKI-based digital signature.

Due to this structure, for example, when a system consisting only of the database use unit 110 , the driver manager 120 , the DB client driver 130 , and the database 200 exists, the virtual driver ( 140) and the login information management unit 150 are only added to reduce the inconvenience of a user or the like directly updating a password for using the database 200.

That is, the identifier maintains the URL form as it is, and the virtual driver 140 removes its own identifier from the received database connection execution request signal (that is, the primary identifier is removed and only the secondary identifier remains) ) is transmitted to the driver manager 120 again, so there is no need to change the existing configurations at all.

In the above-described embodiments, it has been mainly described that the dummy password is included when the database use unit 110 transmits the database 200 connection request signal, but it goes without saying that the dummy password itself may not be included.

Meanwhile, it goes without saying that the process of performing each of the above-described embodiments may be performed by a program or application stored in a predetermined recording medium (eg, computer-readable). Here, the recording medium includes an electronic recording medium such as a random access memory (RAM), a magnetic recording medium such as a hard disk, and an optical recording medium such as a compact disk (CD).

In this case, the program stored in the recording medium may be executed on hardware such as a computer or a smart phone to perform each of the above-described embodiments. In particular, at least one of the functional blocks of the database login information management system 100 according to the present invention described above may be implemented by such a program or application.

In addition, the present invention is not limited to the specific embodiments described above, but can be practiced with various modifications and modifications within the scope without departing from the gist of the present invention. It will be apparent that such modifications and variations are included in the present invention provided they fall within the scope of the appended claims.

100: database login information management system
200 : database
110: database use unit 120: driver manager
130: DB client driver 140: virtual driver
150: login information management unit

Claims (9)

When a database connection request signal including an identifier and login information is received from the outside, a database connection request signal including the login information is transmitted to a database driver corresponding to the identifier among at least one database driver, and received from the corresponding database driver a driver manager that transmits database connection information included in a result signal for performing a database connection to a location to which the database connection request signal is transmitted;
When a primary identifier among identifiers included in the database connection request signal received from the driver manager corresponds to a preset identifier, a corresponding database matched using login information included in the corresponding database connection request signal a DB client driver that communicates with and receives database connection information and transmits a database connection execution result signal including the received database connection information to the driver manager;
When the primary identifier among the identifiers included in the database connection execution request signal received from the driver manager corresponds to a preset own identifier, after extracting the secondary identifier included in the corresponding database connection execution request signal, the login information management unit and communicate to obtain additional login information corresponding to at least one of the secondary identifier and the login information included in the database connection execution request signal, include the obtained login additional information in the login information, and set the secondary identifier to 1 a virtual driver that generates a database connection request signal included as a difference identifier and transmits it to the driver manager;
and a login information management unit that manages login additional information matching at least one of the secondary identifier and the login information, and provides corresponding login additional information according to a request of the virtual driver,
The database driver is a database login information management system through a virtual driver, characterized in that at least one of the DB client driver and the virtual driver. According to claim 1,
The identifier included in the database connection execution request signal transmitted by the driver manager is in the form of a Uniform Resource Locator (URL),
The virtual driver analyzes the URL received from the driver manager and, if the primary identifier corresponds to itself, removes the primary identifier and then generates a URL in which the secondary identifier is changed to the primary identifier, and the generated URL Database login information management system through a virtual driver, characterized in that generating a database connection execution request signal comprising a and transmitting it to the driver manager. According to claim 1,
The driver manager transmits the identifier, ID, and device information included in the database connection request signal by including it in the database connection request signal,
The virtual driver extracts at least one of an identifier and an ID included in the database connection execution request signal and the device information, compares it with pre-stored verification information, performs verification, and only when verification is passed, the login additional information Database login information management system through a virtual driver, characterized in that for transmitting a database connection request signal comprising a to the driver manager. According to claim 1,
The virtual driver extracts at least one of an identifier and an ID included in the database connection request signal, and device information stored in advance or included in the database connection request signal, and includes authentication information corresponding to the extracted information. transmits a password request signal to the login information management unit,
The login information management unit performs verification by comparing the authentication information included in the password request signal of the virtual driver with pre-stored authentication information, and transmits the requested password to the virtual driver only when the verification is passed. Database login information management system through virtual driver. (a) When the driver manager receives a database connection request signal including an identifier and login information from the database using unit, it sends a database connection request signal including the login information to a database driver corresponding to the identifier among at least one database driver. transmitting;
(b) the virtual driver extracts the secondary identifier included in the database connection execution request signal when the primary identifier of the identifiers included in the database connection execution request signal received from the driver manager corresponds to its own preset identifier thereafter, communicating with the login information management unit to request additional login information corresponding to at least one of the secondary identifier and the login information included in the database connection request signal;
(c) providing additional login information corresponding to the request of the virtual driver by a login information management unit that manages login additional information matched to at least one of the secondary identifier and the login information;
(d) generating, by the virtual driver, a database connection request signal including the login additional information obtained from the login information management unit in login information and the secondary identifier as a primary identifier, and transmitting the generated database connection request signal to the driver manager;
(e) transmitting, by the driver manager, a database connection request signal including login information to the DB client driver corresponding to the primary identifier included in the database connection request signal received from the virtual driver;
(f) When the DB client driver that has received the database connection execution request signal from the driver manager corresponds to a preset identifier of the DB client driver included in the database connection execution request signal, it is included in the corresponding database connection execution request signal communicating with a previously matched database using the logged-in information to receive database connection information, and transmitting a database connection execution result signal including the received database connection information to the driver manager;
(g) transferring, by the driver manager, database connection information included in a database connection execution result signal received from the DB client driver to a database using unit that has transmitted the database connection request signal,
The database driver is a control method of a database login information management system through a virtual driver, characterized in that at least one of the DB client driver and the virtual driver. 6. The method of claim 5,
The identifier included in the database connection execution request signal transmitted by the driver manager is in the form of a Uniform Resource Locator (URL),
In step (b), the virtual driver analyzes the URL received from the driver manager and requests additional login information from the login information management unit only when the primary identifier corresponds to itself,
In step (d), the virtual driver removes the primary identifier from the URL received from the driver manager, generates a URL in which the secondary identifier is changed to the primary identifier, and performs a database connection including the generated URL. A method of controlling a database login information management system through a virtual driver, characterized in that generating a request signal and transmitting it to the driver manager. 6. The method of claim 5,
In step (a), the driver manager includes the identifier, ID, and device information included in the database connection request signal in the database connection request signal and transmits it;
In step (b), the virtual driver extracts at least one of an identifier and an ID included in the database connection request signal and the device information, compares it with pre-stored verification information, performs verification, and passes verification A control method of a database login information management system through a virtual driver, characterized in that only for requesting the login additional information to the login information management unit. 6. The method of claim 5,
In step (b), the virtual driver extracts at least one of an identifier and an ID included in the database connection execution request signal and device information previously stored or included in the database connection execution request signal, and corresponds to the extracted information. Transmitting a password request signal including authentication information to the login information management unit,
In step (c), the login information management unit performs verification by comparing the authentication information included in the password request signal of the virtual driver with the previously stored authentication information, and only when the verification is passed, the login information management unit transmits the requested password to the virtual driver. A control method of the database login information management system through a virtual driver, characterized in that it is transmitted to. An application program stored in a computer-readable recording medium in combination with hardware to execute the method of any one of claims 5 to 8.

Images