WO2017016422A1 - Cloud-based database detection method and device - Google Patents

Cloud-based database detection method and device Download PDF

Info

Publication number
WO2017016422A1
WO2017016422A1 PCT/CN2016/090618 CN2016090618W WO2017016422A1 WO 2017016422 A1 WO2017016422 A1 WO 2017016422A1 CN 2016090618 W CN2016090618 W CN 2016090618W WO 2017016422 A1 WO2017016422 A1 WO 2017016422A1
Authority
WO
WIPO (PCT)
Prior art keywords
detection
performance
database
priority
preset
Prior art date
Application number
PCT/CN2016/090618
Other languages
French (fr)
Chinese (zh)
Inventor
王义成
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2017016422A1 publication Critical patent/WO2017016422A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • embodiments of the present application have been made in order to provide a cloud-based database detection method and a corresponding cloud-based database detection apparatus that overcome the above problems or at least partially solve the above problems.
  • the embodiment of the present application discloses a method for detecting a database in a cloud, including:
  • Determining a type of detection for detecting one or more database instances includes performance detection and/or security detection;
  • the step of adjusting the priority of the one or more database instances according to the detection type comprises:
  • the step of performing performance detection and/or security detection on the one or more database instances according to the adjusted priority, and obtaining the performance detection result and/or the security detection result includes:
  • the database processing prompt information for modifying the whitelist is generated.
  • a prompt information generating module configured to generate database processing prompt information when the performance detection result and/or the security detection result match a preset performance problem and/or a security problem
  • the priority adjustment module includes:
  • the performance status determination submodule includes:
  • the CPU utilization is higher than a preset utilization threshold
  • the I/O read/write frequency is higher than a preset read/write frequency threshold
  • the connection number is greater than a preset connection number threshold
  • the disk space usage rate is Greater than the preset usage threshold.
  • a fourth generation submodule configured to generate database processing prompt information of the adjustment architecture when the architecture detection result matches the preset problem architecture condition.
  • the detecting module comprises:
  • the security detection sub-module is configured to perform at least one type of security detection, password injection detection, SQL injection detection result, and white list detection result for password cracking, SQL injection, and whitelist detection of the data packet. Test results.
  • a fifth generation submodule configured to generate, when the password crack detection result indicates that a password cracking behavior occurs, generating database processing prompt information of at least one of an attack source, a whitelist adjustment, and an adjustment password;
  • the seventh generation sub-module is configured to generate database processing prompt information for modifying the whitelist when the whitelist result matches the preset large-range condition.
  • a cloud platform is a kind of computer cluster that uses cloud computing, such as a distributed system, and provides cloud computing services, such as ECS (Elastic Compute Service), RDS (Relational Database). Service, relational database service) database, OSS (Open Storage Service) storage, and so on.
  • ECS Elastic Compute Service
  • RDS Relational Database
  • Service relational database service
  • OSS Open Storage Service
  • a database is a logical concept, and corresponding to the actual physical concept, can refer to one or a bunch of files on the disk, which contains data.
  • the database referred to in the embodiment of the present application may be a cloud database, such as a relational database instance or the like.
  • the database code, application and tools can also be applied to the RDS database, and the user can operate the RDS database in the cloud platform through a client such as a browser to reduce the redevelopment cost.
  • the RDS database in the cloud platform takes on time-consuming and labor-intensive database management tasks, enabling users to concentrate on application development and business development.
  • Step 102 Adjust a priority of the one or more database instances according to the detection type.
  • low performance conditions that characterize the performance of the database instance can be set in advance, for example, high CPU utilization, high I/O read/write frequency, high number of connections, high disk space usage, and the like.
  • the low performance condition indicates that the cloud database instance may have a performance bottleneck, and the priority may be increased to perform performance detection first.
  • the creation time of the cloud database instance is less than the preset time threshold, it indicates that the creation time of the cloud database instance is short, and the security performance of the newly created cloud database instance is generally not optimized to the optimal state. , you can increase its priority to prioritize security detection.
  • the priority of the cloud database instance is lower than the preset priority threshold, indicating that the cloud database instance has a lower priority, that is, an object that is not preferentially detected, the priority may be raised in time to prevent being hungry. Dead (that is, no safety test has been performed for a long time).
  • the manner of adjusting the priority is only used as an example.
  • other manners of adjusting the priority may be set according to the actual situation, which is not limited by the embodiment of the present application.
  • those skilled in the art may also adopt other manners of adjusting priorities according to actual needs, and the embodiment of the present application does not limit this.
  • I/O read/write frequency refers to the I/O read/write frequency allocated by the cloud database instance to this physical machine, which can be characterized by IOPS.
  • a cloud database instance of the user is a process on the physical machine, and the process can be isolated by using the cgroup, and the IOPS used by the cloud database instance can be clearly displayed through the cgroup.
  • connection number threshold may be a numerical value representation or a connection rate representation.
  • the number of connections is greater than the preset number of connections threshold, it can indicate that the number of connections is high.
  • step 103 may include the following sub-steps:
  • the current cloud database configuration may be low, which may result in high CPU utilization, multiple connections, high IOPS, and slow execution of SQL statements.
  • database processing prompt information can be generated by one or more of the following methods:
  • the corresponding database processing prompt information can be generated to prompt the user to attack from which IP address, or, it is recommended to adjust the whitelist, refuse access from the IP address, or prompt to adjust the password to increase the strength of the password to prevent brute force.
  • the whitelist is set to % (that is, all IP addresses are allowed to be accessed), it can be judged that the matching of a wide range of conditions matches.
  • Step 105 Push the performance detection result and/or the security detection result and the database processing prompt information.
  • the user can actively request performance detection and/or security detection in the control interface of the cloud database, and the cloud platform responds to the request, performs performance detection and/or security detection on the database, and obtains Performance test results and/or safety test results; generate database processing prompt information when performance test results and/or safety test results match preset performance problems and/or security issues; and, in cloud database control
  • the interface displays performance test results and/or security test results and database processing prompt information.
  • a first improvement submodule configured to increase a priority of a database instance that meets a preset low performance condition when the detection type is performance detection
  • the fourth improvement submodule is configured to: when the detection type is security detection, increase the priority of the database instance whose priority is lower than the preset priority threshold.
  • a performance determining unit configured to determine, according to the adjusted priority, at least one of a CPU usage, an I/O read/write frequency, a connection quantity, and a disk space usage rate of the one or more database instances;
  • the CPU utilization is higher than a preset utilization threshold
  • the I/O read/write frequency is higher than a preset read/write frequency threshold
  • the connection number is greater than a preset connection number threshold
  • the disk space usage rate is Greater than the preset usage threshold.
  • the security detection sub-module is configured to perform at least one type of security detection, password injection detection, SQL injection detection result, and white list detection result for password cracking, SQL injection, and whitelist detection of the data packet. Test results.
  • a sixth generation submodule configured to: when the SQL injection detection result indicates that the SQL injection behavior occurs, generate a current SQL statement, and check database processing prompt information of at least one of the application programs;
  • the seventh generation sub-module is configured to generate database processing prompt information for modifying the whitelist when the whitelist result matches the preset large-range condition.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiments of the present application provide a cloud-based database detection method and device. The method comprises: determining a detection type of detection to be performed on one or more database embodiments, wherein the detection type comprises performance detection and/or safety detection; adapting, according to the detection type, a priority order of the one or more database embodiments; performing, according to the adapted priority order, the performance detection and/or safety detection on the one or more database embodiments, and obtaining a result of the performance detection and/or a result of safety detection; when the result of the performance detection and/or the result of safety detection match a predefined performance problem and/or a predefined safety problem, generating auxiliary database processing information; and transmitting the result of the performance detection and/or the result of safety detection, and the auxiliary database processing information. The embodiments of the present application implement an active cloud database management service, significantly reducing any hidden problem of the cloud database embodiments in performance and safety aspects.

Description

一种基于云的数据库的检测方法和装置Method and device for detecting cloud-based database
本申请要求2015年07月29日递交的申请号为201510456903.5发明名称为“一种基于云的数据库的检测方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application Serial No. No. No. No. No. No. No. No. No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No No
技术领域Technical field
本申请涉及计算机处理的技术领域,特别是涉及一种基于云的数据库的检测方法和一种基于云的数据库的检测装置。The present application relates to the technical field of computer processing, and in particular, to a cloud-based database detection method and a cloud-based database detection apparatus.
背景技术Background technique
随着云计算规模越来越大,基于云的各种产品,如虚拟主机、云数据库等,广泛进入人们的生活、学习、工作等领域。As the scale of cloud computing grows larger, various cloud-based products, such as virtual hosts and cloud databases, enter people's lives, learning, and work.
由于云的优越性,使得大量用户选择将计算机架构部署在云端,数据会选择云数据库进行存储。Due to the superiority of the cloud, a large number of users choose to deploy the computer architecture in the cloud, and the data will select the cloud database for storage.
云数据库的运维和优化的技术门槛较高,而用户对数据库知识掌握不全,导致很多用户并不具备运维好数据库的能力,使得云数据库实例在性能方面和安全方面存在不同程度的隐患。The technical threshold of operation and optimization of cloud database is high, and users have incomplete knowledge of database. As a result, many users do not have the ability to maintain and maintain a good database, which makes cloud database instances have different levels of hidden dangers in terms of performance and security.
在性能方面,由于运维和优化不好,导致云数据库性能运行效率很低,甚至会影响自身的业务处理。In terms of performance, due to poor operation and maintenance and optimization, the performance of cloud database performance is very low, and even affects its own business processing.
在安全方面,由于运维和优化不好,导致存在监控的漏洞,容易被不法分子盗取数据。In terms of security, due to poor operation and maintenance and optimization, there are loopholes in monitoring, which are easily stolen by criminals.
发明内容Summary of the invention
鉴于上述问题,提出了本申请实施例以便提供一种克服上述问题或者至少部分地解决上述问题的一种基于云的数据库的检测方法和相应的一种基于云的数据库的检测装置。In view of the above problems, embodiments of the present application have been made in order to provide a cloud-based database detection method and a corresponding cloud-based database detection apparatus that overcome the above problems or at least partially solve the above problems.
为了解决上述问题,本申请实施例公开了一种于云的数据库的检测方法,包括:In order to solve the above problem, the embodiment of the present application discloses a method for detecting a database in a cloud, including:
确定针对一个或多个数据库实例进行检测的检测类型;所述检测类型包括性能检测和/或安全检测; Determining a type of detection for detecting one or more database instances; the type of detection includes performance detection and/or security detection;
根据所述检测类型调整所述一个或多个数据库实例的优先级;Adjusting a priority of the one or more database instances according to the detection type;
按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;Performing performance detection and/or security detection on the one or more database instances according to the adjusted priority, obtaining performance detection results and/or security detection results;
当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;Generating database processing prompt information when the performance detection result and/or the security detection result matches a preset performance problem and/or a security problem;
推送所述性能检测结果和/或安全检测结果、数据库处理提示信息。Pushing the performance test result and/or the security test result and the database processing prompt information.
优选地,所述根据所述检测类型调整所述一个或多个数据库实例的优先级的步骤包括:Preferably, the step of adjusting the priority of the one or more database instances according to the detection type comprises:
当检测类型为性能检测时,提高符合预设的低性能条件的数据库实例的优先级;When the detection type is performance detection, increase the priority of the database instance that meets the preset low performance condition;
和/或,and / or,
当检测类型为性能检测时,提高调用频率高于预设的频率阈值的数据库实例的优先级;When the detection type is performance detection, increasing the priority of the database instance whose calling frequency is higher than the preset frequency threshold;
和/或,and / or,
当检测类型为安全检测时,提高创建时间小于预设的时间阈值的数据库实例的优先级;When the detection type is security detection, increase the priority of the database instance whose creation time is less than the preset time threshold;
和/或,and / or,
当检测类型为安全检测时,提高优先级低于预设的优先级阈值的数据库实例的优先级。When the detection type is security detection, the priority of the database instance whose priority is lower than the preset priority threshold is raised.
优选地,所述按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果的步骤包括:Preferably, the step of performing performance detection and/or security detection on the one or more database instances according to the adjusted priority, and obtaining the performance detection result and/or the security detection result includes:
按照调整之后的优先级判断所述一个或多个数据库实例的性能状态;Determining the performance status of the one or more database instances according to the adjusted priority;
当所述性能状态符合预设的低性能条件时,对所述数据库实例进行性能检测,获得性能检测结果。When the performance state meets a preset low performance condition, performing performance detection on the database instance to obtain a performance detection result.
优选地,所述按照调整之后的优先级判断所述一个或多个数据库实例的性能状态的步骤包括:Preferably, the step of determining the performance status of the one or more database instances according to the adjusted priority includes:
按照调整之后的优先级判断所述一个或多个数据库实例的CPU利用率、I/O读写频率、连接数量、磁盘空间使用率中的至少一种性能状态;Determining, according to the adjusted priority, at least one of a CPU usage, an I/O read/write frequency, a connection number, and a disk space usage rate of the one or more database instances;
其中,当至少满足以下一个条件时,所述性能状态满足预设的的低性能条件:Wherein, the performance state satisfies a preset low performance condition when at least one of the following conditions is met:
所述CPU利用率高于预设的利用率阈值、所述I/O读写频率高于预设的读写频率阈值、所述连接数量大于预设的连接数量阈值、所述磁盘空间使用率大于预设的使用率阈 值。The CPU utilization is higher than a preset utilization threshold, the I/O read/write frequency is higher than a preset read/write frequency threshold, the connection number is greater than a preset connection number threshold, and the disk space usage rate is Greater than the preset usage threshold value.
优选地,所述对所述数据库实例进行性能检测,获得性能检测结果的步骤包括:Preferably, the step of performing performance detection on the database instance, and obtaining the performance detection result includes:
对所述数据库实例的配置、表结构、SQL语句、架构中的至少一种属性进行性能检测,获得配置检测结果、表结构检测结果、SQL语句检测结果、架构检测结果中的至少一种性能检测结果。Performing performance detection on at least one attribute of the configuration, table structure, SQL statement, and architecture of the database instance, and obtaining at least one performance detection of configuration detection result, table structure detection result, SQL statement detection result, and architecture detection result result.
优选地,所述当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息的步骤包括:Preferably, when the performance detection result and/or the security detection result match the preset performance problem and/or the security problem, the step of generating the database processing prompt information includes:
当所述配置检测结果与预设的低配置条件匹配时,生成提升配置的数据库处理提示信息;When the configuration detection result matches the preset low configuration condition, generating database processing prompt information of the elevated configuration;
和/或,and / or,
当所述表结构检测结果与预设的不合理结构条件匹配时,生成调整表结构的数据库处理提示信息;When the table structure detection result matches the preset unreasonable structural condition, generating database processing prompt information of the adjustment table structure;
和/或,and / or,
当所述SQL语句检测结果与预设的问题语句条件匹配时,生成修改SQL语句的数据库处理提示信息;When the SQL statement detection result matches the preset problem statement condition, generating database processing prompt information for modifying the SQL statement;
和/或,and / or,
当所述架构检测结果与预设的问题架构条件匹配时,生成调整架构的数据库处理提示信息。When the architecture detection result matches the preset problem architecture condition, the database processing prompt information of the adjustment architecture is generated.
优选地,所述按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果的步骤包括:Preferably, the step of performing performance detection and/or security detection on the one or more database instances according to the adjusted priority, and obtaining the performance detection result and/or the security detection result includes:
按照调整之后的优先级抓取发往所述一个或多个数据库实例的数据包;Grab the data packets sent to the one or more database instances according to the adjusted priority;
针对所述数据包进行密码破解、SQL注入、白名单中的至少一种安全检测,获得密码破解检测结果、SQL注入检测结果、白名单检测结果中的至少一种安全检测结果。Performing at least one type of security detection in the password cracking, SQL injection, and whitelisting on the data packet, and obtaining at least one of the password crack detection result, the SQL injection detection result, and the whitelist detection result.
优选地,所述当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息的步骤包括:Preferably, when the performance detection result and/or the security detection result match the preset performance problem and/or the security problem, the step of generating the database processing prompt information includes:
当所述密码破解检测结果表示出现密码破解行为时,生成攻击来源、调整白名单、调整密码中的至少一者的数据库处理提示信息;When the password crack detection result indicates that the password cracking behavior occurs, generating database processing prompt information of at least one of the attack source, the whitelist adjustment, and the adjustment password;
和/或,and / or,
当所述SQL注入检测结果表示出现SQL注入行为时,生成当前的SQL语句、检查应用程序中至少一者的数据库处理提示信息; When the SQL injection detection result indicates that the SQL injection behavior occurs, generating a current SQL statement and checking database processing prompt information of at least one of the application programs;
和/或,and / or,
当所述白名单结果与预设的大范围条件匹配时,生成修改白名单的数据库处理提示信息。When the whitelist result matches the preset large-range condition, the database processing prompt information for modifying the whitelist is generated.
本申请实施例还公开了一种基于云的数据库的检测装置,包括:The embodiment of the present application further discloses a cloud-based database detecting apparatus, including:
检测类型确定模块,用于确定针对一个或多个数据库实例进行检测的检测类型;所述检测类型包括性能检测和/或安全检测;a detection type determining module, configured to determine a type of detection for detecting one or more database instances; the type of detection includes performance detection and/or security detection;
优先级调整模块,用于根据所述检测类型调整所述一个或多个数据库实例的优先级;a priority adjustment module, configured to adjust a priority of the one or more database instances according to the detection type;
检测模块,用于按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;a detecting module, configured to perform performance detection and/or security detection on the one or more database instances according to the adjusted priority, and obtain performance testing results and/or security testing results;
提示信息生成模块,用于在所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;a prompt information generating module, configured to generate database processing prompt information when the performance detection result and/or the security detection result match a preset performance problem and/or a security problem;
推送模块,用于推送所述性能检测结果和/或安全检测结果、数据库处理提示信息。The pushing module is configured to push the performance detection result and/or the security detection result and the database processing prompt information.
优选地,所述优先级调整模块包括:Preferably, the priority adjustment module includes:
第一提高子模块,用于在检测类型为性能检测时,提高符合预设的低性能条件的数据库实例的优先级;a first improvement submodule, configured to increase a priority of a database instance that meets a preset low performance condition when the detection type is performance detection;
和/或,and / or,
第二提高子模块,用于在检测类型为性能检测时,提高调用频率高于预设的频率阈值的数据库实例的优先级;a second improvement submodule, configured to: when the detection type is performance detection, increase a priority of a database instance whose calling frequency is higher than a preset frequency threshold;
和/或,and / or,
第三提高子模块,用于在检测类型为安全检测时,提高创建时间小于预设的时间阈值的数据库实例的优先级;The third improvement sub-module is configured to: when the detection type is security detection, increase the priority of the database instance whose creation time is less than a preset time threshold;
和/或,and / or,
第四提高子模块,用于在检测类型为安全检测时,提高优先级低于预设的优先级阈值的数据库实例的优先级。The fourth improvement submodule is configured to: when the detection type is security detection, increase the priority of the database instance whose priority is lower than the preset priority threshold.
优选地,所述检测模块包括:Preferably, the detecting module comprises:
性能状态判断子模块,用于按照调整之后的优先级判断所述一个或多个数据库实例的性能状态;a performance status determining submodule, configured to determine a performance status of the one or more database instances according to the adjusted priority;
性能检测子模块,用于在所述性能状态符合预设的低性能条件时,对所述数据库实例进行性能检测,获得性能检测结果。 The performance detection sub-module is configured to perform performance detection on the database instance when the performance state meets a preset low performance condition, and obtain a performance detection result.
优选地,所述性能状态判断子模块包括:Preferably, the performance status determination submodule includes:
性能判断单元,用于按照调整之后的优先级判断所述一个或多个数据库实例的CPU利用率、I/O读写频率、连接数量、磁盘空间使用率中的至少一种性能状态;a performance determining unit, configured to determine, according to the adjusted priority, at least one of a CPU usage, an I/O read/write frequency, a connection quantity, and a disk space usage rate of the one or more database instances;
其中,当至少满足以下一个条件时,所述性能状态满足预设的的低性能条件:Wherein, the performance state satisfies a preset low performance condition when at least one of the following conditions is met:
所述CPU利用率高于预设的利用率阈值、所述I/O读写频率高于预设的读写频率阈值、所述连接数量大于预设的连接数量阈值、所述磁盘空间使用率大于预设的使用率阈值。The CPU utilization is higher than a preset utilization threshold, the I/O read/write frequency is higher than a preset read/write frequency threshold, the connection number is greater than a preset connection number threshold, and the disk space usage rate is Greater than the preset usage threshold.
优选地,所述性能检测子模块包括:Preferably, the performance detection submodule comprises:
数据库实例属性检测单元,用于对所述数据库实例的配置、表结构、SQL语句、架构中的至少一种属性进行性能检测,获得配置检测结果、表结构检测结果、SQL语句检测结果、架构检测结果中的至少一种性能检测结果。The database instance attribute detecting unit is configured to perform performance detection on the configuration, the table structure, the SQL statement, and at least one attribute of the database instance, obtain configuration detection result, table structure detection result, SQL statement detection result, and architecture detection. At least one of the results of the performance test.
优选地,所述提示信息生成模块包括:Preferably, the prompt information generating module includes:
第一生成子模块,用于在所述配置检测结果与预设的低配置条件匹配时,生成提升配置的数据库处理提示信息;a first generation submodule, configured to generate database processing prompt information of the elevated configuration when the configuration detection result matches the preset low configuration condition;
和/或,and / or,
第二生成子模块,用于在所述表结构检测结果与预设的不合理结构条件匹配时,生成调整表结构的数据库处理提示信息;a second generation submodule, configured to generate database processing prompt information of the adjustment table structure when the table structure detection result matches the preset unreasonable structural condition;
和/或,and / or,
第三生成子模块,用于在所述SQL语句检测结果与预设的问题语句条件匹配时,生成修改SQL语句的数据库处理提示信息;a third generation submodule, configured to generate a database processing prompt information for modifying the SQL statement when the SQL statement detection result matches a preset problem statement condition;
和/或,and / or,
第四生成子模块,用于在所述架构检测结果与预设的问题架构条件匹配时,生成调整架构的数据库处理提示信息。And a fourth generation submodule, configured to generate database processing prompt information of the adjustment architecture when the architecture detection result matches the preset problem architecture condition.
优选地,所述检测模块包括:Preferably, the detecting module comprises:
抓包子模块,用于按照调整之后的优先级抓取发往所述一个或多个数据库实例的数据包;The packet capture sub-module is configured to capture data packets sent to the one or more database instances according to the adjusted priority;
安全检测子模块,用于针对所述数据包进行密码破解、SQL注入、白名单中的至少一种安全检测,获得密码破解检测结果、SQL注入检测结果、白名单检测结果中的至少一种安全检测结果。The security detection sub-module is configured to perform at least one type of security detection, password injection detection, SQL injection detection result, and white list detection result for password cracking, SQL injection, and whitelist detection of the data packet. Test results.
优选地,所述提示信息生成模块包括: Preferably, the prompt information generating module includes:
第五生成子模块,用于在所述密码破解检测结果表示出现密码破解行为时,生成攻击来源、调整白名单、调整密码中的至少一者的数据库处理提示信息;a fifth generation submodule, configured to generate, when the password crack detection result indicates that a password cracking behavior occurs, generating database processing prompt information of at least one of an attack source, a whitelist adjustment, and an adjustment password;
和/或,and / or,
第六生成子模块,用于在所述SQL注入检测结果表示出现SQL注入行为时,生成当前的SQL语句、检查应用程序中至少一者的数据库处理提示信息;a sixth generation submodule, configured to: when the SQL injection detection result indicates that the SQL injection behavior occurs, generate a current SQL statement, and check database processing prompt information of at least one of the application programs;
和/或,and / or,
第七生成子模块,用于在所述白名单结果与预设的大范围条件匹配时,生成修改白名单的数据库处理提示信息。The seventh generation sub-module is configured to generate database processing prompt information for modifying the whitelist when the whitelist result matches the preset large-range condition.
本申请实施例包括以下优点:Embodiments of the present application include the following advantages:
本申请实施例按照检测类型调整数据库实例的优先级,按照优先级数据库实例的优先级,若出现性能问题、安全问题,则生成数据库实例处理提示信息进行推送,实现了主动运维的云数据库管家服务,大大降低了云据库的运维和优化的技术门槛,大大减少了云数据库实例在性能方面和安全方面的隐患,一方面,提高了云数据库的运行效率,保证业务处理,另一方面,减少监控的漏洞,保证云数据库中的数据安全。The embodiment of the present application adjusts the priority of the database instance according to the detection type, and according to the priority of the priority database instance, if a performance problem or a security problem occurs, the database instance processing prompt information is generated and pushed, and the cloud database steward of the active operation and maintenance is realized. The service greatly reduces the technical threshold of the operation and optimization of the cloud database, greatly reduces the hidden dangers of the performance and security of the cloud database instance. On the one hand, it improves the operation efficiency of the cloud database and ensures the business processing. Reduce the vulnerability of monitoring and ensure the security of data in the cloud database.
附图说明DRAWINGS
图1是本申请的一种基于云的数据库的检测方法实施例的步骤流程图;1 is a flow chart of steps of an embodiment of a method for detecting a cloud-based database according to the present application;
图2是本申请的一种基于云的数据库的检测装置实施例的结构框图。2 is a structural block diagram of an embodiment of a detection apparatus for a cloud-based database of the present application.
具体实施方式detailed description
为使本申请的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本申请作进一步详细的说明。The above described objects, features and advantages of the present application will become more apparent and understood.
参照图1,示出了本申请的一种基于云的数据库的检测方法实施例的步骤流程图,具体可以包括如下步骤:Referring to FIG. 1 , a flow chart of steps of a method for detecting a cloud-based database of the present application is shown, which may specifically include the following steps:
步骤101,确定针对一个或多个数据库实例进行检测的检测类型;Step 101: Determine a type of detection for detecting one or more database instances;
需要说明的是,本申请实施例可以应用于云平台(cloud platforms)中。It should be noted that the embodiments of the present application can be applied to cloud platforms.
云平台是应用云计算(cloud computing)的一种计算机集群,如分布式系统,提供云计算服务,如ECS(Elastic Compute Service,云服务器)虚拟机、RDS(Relational Database  Service,关系型数据库服务)数据库、OSS(Open Storage Service,开放存储服务)存储,等等。A cloud platform is a kind of computer cluster that uses cloud computing, such as a distributed system, and provides cloud computing services, such as ECS (Elastic Compute Service), RDS (Relational Database). Service, relational database service) database, OSS (Open Storage Service) storage, and so on.
通常,数据库是一个逻辑上的概念,而对应到实际的物理概念上,可以指磁盘上的一个或者一堆文件,里边包含着数据。Usually, a database is a logical concept, and corresponding to the actual physical concept, can refer to one or a bunch of files on the disk, which contains data.
本申请实施例所指数据库可以为云数据库,如关系型数据库实例等等。The database referred to in the embodiment of the present application may be a cloud database, such as a relational database instance or the like.
数据库实例是计算机内存中处于运行状态的数据库程序,以及为这些程序分配的一些内存空间,实例负责实现给用户提供网络连接、读写数据文件等等各种功能。Database instances are database programs that are running in computer memory, and some memory space allocated for these programs. The instance is responsible for implementing various functions such as providing network connections to users, reading and writing data files, and so on.
以RDS数据库作为云数据库的一种示例,该RDS数据库是将直接运行于物理服务器上的数据库实例提供给用户,可以支持MySQL、SQL(Structured Query Language,结构化查询语言)Server和PostgreSQL等关系型数据库的访问协议Taking the RDS database as an example of a cloud database, the RDS database provides a database instance running directly on the physical server to the user, and can support MySQL, SQL (Structured Query Language) Server, and PostgreSQL. Database access protocol
目前数据库的代码、应用程序和工具也可以应用在RDS数据库上,用户可以通过浏览器等客户端对云平台中的RDS数据库进行操作,减小重新开发成本。At present, the database code, application and tools can also be applied to the RDS database, and the user can operate the RDS database in the cloud platform through a client such as a browser to reduce the redevelopment cost.
云平台中的RDS数据库承担了耗时费力的数据库管理任务,使得用户能够专心于应用开发和业务发展。The RDS database in the cloud platform takes on time-consuming and labor-intensive database management tasks, enabling users to concentrate on application development and business development.
由于关系型数据库等云数据库的运维和优化的技术门槛较高,而一般用户不具备相应的专业知识,因此,本申请实施例提出了一种主动运维的云数据库管家服务,主动对云数据库实例进行性能、安全等维度的检测,即检测类型可以包括性能检测和/或安全检测。Since the technical thresholds for the operation and optimization of the cloud database such as the relational database are high, and the general user does not have the corresponding professional knowledge, the embodiment of the present application proposes a cloud database steward service of active operation and maintenance, actively taking the cloud. The database instance performs detection of dimensions such as performance and security, that is, the detection type may include performance detection and/or security detection.
步骤102,根据所述检测类型调整所述一个或多个数据库实例的优先级;Step 102: Adjust a priority of the one or more database instances according to the detection type.
在实际应用中,云平台中的云数据库实例的数量是十分之多的,并不能一次性对全部云数据库实例进行检测,因此,可以采用以下方式调整数据库实例的优先级:In practical applications, the number of cloud database instances in the cloud platform is very large, and all cloud database instances cannot be detected at one time. Therefore, the priority of the database instance can be adjusted in the following manner:
1、当检测类型为性能检测时,提高符合预设的低性能条件的数据库实例的优先级;1. When the detection type is performance detection, increase the priority of the database instance that meets the preset low performance condition;
在此方式中,可以预先设定表征数据库实例性能较低的低性能条件,例如,CPU利用率较高、I/O读写频率较高、连接数较多、磁盘空间使用率较高等等。In this manner, low performance conditions that characterize the performance of the database instance can be set in advance, for example, high CPU utilization, high I/O read/write frequency, high number of connections, high disk space usage, and the like.
若云数据库实例经常满足(如一段时间内的满足频次高于一定的频次阈值)该低性能条件,表示该云数据库实例可能存在性能瓶颈,则可以提高其优先级,以优先进行性能检测。If the cloud database instance is often satisfied (for example, the frequency of the frequency is higher than a certain frequency threshold for a period of time), the low performance condition indicates that the cloud database instance may have a performance bottleneck, and the priority may be increased to perform performance detection first.
2、当检测类型为性能检测时,提高调用频率高于预设的频率阈值的数据库实例的优先级;2. When the detection type is performance detection, increase the priority of the database instance whose calling frequency is higher than the preset frequency threshold;
在此方式中,若用户调用云数据库实例,如打开云数据库的管理页面、在云数据库 中进行读写操作等等,则可以记录调用频率。In this mode, if the user invokes a cloud database instance, such as opening a management page of the cloud database, in the cloud database In the case of reading and writing operations, etc., the calling frequency can be recorded.
若云数据库实例的调用频率高于预设的频率阈值,表示该云数据库实例使用频繁,则可以提高其优先级,以优先进行性能检测。If the frequency of the cloud database instance is higher than the preset frequency threshold, indicating that the cloud database instance is used frequently, the priority can be increased to prioritize performance detection.
3、当检测类型为安全检测时,提高创建时间小于预设的时间阈值的数据库实例的优先级;3. When the detection type is security detection, increase the priority of the database instance whose creation time is less than the preset time threshold;
在此方式中,若云数据库实例的提高创建时间小于预设的时间阈值,表示该云数据库实例的创建时间较短,为新创建的云数据库实例,各项安全性能一般未优化到最佳状态,则可以提高其优先级,以优先进行安全检测。In this mode, if the creation time of the cloud database instance is less than the preset time threshold, it indicates that the creation time of the cloud database instance is short, and the security performance of the newly created cloud database instance is generally not optimized to the optimal state. , you can increase its priority to prioritize security detection.
4、当检测类型为安全检测时,提高优先级低于预设的优先级阈值的数据库实例的优先级。4. When the detection type is security detection, increase the priority of the database instance whose priority is lower than the preset priority threshold.
在此方式中,若云数据库实例的优先级低于预设的优先级阈值,表示该云数据库实例的优先级较低,即非优先检测的对象,则可以适时提高其优先级,防止被饿死(即长时间未进行安全检测)。In this mode, if the priority of the cloud database instance is lower than the preset priority threshold, indicating that the cloud database instance has a lower priority, that is, an object that is not preferentially detected, the priority may be raised in time to prevent being hungry. Dead (that is, no safety test has been performed for a long time).
当然,上述调整优先级的方式只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他调整优先级的方式,本申请实施例对此不加以限制。另外,除了上述调整优先级的方式外,本领域技术人员还可以根据实际需要采用其它调整优先级的方式,本申请实施例对此也不加以限制。Certainly, the manner of adjusting the priority is only used as an example. In the implementation of the embodiment of the present application, other manners of adjusting the priority may be set according to the actual situation, which is not limited by the embodiment of the present application. In addition, in addition to the above-mentioned manner of adjusting priorities, those skilled in the art may also adopt other manners of adjusting priorities according to actual needs, and the embodiment of the present application does not limit this.
步骤103,按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;Step 103: Perform performance detection and/or security detection on the one or more database instances according to the adjusted priority, and obtain performance test results and/or security test results.
不同检测类型的检测具有对应的优先级,检测类型的优先级越高,越优先进行该检测类型的检测。The detection of different detection types has a corresponding priority. The higher the priority of the detection type, the more preferential the detection of the detection type.
如,性能检测的优先级越高的,越优先进行性能检测;For example, the higher the priority of performance detection, the higher the performance detection;
又如,安全检测的优先级越高的,越优先进行安全检测。For example, the higher the priority of security detection, the higher the priority is to perform security detection.
当然,对于同一个云数据库实例,可以单独进行性能检测,也可以单独进行安全检测,还可以同时进行性能检测和安全检测,本申请实施例对此不加以限制。Of course, for the same cloud database instance, the performance detection may be performed separately, or the security detection may be performed separately, and the performance detection and the security detection may be performed at the same time, which is not limited in the embodiment of the present application.
在本申请的一种优选实施例中,步骤103可以包括如下子步骤:In a preferred embodiment of the present application, step 103 may include the following sub-steps:
子步骤S11,按照调整之后的优先级判断所述一个或多个数据库实例的性能状态;Sub-step S11, determining the performance status of the one or more database instances according to the adjusted priority;
子步骤S12,当所述性能状态符合预设的低性能条件时,对所述数据库实例进行性能检测,获得性能检测结果。Sub-step S12, when the performance state meets a preset low performance condition, performing performance detection on the database instance to obtain a performance detection result.
在本申请实施例中,可以定时对云数据库实例进行性能状态的判断,识别云数据库 实例的性能现状。In the embodiment of the present application, the performance of the cloud database instance may be periodically determined to identify the cloud database. The performance status of the example.
若云数据库实例的性能状态符合预设的低性能条件,表示该云数据库实例的性能较低,存在性能异常,可以进行性能检测。If the performance status of the cloud database instance meets the preset low performance condition, it indicates that the performance of the cloud database instance is low, and the performance is abnormal, and performance detection can be performed.
进一步而言,本申请实施例可以按照调整之后的优先级判断一个或多个数据库实例的CPU(Central Processing Unit,中央处理器)利用率、I/O(Input/Output,输入/输出端口)读写频率、连接数量、磁盘空间使用率中的至少一种性能状态。Further, the embodiment of the present application can determine the CPU (Central Processing Unit) utilization, I/O (Input/Output, input/output port) reading of one or more database instances according to the adjusted priority. At least one of the write frequency, the number of connections, and the disk space usage.
在实际应用中,云数据库在物理机上是面对多个用户的,云平台可以采用物理隔离的方式分配给多个用户。In practical applications, the cloud database is faced with multiple users on the physical machine, and the cloud platform can be allocated to multiple users in a physically isolated manner.
由于多个云数据库实例是共用一个物理机的资源,云平台可以针对云数据库实例的配置分配相应的CPU资源、IOPS(即每秒进行读写(I/O)操作的次数)、连接数量、磁盘空间等等。Since multiple cloud database instances share the resources of one physical machine, the cloud platform can allocate corresponding CPU resources, IOPS (that is, the number of read/write (I/O) operations per second), the number of connections, and the number of connections, for the configuration of the cloud database instance. Disk space and more.
用户分配云数据库实例后,可以产生一个唯一的实例ID,发起性能检测时,可以根据这个实例ID去检测其自身使用的CPU利用率、I/O读写频率、连接数量、磁盘空间使用率等等。After the user allocates a cloud database instance, a unique instance ID can be generated. When the performance check is initiated, the CPU ID, I/O read/write frequency, connection number, disk space usage, etc. can be detected according to the instance ID. Wait.
对于CPU利用率,是指云数据库实例当前消耗的CPU资源占所分配的CPU资源的比率。For CPU utilization, the ratio of CPU resources currently consumed by the cloud database instance to the allocated CPU resources.
假如,针对240M内存(配置)的云数据库实例,云平台会可以分配给这个云数据库实例该物理机10%的CPU资源,如果该云数据库实例使用了该物理机5%的CPU资源,这个时候这个云数据库实例的CPU利用率是50%。If, for a cloud database instance with 240M memory (configuration), the cloud platform can allocate 10% of the CPU resources of the physical machine to the cloud database instance. If the cloud database instance uses 5% of the CPU resources of the physical machine, this time The CPU utilization of this cloud database instance is 50%.
对于I/O读写频率,是指云数据库实例分配到此台物理机上的I/O读写频率,可以以IOPS进行表征。For I/O read/write frequency, it refers to the I/O read/write frequency allocated by the cloud database instance to this physical machine, which can be characterized by IOPS.
进一步而言,用户的一个云数据库实例,在物理机上是一个进程,可以采用cgroup进行进程隔离,通过cgroup可以明确显示出该云数据库实例所使用的IOPS。Further, a cloud database instance of the user is a process on the physical machine, and the process can be isolated by using the cgroup, and the IOPS used by the cloud database instance can be clearly displayed through the cgroup.
对于连接数量,是指云数据库实例与客户端(应用程序,命令行工具等)的连接数量。For the number of connections, the number of connections between the cloud database instance and the client (application, command line tools, etc.).
云数据库实例中可以具有管理连接数量的参数connections,通过查询该参数connections可以明确表明当前的连接数量。The cloud database instance can have parameter connections for managing the number of connections. By querying the connection, the number of connections can be clearly indicated.
对于磁盘空间使用率,是指云数据库实例当前使用的磁盘空间占所分配的磁盘空间的比率。For disk space usage, the ratio of the disk space currently used by the cloud database instance to the allocated disk space.
假如,针对240M内存(配置)的云数据库实例,云平台会可以分配给这个云数据 库实例该物理机的10G的磁盘空间,如果该云数据库实例使用了该物理机3G的磁盘空间,这个时候这个云数据库实例的磁盘空间使用率是30%。If, for a cloud database instance with 240M memory (configuration), the cloud platform can be assigned to this cloud data. The library instance has 10 GB of disk space of the physical machine. If the cloud database instance uses the disk space of the physical machine 3G, the disk space utilization rate of the cloud database instance is 30%.
其中,当至少满足以下一个条件时,性能状态满足预设的的低性能条件:Wherein, when at least one of the following conditions is met, the performance state satisfies a preset low performance condition:
1、CPU利用率高于预设的利用率阈值;1. The CPU utilization is higher than the preset utilization threshold;
在具体实现中,用户或者云平台的技术人员可以按照云数据库实例的配置设定相应的利用率阈值。In a specific implementation, the user or the technician of the cloud platform may set a corresponding utilization threshold according to the configuration of the cloud database instance.
若CPU利用率高高于预设的利用率阈值,如80%,则可以表示CUP利用率较高。If the CPU utilization is higher than the preset utilization threshold, such as 80%, it can indicate that the CPU utilization is higher.
CPU利用率较高可以会引起发往云数据库实例的SQL语句执行会比较慢,导致云数据库实例的性能下降。A high CPU utilization may cause the execution of SQL statements sent to the cloud database instance to be slow, resulting in a decrease in the performance of the cloud database instance.
2、I/O读写频率高于预设的读写频率阈值;2. The I/O read/write frequency is higher than the preset read/write frequency threshold;
在具体实现中,用户或者云平台的技术人员可以按照云数据库实例的配置设定相应的读写频率阈值。In a specific implementation, the user or the technician of the cloud platform can set the corresponding read/write frequency threshold according to the configuration of the cloud database instance.
若I/O读写频率(如IOPS)高于预设的读写频率阈值,则可以表示I/O读写频率较高。If the I/O read/write frequency (such as IOPS) is higher than the preset read/write frequency threshold, it can indicate that the I/O read/write frequency is high.
例如,针对240M内存(配置)的云数据库实例,云平台可以分配150的IOPS,如果该云数据库实例的IOPS为140,IOPS使用率超过了读写频率阈值80%,可以认为读写频率较高。For example, for a cloud database instance with 240M memory (configuration), the cloud platform can allocate 150 IOPS. If the IOPS of the cloud database instance is 140, the IOPS usage rate exceeds the read/write frequency threshold of 80%, which can be considered as a higher read/write frequency. .
在I/O读写频率(如IOPS)较高的情况下,容易导致云数据库实例的性能下降。In the case of high I/O read/write frequencies (such as IOPS), it is easy to cause performance degradation of cloud database instances.
例如,有的SQL查询需要进行旧数据的访问(数据在磁盘上),该操作就会非常慢。For example, some SQL queries require access to old data (data is on disk), which can be very slow.
3、连接数量大于预设的连接数量阈值;3. The number of connections is greater than a preset number of connections threshold;
在具体实现中,用户或者云平台的技术人员可以按照云数据库实例的配置设定相应的连接数量阈值。In a specific implementation, the user or the technician of the cloud platform may set a corresponding connection quantity threshold according to the configuration of the cloud database instance.
需要说明的的是,该连接数量阈值可以是数值表示,也可以是连接率表示。It should be noted that the connection number threshold may be a numerical value representation or a connection rate representation.
当连接数量阈值为数值时,可以直接将连接数量与连接数量阈值进行比较。When the number of connections threshold is a numeric value, the number of connections can be directly compared to the number of connections threshold.
当连接数量阈值为连接率时,可以将连接数量转换为连接率(即已使用的连接数量/配置的连接数量),再与连接数量阈值进行比较,也可以将连接数量阈值转换为连接数量(即配置的连接数量*连接数量阈值),再与连接数量进行比较。When the number of connections threshold is the connection rate, you can convert the number of connections to the connection rate (that is, the number of connections used / the number of configured connections), and then compare with the number of connections threshold, or you can convert the number of connections threshold to the number of connections ( That is, the number of configured connections * the number of connections threshold) is compared with the number of connections.
若连接数量大于预设的连接数量阈值,则可以表示连接数量较高。If the number of connections is greater than the preset number of connections threshold, it can indicate that the number of connections is high.
连接数量较高可以提示用户需要注意应用的使用,有可能是因为有不合理的SQL语句执行时间过长,导致连接没有释放掉。 A high number of connections can prompt the user to pay attention to the use of the application. It may be because the unreasonable SQL statement takes too long to execute, and the connection is not released.
此外,连接数量较高会占用过大内存,使内存中承载的数据过少,影响云数据库实例的响应时间。In addition, a high number of connections will consume too much memory, so that too little data is carried in the memory, which affects the response time of the cloud database instance.
如果连接数占满(即到达配置的最大连接数量)后,将不允许有新连接,会使用户的业务停掉。If the number of connections is full (that is, the maximum number of connections reached the configuration), new connections will not be allowed and the user's business will be stopped.
4、磁盘空间使用率大于预设的使用率阈值。4. The disk space usage is greater than the preset usage threshold.
在具体实现中,用户或者云平台的技术人员可以按照云数据库实例的配置设定相应的使用率阈值。In a specific implementation, the user or the technician of the cloud platform can set the corresponding usage threshold according to the configuration of the cloud database instance.
若磁盘空间使用率大于预设的使用率阈值,则可以表示磁盘空间占用较多。If the disk space usage is greater than the preset usage threshold, it can indicate that the disk space is occupied.
磁盘占用过大通常是由于数据文件过大,日志文件过大,临时文件过大等引起的,其中,临时文件过大多半是存在不合理的SQL语句查询、换用磁盘空间操作等现象,这种情况会严重的影响数据库实例性能。The disk usage is too large, usually because the data file is too large, the log file is too large, and the temporary file is too large. Among them, most of the temporary files are unreasonable SQL statement query and disk space operation. This situation can seriously affect database instance performance.
当然,上述性能状态只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他性能状态,本申请实施例对此不加以限制。另外,除了上述性能状态外,本领域技术人员还可以根据实际需要采用其它性能状态,本申请实施例对此也不加以限制。Of course, the foregoing performance state is only an example. When the embodiment of the present application is implemented, other performance states may be set according to actual conditions, which is not limited by the embodiment of the present application. In addition, other performance states may be used by those skilled in the art in addition to the above-mentioned performance states, and the embodiments of the present application do not limit this.
此外,本申请实施例还可以对数据库实例的配置、表结构、SQL语句、架构中的至少一种属性进行性能检测,获得配置检测结果、表结构检测结果、SQL语句检测结果、架构检测结果中的至少一种性能检测结果。In addition, the embodiment of the present application may perform performance detection on at least one attribute of a database instance configuration, a table structure, a SQL statement, and an architecture, and obtain configuration detection results, table structure detection results, SQL statement detection results, and architecture detection results. At least one performance test result.
具体而言,配置指的是云数据库的型号,其反映的是所分配的硬件资源情况,可以影响云数据库实例的性能高低,其示例可以如下表所示:Specifically, the configuration refers to the model of the cloud database, which reflects the allocated hardware resources and can affect the performance of the cloud database instance. Examples can be as follows:
型号model 连接数量Number of connections IOPSIOPS 磁盘空间disk space
240M240M 6060 150150 10G10G
600M600M 150150 300300 20G20G
1200M1200M 300300 600600 50G50G
若对配置进行性能检测,则可以获得配置检测结果。If the configuration is tested for performance, the configuration test results can be obtained.
一个数据库中可能包含若干个数据表,本申请实施例的表结构中的表指的是云数据库中的数据表,是用来存储和操作数据的一种逻辑结构,例如,一个表a,里面含有三个字段,log1、log2、log3。A database may contain several data tables. The table in the table structure of the embodiment of the present application refers to a data table in the cloud database, which is a logical structure for storing and operating data, for example, a table a, inside Contains three fields, log1, log2, log3.
表结构是否合理,影响着SQL语句的执行,从而影响云数据库实例性能。Whether the table structure is reasonable or not affects the execution of the SQL statement, thereby affecting the performance of the cloud database instance.
若对表结构进行性能检测,则可以获得表结构检测结果。 If the performance of the table structure is tested, the table structure test result can be obtained.
SQL语句是数据库的操作命令集,可以对云数据库中的数据进行查询、更新(如插入、删除、修改)、控制等操作,直接体现云数据库实例的性能。The SQL statement is a set of operation commands of the database. It can query, update (such as insert, delete, modify) and control the data in the cloud database, directly reflecting the performance of the cloud database instance.
若对SQL语句进行性能检测,则可以获得SQL语句检测结果。If the performance of the SQL statement is tested, the SQL statement detection result can be obtained.
架构指的数据库的应用架构,架构是否有问题,影响着云数据库实例的性能。The architecture refers to the application architecture of the database. Whether the architecture has problems affects the performance of the cloud database instance.
例如,若数据库实例读操作较多、写操作较少,可以使用只读实例,提供一主多读的架构;For example, if the database instance has more read operations and fewer write operations, a read-only instance can be used to provide a main multi-read architecture;
又例如,若数据库实例的写操作非常多,可以使用水平拆分的架构,扩展写能力。For another example, if the database instance has a lot of write operations, you can use a horizontally split architecture to extend the write capability.
当然,上述性能检测只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他性能检测,本申请实施例对此不加以限制。另外,除了上述性能检测外,本领域技术人员还可以根据实际需要采用其它性能检测,本申请实施例对此也不加以限制。Of course, the foregoing performance detection is only an example. When the embodiment of the present application is implemented, other performance detections may be set according to actual conditions, which is not limited by the embodiment of the present application. In addition, in addition to the foregoing performance detection, other performance detections may be used by those skilled in the art according to actual needs, and the embodiment of the present application does not limit this.
在本申请的另一种优选实施例中,步骤103可以包括如下子步骤:In another preferred embodiment of the present application, step 103 may include the following sub-steps:
子步骤S21,按照调整之后的优先级抓取发往所述一个或多个数据库实例的数据包;Sub-step S21, grabbing the data packet sent to the one or more database instances according to the adjusted priority;
子步骤S22,针对所述数据包进行密码破解、SQL注入、白名单中的至少一种安全检测,获得密码破解检测结果、SQL注入检测结果、白名单检测结果中的至少一种安全检测结果。Sub-step S22, performing at least one type of security detection in the password cracking, SQL injection, and whitelist on the data packet, and obtaining at least one of the password crack detection result, the SQL injection detection result, and the whitelist detection result.
在本申请实施例中,可以针对云数据库实例进行安全维度的检查,一般采用数据库实例抓包的方式,通过协议分析,查看发往数据库实例的语句是否有密码破解、SQL注入攻击等风险。In the embodiment of the present application, the security dimension of the cloud database instance may be checked. Generally, the database instance is used to capture the packet, and the protocol analysis is performed to check whether the statement sent to the database instance has a password cracking or a SQL injection attack.
具体而言,本申请实施例密码破解中密码指的是云数据库的登录密码,可以由云数据库所属的用户进行设置,不法分子可能通过穷举等方式进行暴力破解。Specifically, the password in the password cracking in the embodiment of the present application refers to the login password of the cloud database, which can be set by the user to which the cloud database belongs, and the criminals may perform brute force cracking by means of exhaustion.
若进行密码破解的安全检测,则可以获得密码破解检测结果。If the security detection of the password cracking is performed, the password crack detection result can be obtained.
SQL注入,指的是把SQL命令插入到Web表单提交或输入域名或页面请求的查询字符串,最终达到欺骗服务器执行恶意的SQL命令。SQL injection refers to inserting SQL commands into a web form to submit or input a query string for a domain name or page request, and finally spoofing the server to execute malicious SQL commands.
即SQL诸如是利用现有应用程序,将恶意的SQL语句注入到后台数据库引擎执行的能力,它可以通过在Web表单中输入恶意的SQL语句得到一个存在安全漏洞的网站上的数据库,而不是按照设计者意图去执行SQL语句。That is, SQL is the ability to inject malicious SQL statements into the back-end database engine using existing applications. It can get a database on a website with security vulnerabilities by entering malicious SQL statements in a web form instead of following The designer intends to execute the SQL statement.
若进行SQL注入的安全检测,则可以获得SQL注入检测结果。If the security injection of SQL injection is performed, the SQL injection detection result can be obtained.
白名单指的是可信的名单(如IP地址),云数据库可以仅接受来自白名单的访问,拒绝白名单之外的访问。The whitelist refers to a trusted list (such as an IP address), and the cloud database can only accept access from the whitelist and reject access outside the whitelist.
若进行白名单的安全检测,则可以获得白名单检测结果。 If the whitelist security test is performed, the whitelist detection result can be obtained.
当然,上述性能检测只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他性能检测,本申请实施例对此不加以限制。另外,除了上述性能检测外,本领域技术人员还可以根据实际需要采用其它性能检测,本申请实施例对此也不加以限制。Of course, the foregoing performance detection is only an example. When the embodiment of the present application is implemented, other performance detections may be set according to actual conditions, which is not limited by the embodiment of the present application. In addition, in addition to the foregoing performance detection, other performance detections may be used by those skilled in the art according to actual needs, and the embodiment of the present application does not limit this.
步骤104,当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;Step 104: Generate database processing prompt information when the performance detection result and/or the security detection result match a preset performance problem and/or a security problem;
若性能检测结果与预设的性能问题匹配时,表明当前的云数据库实例可能存在同样的性能问题,则可以生成对应的数据库处理提示信息,建议对数据库进行处理,以提升性能。If the performance check result matches the preset performance problem, it indicates that the current cloud database instance may have the same performance problem. You can generate corresponding database processing prompt information. It is recommended to process the database to improve performance.
若安全检测结果与预设的安全问题匹配时,表明当前的云数据库实例可能存在同样的安全问题,则可以生成对应的数据库处理提示信息,建议对数据库进行处理,以提升安全性。If the security detection result matches the preset security problem, it indicates that the current cloud database instance may have the same security problem, and the corresponding database processing prompt information may be generated. It is recommended to process the database to improve security.
在具体实现中,针对性能检测可以通过以下的一种或多种方式生成数据库处理提示信息:In a specific implementation, for the performance detection, the database processing prompt information may be generated by one or more of the following methods:
1、当所述配置检测结果与预设的低配置条件匹配时,生成提升配置的数据库处理提示信息;1. When the configuration detection result matches the preset low configuration condition, generating database processing prompt information of the upgrade configuration;
如果当前CPU利用率、连接数量、IOPS等较高(如大于80%),并且数据库的表结构也比较合理(如索引、存储引擎等信息均没有问题),就可能该款型号的云数据库的硬件资源过低,则判断匹配低配置条件。If the current CPU utilization, number of connections, IOPS, etc. are higher (for example, greater than 80%), and the database table structure is also reasonable (such as index, storage engine and other information are no problem), it is possible that the model of the cloud database If the hardware resource is too low, it is judged to match the low configuration condition.
若配置检测结果与预设的低配置条件匹配,则可以表示当前云数据库的配置较低,可能导致CPU利用率高、连接数量多、IOPS高、SQL语句执行慢等性能低下现象。If the configuration detection result matches the preset low configuration condition, the current cloud database configuration may be low, which may result in high CPU utilization, multiple connections, high IOPS, and slow execution of SQL statements.
需要说明的是,低配置条件是一个相对条件,是针对当前的业务而言的,如240M内存的云数据库的配置,对而网页访问业务言可能是低配置,但对于存储日志业务而言可能是高配置。It should be noted that the low configuration condition is a relative condition, which is for the current service, such as the configuration of the cloud database of 240M memory, and the web access service may be a low configuration, but may be for the storage log service. It is a high configuration.
针对当前云数据库不能满足用户的业务需求的情况,可以建议升级配置(数据库处理提示信息)。For the current cloud database that cannot meet the user's business needs, you can recommend upgrading the configuration (database processing prompt information).
进一步而言,可以根据该云数据库目前的使用情况(如CPU使用率、IOPS、连接数量、磁盘空间等)给出推荐的合理配置。Further, the recommended reasonable configuration can be given according to the current usage of the cloud database (such as CPU usage, IOPS, number of connections, disk space, etc.).
2、当所述表结构检测结果与预设的不合理结构条件匹配时,生成调整表结构的数据库处理提示信息;2. When the detection result of the table structure matches the preset unreasonable structural condition, generating database processing prompt information of the adjustment table structure;
如果IOPS高,并且查询有大量的慢查询,则可以判断匹配不合理结构条件。 If the IOPS is high and the query has a large number of slow queries, then it can be judged that the unreasonable structural conditions are matched.
若表结构检测结果与预设的不合理结构条件匹配,则可以表示当前云数据库的数据包的结构不合理,大多数情况可能导致IOPS高,有时候可能导致连接数量高、CPU利用率高,从而影响云数据库实例的性能。If the table structure detection result matches the preset unreasonable structural condition, it may indicate that the current cloud database data packet structure is unreasonable, and in most cases, the IOPS may be high, and sometimes the number of connections may be high, and the CPU utilization rate is high. Thereby affecting the performance of the cloud database instance.
针对不合理的表结构,则可以建议调整(如修改、增加)表结构(数据库处理提示信息)。For unreasonable table structure, you can suggest to adjust (such as modify, increase) the table structure (database processing prompt information).
例如,对于慢查询,可以建立一条索引,从而将慢查询消除,大大降低IOPS。For example, for slow queries, an index can be created to eliminate slow queries and greatly reduce IOPS.
3、当所述SQL语句检测结果与预设的问题语句条件匹配时,生成修改SQL语句的数据库实例处理提示信息;3. When the SQL statement detection result matches the preset problem statement condition, generating a database instance processing prompt information for modifying the SQL statement;
若当前执行的SQL语句是慢查询,则可以判断匹配问题语句条件。If the currently executed SQL statement is a slow query, it can be judged to match the problem statement condition.
若SQL语句检测结果与预设的问题语句条件匹配,则可以表示SQL语句出现问题,大多数情况可能导致IOPS高,有时候可能导致连接数高、cpu利用率高,从而影响云数据库实例的性能。If the SQL statement detection result matches the preset problem statement condition, it can indicate that the SQL statement has a problem. In most cases, the IOPS may be high, and sometimes the connection number is high and the CPU usage is high, thereby affecting the performance of the cloud database instance. .
针对有问题的SQL语句,可以建议修改SQL语句(数据库处理提示信息)。For problematic SQL statements, you can suggest modifying the SQL statement (database processing prompt information).
例如,若SQL语句查询性能过慢,分析是由于隐式转换的原因没有匹配上索引,可以提示用户修改SQL语句的调用方式。For example, if the query performance of the SQL statement is too slow, the analysis is because the implicit conversion does not match the index, and the user can be prompted to modify the calling mode of the SQL statement.
4、当所述架构检测结果与预设的问题架构条件匹配时,生成调整架构的数据库处理提示信息。4. When the architecture detection result matches the preset problem architecture condition, the database processing prompt information of the adjustment architecture is generated.
若根据用户SQL语句的场景,判断读操作较多、写操作较少,或者,写操作瓶颈严重,并且,如果无法再升级配置,则可以判断匹配问题架构条件。According to the scenario of the user SQL statement, it is judged that there are many read operations, fewer write operations, or the write operation bottleneck is serious, and if the configuration cannot be upgraded, the matching problem architecture condition can be judged.
若架构检测结果与预设的问题架构条件匹配,则可以表示当前云数据库的架构出现问题,可能导致数据库实例性能出现瓶颈,并不能很好地支持自身的业务。If the architecture detection result matches the preset problem architecture condition, it may indicate that the current cloud database architecture has a problem, which may cause a bottleneck in the performance of the database instance, and does not support its own service well.
针对有问题的架构,可以建议修改数据库架构(数据库处理提示信息)。For the problematic architecture, you can suggest modifying the database schema (database processing hints).
例如,在读操作较多、写操作较少等场景,提示用户应用只读实例。For example, in a scenario where there are many read operations and fewer write operations, the user is prompted to apply a read-only instance.
又例如,在写操作出现瓶颈等场景,建议使用分布式数据库。For another example, in a scenario where a write operation has a bottleneck, it is recommended to use a distributed database.
此外,针对安全检测可以通过以下的一种或多种方式生成数据库处理提示信息:In addition, for security detection, database processing prompt information can be generated by one or more of the following methods:
1、当所述密码破解检测结果表示出现密码破解行为时,生成攻击来源、调整白名单、调整密码中至少一者的数据库处理提示信息;1. When the password crack detection result indicates that the password cracking behavior occurs, generating database processing prompt information of at least one of the attack source, adjusting the whitelist, and adjusting the password;
若出现某个IP地址连续N(N为可由用户调整的正整数)次登录错误等情况,则可以认为出现密码破解行为。If there is a case where a certain IP address is consecutive N (N is a positive integer that can be adjusted by the user), the password cracking behavior can be considered.
针对密码破解行为,可以生成相应的数据库处理提示信息,提示用户攻击来自哪个 IP地址,或者,建议调整白名单,拒绝来自该IP地址的访问,或者,提示调整密码,以提高密码的强度,防止被暴力破解。For the password cracking behavior, the corresponding database processing prompt information can be generated to prompt the user to attack from which IP address, or, it is recommended to adjust the whitelist, refuse access from the IP address, or prompt to adjust the password to increase the strength of the password to prevent brute force.
2、当所述SQL注入检测结果表示出现SQL注入行为时,生成当前的SQL语句、检查应用程序中至少一者的数据库处理提示信息;2. When the SQL injection detection result indicates that the SQL injection behavior occurs, generating a current SQL statement and checking database processing prompt information of at least one of the application programs;
若SQL语句与一些常用的注入语句匹配,则可以认为出现SQL注入行为。If the SQL statement matches some commonly used injection statements, then SQL injection behavior can be considered.
例如,表的名称通常是admin、adminuser、user、pass、password等,通过and 0<>(select count(*)from%)(%为表的名称)等SQL语句可以进行猜表。For example, the name of the table is usually admin, adminuser, user, pass, password, etc., and the SQL statement such as and 0<>(select count(*)from%) (% is the name of the table) can be used to guess the table.
针对SQL注入行为,可以生成相应的数据库处理提示信息,提示用户当前发生注入行为的SQL语句是什么,建议用户核查自己的应用程序确认是否出现SQL注入,让用户自行修改应用程序。For the SQL injection behavior, you can generate the corresponding database processing prompt information, prompting the user what SQL statement is currently injecting behavior. It is recommended that the user check their application to confirm whether SQL injection occurs, and let the user modify the application.
3、当所述白名单结果与预设的大范围条件匹配时,生成修改白名单的数据库处理提示信息。3. When the whitelist result matches the preset large-range condition, generate database modification prompt information for modifying the whitelist.
若白名单设置了%(即允许所有IP地址访问),则可以判断匹配大范围条件匹配。If the whitelist is set to % (that is, all IP addresses are allowed to be accessed), it can be judged that the matching of a wide range of conditions matches.
若白名单结果与预设的大范围条件匹配,则可以认为白名单范围过大,进一步可以建议修改白名单,并跳转到白名单修改页面进行修改。If the whitelist result matches the preset large-range condition, the whitelist range may be considered too large. Further, it may be suggested to modify the whitelist and jump to the whitelist modification page for modification.
当然,上述数据库处理提示信息只是作为示例,在实施本申请实施例时,可以根据实际情况设置其他数据库处理提示信息,本申请实施例对此不加以限制。另外,除了上述数据库处理提示信息外,本领域技术人员还可以根据实际需要采用其它数据库处理提示信息,本申请实施例对此也不加以限制。Of course, the foregoing database processing prompt information is only an example. When the embodiment of the present application is implemented, other database processing prompt information may be set according to actual conditions, which is not limited in the embodiment of the present application. In addition, in addition to the foregoing database processing prompt information, those skilled in the art may also use other databases to process the prompt information according to actual needs, which is not limited in the embodiment of the present application.
需要说明的是,前述性能问题、安全问题、低性能条件、低配置条件、不合理结构条件、问题语句条件、问题架构条件、大范围条件等可以由本领域技术人员根据实际情况进行设定,本申请实施例对此不加以限制。It should be noted that the foregoing performance problems, security problems, low performance conditions, low configuration conditions, unreasonable structural conditions, problem statement conditions, problem architecture conditions, large-scale conditions, and the like may be set by a person skilled in the art according to actual conditions. The application embodiment does not limit this.
步骤105,推送所述性能检测结果和/或安全检测结果、数据库处理提示信息。Step 105: Push the performance detection result and/or the security detection result and the database processing prompt information.
当性能检测、安全检测结束之后,可以将相应的性能检测结果、安全检测结果、数据库处理提示信息按照预设的推送方式(如邮件、短信、云平台控制界面等)推送至用户,实现主动发现问题主动运维。After the performance detection and security detection are completed, the corresponding performance detection result, security detection result, and database processing prompt information can be pushed to the user according to a preset pushing manner (such as mail, short message, cloud platform control interface, etc.) to realize active discovery. The problem is active operation and maintenance.
本申请实施例按照检测类型调整数据库实例的优先级,按照优先级数据库实例的优先级,若出现性能问题、安全问题,则生成数据库实例处理提示信息进行推送,实现了主动的运维的云数据库管家服务,大大降低了云数据库的运维和优化的技术门槛,大大减少了云数据库实例在性能方面和安全方面的隐患,一方面,提高了云数据库的运行效 率,保证业务处理,另一方面,减少监控的漏洞,保证云数据库中的数据安全。In the embodiment of the present application, the priority of the database instance is adjusted according to the detection type, and according to the priority of the priority database instance, if a performance problem or a security problem occurs, the database instance processing prompt information is generated and pushed, and the active operation and maintenance cloud database is realized. The butler service greatly reduces the technical threshold for the operation and optimization of the cloud database, greatly reduces the hidden dangers of the performance and security of the cloud database instance. On the one hand, it improves the operational efficiency of the cloud database. Rate, guarantee business processing, on the other hand, reduce monitoring vulnerabilities and ensure data security in the cloud database.
当然,除了云平台的主动运维,用户也可以在云数据库中的控制界面主动请求进行性能检测和/或安全检测,云平台响应该请求,对该数据库进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;当性能检测结果和/或安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;以及,在在云数据库中的控制界面展示性能检测结果和/或安全检测结果、数据库处理提示信息。Of course, in addition to the active operation and maintenance of the cloud platform, the user can actively request performance detection and/or security detection in the control interface of the cloud database, and the cloud platform responds to the request, performs performance detection and/or security detection on the database, and obtains Performance test results and/or safety test results; generate database processing prompt information when performance test results and/or safety test results match preset performance problems and/or security issues; and, in cloud database control The interface displays performance test results and/or security test results and database processing prompt information.
需要说明的是,对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请实施例并不受所描述的动作顺序的限制,因为依据本申请实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本申请实施例所必须的。It should be noted that, for the method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the embodiments of the present application are not limited by the described action sequence, because In accordance with embodiments of the present application, certain steps may be performed in other sequences or concurrently. In the following, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required in the embodiments of the present application.
参照图2,示出了本申请的一种基于云的数据库的检测装置实施例的结构框图,具体可以包括如下模块:Referring to FIG. 2, a structural block diagram of an embodiment of a detection apparatus for a cloud-based database of the present application is shown, which may specifically include the following modules:
检测类型确定模块201,用于确定针对一个或多个数据库实例进行检测的检测类型;所述检测类型包括性能检测和/或安全检测;a detection type determining module 201, configured to determine a detection type for detecting one or more database instances; the detection type includes performance detection and/or security detection;
优先级调整模块202,用于根据所述检测类型调整所述一个或多个数据库实例的优先级;The priority adjustment module 202 is configured to adjust a priority of the one or more database instances according to the detection type;
检测模块203,用于按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;The detecting module 203 is configured to perform performance detection and/or security detection on the one or more database instances according to the adjusted priority, to obtain a performance detection result and/or a security detection result;
提示信息生成模块204,用于在所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;The prompt information generating module 204 is configured to generate database processing prompt information when the performance detection result and/or the security detection result match a preset performance problem and/or a security problem;
推送模块205,用于推送所述性能检测结果和/或安全检测结果、数据库处理提示信息。The pushing module 205 is configured to push the performance detection result and/or the security detection result and the database processing prompt information.
在本申请的一种优选实施例中,所述优先级调整模块202可以包括如下子模块:In a preferred embodiment of the present application, the priority adjustment module 202 may include the following submodules:
第一提高子模块,用于在检测类型为性能检测时,提高符合预设的低性能条件的数据库实例的优先级;a first improvement submodule, configured to increase a priority of a database instance that meets a preset low performance condition when the detection type is performance detection;
和/或,and / or,
第二提高子模块,用于在检测类型为性能检测时,提高调用频率高于预设的频率阈 值的数据库实例的优先级;a second improvement submodule, configured to increase a calling frequency higher than a preset frequency threshold when the detection type is performance detection The priority of the database instance of the value;
和/或,and / or,
第三提高子模块,用于在检测类型为安全检测时,提高创建时间小于预设的时间阈值的数据库实例的优先级;The third improvement sub-module is configured to: when the detection type is security detection, increase the priority of the database instance whose creation time is less than a preset time threshold;
和/或,and / or,
第四提高子模块,用于在检测类型为安全检测时,提高优先级低于预设的优先级阈值的数据库实例的优先级。The fourth improvement submodule is configured to: when the detection type is security detection, increase the priority of the database instance whose priority is lower than the preset priority threshold.
在本申请的一种优选实施例中,所述检测模块203可以包括如下子模块:In a preferred embodiment of the present application, the detecting module 203 may include the following submodules:
性能状态判断子模块,用于按照调整之后的优先级判断所述一个或多个数据库实例的性能状态;a performance status determining submodule, configured to determine a performance status of the one or more database instances according to the adjusted priority;
性能检测子模块,用于在所述性能状态符合预设的低性能条件时,对所述数据库实例进行性能检测,获得性能检测结果。The performance detection sub-module is configured to perform performance detection on the database instance when the performance state meets a preset low performance condition, and obtain a performance detection result.
在本申请实施例的一种优选示例中,所述性能状态判断子模块可以包括如下单元:In a preferred example of the embodiment of the present application, the performance status determining submodule may include the following units:
性能判断单元,用于按照调整之后的优先级判断所述一个或多个数据库实例的CPU利用率、I/O读写频率、连接数量、磁盘空间使用率中的至少一种性能状态;a performance determining unit, configured to determine, according to the adjusted priority, at least one of a CPU usage, an I/O read/write frequency, a connection quantity, and a disk space usage rate of the one or more database instances;
其中,当至少满足以下一个条件时,所述性能状态满足预设的的低性能条件:Wherein, the performance state satisfies a preset low performance condition when at least one of the following conditions is met:
所述CPU利用率高于预设的利用率阈值、所述I/O读写频率高于预设的读写频率阈值、所述连接数量大于预设的连接数量阈值、所述磁盘空间使用率大于预设的使用率阈值。The CPU utilization is higher than a preset utilization threshold, the I/O read/write frequency is higher than a preset read/write frequency threshold, the connection number is greater than a preset connection number threshold, and the disk space usage rate is Greater than the preset usage threshold.
在本申请实施例的一种优选示例中,所述性能检测子模块可以包括如下单元:In a preferred example of the embodiment of the present application, the performance detecting submodule may include the following units:
数据库实例属性检测单元,用于对所述数据库实例的配置、表结构、SQL语句、架构中的至少一种属性进行性能检测,获得配置检测结果、表结构检测结果、SQL语句检测结果、架构检测结果中的至少一种性能检测结果。The database instance attribute detecting unit is configured to perform performance detection on the configuration, the table structure, the SQL statement, and at least one attribute of the database instance, obtain configuration detection result, table structure detection result, SQL statement detection result, and architecture detection. At least one of the results of the performance test.
在本申请实施例的一种优选示例中,所述提示信息生成模块204可以包括如下子模块:In a preferred example of the embodiment of the present application, the prompt information generating module 204 may include the following sub-modules:
第一生成子模块,用于在所述配置检测结果与预设的低配置条件匹配时,生成提升配置的数据库处理提示信息;a first generation submodule, configured to generate database processing prompt information of the elevated configuration when the configuration detection result matches the preset low configuration condition;
和/或,and / or,
第二生成子模块,用于在所述表结构检测结果与预设的不合理结构条件匹配时,生成调整表结构的数据库处理提示信息; a second generation submodule, configured to generate database processing prompt information of the adjustment table structure when the table structure detection result matches the preset unreasonable structural condition;
和/或,and / or,
第三生成子模块,用于在所述SQL语句检测结果与预设的问题语句条件匹配时,生成修改SQL语句的数据库处理提示信息;a third generation submodule, configured to generate a database processing prompt information for modifying the SQL statement when the SQL statement detection result matches a preset problem statement condition;
和/或,and / or,
第四生成子模块,用于在所述架构检测结果与预设的问题架构条件匹配时,生成调整架构的数据库处理提示信息。And a fourth generation submodule, configured to generate database processing prompt information of the adjustment architecture when the architecture detection result matches the preset problem architecture condition.
在本申请的一种优选实施例中,所述检测模块203可以包括如下子模块:In a preferred embodiment of the present application, the detecting module 203 may include the following submodules:
抓包子模块,用于按照调整之后的优先级抓取发往所述一个或多个数据库实例的数据包;The packet capture sub-module is configured to capture data packets sent to the one or more database instances according to the adjusted priority;
安全检测子模块,用于针对所述数据包进行密码破解、SQL注入、白名单中的至少一种安全检测,获得密码破解检测结果、SQL注入检测结果、白名单检测结果中的至少一种安全检测结果。The security detection sub-module is configured to perform at least one type of security detection, password injection detection, SQL injection detection result, and white list detection result for password cracking, SQL injection, and whitelist detection of the data packet. Test results.
在本申请实施例的一种优选示例中,所述提示信息生成模块204可以包括如下子模块:In a preferred example of the embodiment of the present application, the prompt information generating module 204 may include the following sub-modules:
第五生成子模块,用于在所述密码破解检测结果表示出现密码破解行为时,生成攻击来源、调整白名单、调整密码中的至少一者的数据库处理提示信息;a fifth generation submodule, configured to generate, when the password crack detection result indicates that a password cracking behavior occurs, generating database processing prompt information of at least one of an attack source, a whitelist adjustment, and an adjustment password;
和/或,and / or,
第六生成子模块,用于在所述SQL注入检测结果表示出现SQL注入行为时,生成当前的SQL语句、检查应用程序中至少一者的数据库处理提示信息;a sixth generation submodule, configured to: when the SQL injection detection result indicates that the SQL injection behavior occurs, generate a current SQL statement, and check database processing prompt information of at least one of the application programs;
和/或,and / or,
第七生成子模块,用于在所述白名单结果与预设的大范围条件匹配时,生成修改白名单的数据库处理提示信息。The seventh generation sub-module is configured to generate database processing prompt information for modifying the whitelist when the whitelist result matches the preset large-range condition.
对于装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。For the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the description of the method embodiment.
本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。The various embodiments in the present specification are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same similar parts between the various embodiments can be referred to each other.
本领域内的技术人员应明白,本申请实施例的实施例可提供为方法、装置、或计算机程序产品。因此,本申请实施例可采用完全硬件实施例、完全软件实施例、或结合软 件和硬件方面的实施例的形式。而且,本申请实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the embodiments of the present application can be provided as a method, apparatus, or computer program product. Therefore, embodiments of the present application may adopt an entirely hardware embodiment, an entirely software embodiment, or a combination of soft A form of embodiment of hardware and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
在一个典型的配置中,所述计算机设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括非持续性的电脑可读媒体(transitory media),如调制的数据信号和载波。In a typical configuration, the computer device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. The memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory. Memory is an example of a computer readable medium. Computer readable media includes both permanent and non-persistent, removable and non-removable media. Information storage can be implemented by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-persistent computer readable media, such as modulated data signals and carrier waves.
本申请实施例是参照根据本申请实施例的方法、终端设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理终端设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理终端设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。Embodiments of the present application are described with reference to flowcharts and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing terminal device to produce a machine such that instructions are executed by a processor of a computer or other programmable data processing terminal device Means are provided for implementing the functions specified in one or more of the flow or in one or more blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理终端设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing terminal device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The instruction device implements the functions specified in one or more blocks of the flowchart or in a flow or block of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理终端设备上,使得在计算机或其他可编程终端设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程终端设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。 These computer program instructions can also be loaded onto a computer or other programmable data processing terminal device such that a series of operational steps are performed on the computer or other programmable terminal device to produce computer-implemented processing, such that the computer or other programmable terminal device The instructions executed above provide steps for implementing the functions specified in one or more blocks of the flowchart or in a block or blocks of the flowchart.
尽管已描述了本申请实施例的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请实施例范围的所有变更和修改。While a preferred embodiment of the embodiments of the present application has been described, those skilled in the art can make further changes and modifications to the embodiments once they are aware of the basic inventive concept. Therefore, the appended claims are intended to be interpreted as including all the modifications and the modifications
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者终端设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者终端设备中还存在另外的相同要素。Finally, it should also be noted that in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these entities. There is any such actual relationship or order between operations. Furthermore, the terms "comprises" or "comprising" or "comprising" or any other variations are intended to encompass a non-exclusive inclusion, such that a process, method, article, or terminal device that includes a plurality of elements includes not only those elements but also Other elements that are included, or include elements inherent to such a process, method, article, or terminal device. An element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article, or terminal device that comprises the element, without further limitation.
以上对本申请所提供的一种基于云的数据库的检测方法和一种基于云的数据库的检测装置,进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。 The above is a detailed description of a cloud-based database detection method and a cloud-based database detection device provided by the present application. The principle and implementation manner of the present application are described in the following. The description of the embodiments is only for helping to understand the method of the present application and its core ideas; at the same time, for those of ordinary skill in the art, according to the idea of the present application, there will be changes in specific embodiments and application scopes. The above description should not be taken as limiting the present application.

Claims (10)

  1. 一种基于云的数据库的检测方法,其特征在于,包括:A cloud-based database detection method, comprising:
    确定针对一个或多个数据库实例进行检测的检测类型;所述检测类型包括性能检测和/或安全检测;Determining a type of detection for detecting one or more database instances; the type of detection includes performance detection and/or security detection;
    根据所述检测类型调整所述一个或多个数据库实例的优先级;Adjusting a priority of the one or more database instances according to the detection type;
    按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;Performing performance detection and/or security detection on the one or more database instances according to the adjusted priority, obtaining performance detection results and/or security detection results;
    当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;Generating database processing prompt information when the performance detection result and/or the security detection result matches a preset performance problem and/or a security problem;
    推送所述性能检测结果和/或安全检测结果、数据库处理提示信息。Pushing the performance test result and/or the security test result and the database processing prompt information.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述检测类型调整所述一个或多个数据库实例的优先级的步骤包括:The method according to claim 1, wherein the step of adjusting the priority of the one or more database instances according to the detection type comprises:
    当检测类型为性能检测时,提高符合预设的低性能条件的数据库实例的优先级;When the detection type is performance detection, increase the priority of the database instance that meets the preset low performance condition;
    和/或,and / or,
    当检测类型为性能检测时,提高调用频率高于预设的频率阈值的数据库实例的优先级;When the detection type is performance detection, increasing the priority of the database instance whose calling frequency is higher than the preset frequency threshold;
    和/或,and / or,
    当检测类型为安全检测时,提高创建时间小于预设的时间阈值的数据库实例的优先级;When the detection type is security detection, increase the priority of the database instance whose creation time is less than the preset time threshold;
    和/或,and / or,
    当检测类型为安全检测时,提高优先级低于预设的优先级阈值的数据库实例的优先级。When the detection type is security detection, the priority of the database instance whose priority is lower than the preset priority threshold is raised.
  3. 根据权利要求1或2所述的方法,其特征在于,所述按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果的步骤包括:The method according to claim 1 or 2, wherein the one or more database instances are subjected to performance detection and/or security detection according to the adjusted priority, and performance detection results and/or security detection are obtained. The steps of the result include:
    按照调整之后的优先级判断所述一个或多个数据库实例的性能状态;Determining the performance status of the one or more database instances according to the adjusted priority;
    当所述性能状态符合预设的低性能条件时,对所述数据库实例进行性能检测,获得性能检测结果。When the performance state meets a preset low performance condition, performing performance detection on the database instance to obtain a performance detection result.
  4. 根据权利要求3所述的方法,其特征在于,所述按照调整之后的优先级判断所述一个或多个数据库实例的性能状态的步骤包括: The method according to claim 3, wherein the step of determining the performance status of the one or more database instances according to the adjusted priority comprises:
    按照调整之后的优先级判断所述一个或多个数据库实例的CPU利用率、I/O读写频率、连接数量、磁盘空间使用率中的至少一种性能状态;Determining, according to the adjusted priority, at least one of a CPU usage, an I/O read/write frequency, a connection number, and a disk space usage rate of the one or more database instances;
    其中,当至少满足以下一个条件时,所述性能状态满足预设的的低性能条件:Wherein, the performance state satisfies a preset low performance condition when at least one of the following conditions is met:
    所述CPU利用率高于预设的利用率阈值、所述I/O读写频率高于预设的读写频率阈值、所述连接数量大于预设的连接数量阈值、所述磁盘空间使用率大于预设的使用率阈值。The CPU utilization is higher than a preset utilization threshold, the I/O read/write frequency is higher than a preset read/write frequency threshold, the connection number is greater than a preset connection number threshold, and the disk space usage rate is Greater than the preset usage threshold.
  5. 根据权利要求3所述的方法,其特征在于,所述对所述数据库实例进行性能检测,获得性能检测结果的步骤包括:The method according to claim 3, wherein the step of performing performance detection on the database instance to obtain a performance detection result comprises:
    对所述数据库实例的配置、表结构、SQL语句、架构中的至少一种属性进行性能检测,获得配置检测结果、表结构检测结果、SQL语句检测结果、架构检测结果中的至少一种性能检测结果。Performing performance detection on at least one attribute of the configuration, table structure, SQL statement, and architecture of the database instance, and obtaining at least one performance detection of configuration detection result, table structure detection result, SQL statement detection result, and architecture detection result result.
  6. 根据权利要求5所述的方法,其特征在于,所述当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息的步骤包括:The method according to claim 5, wherein when the performance detection result and/or the security detection result matches a preset performance problem and/or a security problem, generating database processing prompt information The steps include:
    当所述配置检测结果与预设的低配置条件匹配时,生成提升配置的数据库处理提示信息;When the configuration detection result matches the preset low configuration condition, generating database processing prompt information of the elevated configuration;
    和/或,and / or,
    当所述表结构检测结果与预设的不合理结构条件匹配时,生成调整表结构的数据库处理提示信息;When the table structure detection result matches the preset unreasonable structural condition, generating database processing prompt information of the adjustment table structure;
    和/或,and / or,
    当所述SQL语句检测结果与预设的问题语句条件匹配时,生成修改SQL语句的数据库处理提示信息;When the SQL statement detection result matches the preset problem statement condition, generating database processing prompt information for modifying the SQL statement;
    和/或,and / or,
    当所述架构检测结果与预设的问题架构条件匹配时,生成调整架构的数据库处理提示信息。When the architecture detection result matches the preset problem architecture condition, the database processing prompt information of the adjustment architecture is generated.
  7. 根据权利要求1或2所述的方法,其特征在于,所述按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果的步骤包括:The method according to claim 1 or 2, wherein the one or more database instances are subjected to performance detection and/or security detection according to the adjusted priority, and performance detection results and/or security detection are obtained. The steps of the result include:
    按照调整之后的优先级抓取发往所述一个或多个数据库实例的数据包;Grab the data packets sent to the one or more database instances according to the adjusted priority;
    针对所述数据包进行密码破解、SQL注入、白名单中的至少一种安全检测,获得密 码破解检测结果、SQL注入检测结果、白名单检测结果中的至少一种安全检测结果。Performing at least one security detection in the password cracking, SQL injection, and whitelisting of the data packet to obtain a secret At least one of the code detection result, the SQL injection detection result, and the white list detection result.
  8. 根据权利要求7所述的方法,其特征在于,所述当所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息的步骤包括:The method according to claim 7, wherein the generating database processing prompt information is generated when the performance detection result and/or the security detection result match a preset performance problem and/or a security problem. The steps include:
    当所述密码破解检测结果表示出现密码破解行为时,生成攻击来源、调整白名单、调整密码中的至少一者的数据库处理提示信息;When the password crack detection result indicates that the password cracking behavior occurs, generating database processing prompt information of at least one of the attack source, the whitelist adjustment, and the adjustment password;
    和/或,and / or,
    当所述SQL注入检测结果表示出现SQL注入行为时,生成当前的SQL语句、检查应用程序中至少一者的数据库处理提示信息;When the SQL injection detection result indicates that the SQL injection behavior occurs, generating a current SQL statement and checking database processing prompt information of at least one of the application programs;
    和/或,and / or,
    当所述白名单结果与预设的大范围条件匹配时,生成修改白名单的数据库处理提示信息。When the whitelist result matches the preset large-range condition, the database processing prompt information for modifying the whitelist is generated.
  9. 一种基于云的数据库的检测装置,其特征在于,包括:A cloud-based database detecting apparatus, comprising:
    检测类型确定模块,用于确定针对一个或多个数据库实例进行检测的检测类型;所述检测类型包括性能检测和/或安全检测;a detection type determining module, configured to determine a type of detection for detecting one or more database instances; the type of detection includes performance detection and/or security detection;
    优先级调整模块,用于根据所述检测类型调整所述一个或多个数据库实例的优先级;a priority adjustment module, configured to adjust a priority of the one or more database instances according to the detection type;
    检测模块,用于按照调整之后的优先级对所述一个或多个数据库实例进行性能检测和/或安全检测,获得性能检测结果和/或安全检测结果;a detecting module, configured to perform performance detection and/or security detection on the one or more database instances according to the adjusted priority, and obtain performance testing results and/or security testing results;
    提示信息生成模块,用于在所述性能检测结果和/或所述安全检测结果中与预设的性能问题和/或安全问题匹配时,生成数据库处理提示信息;a prompt information generating module, configured to generate database processing prompt information when the performance detection result and/or the security detection result match a preset performance problem and/or a security problem;
    推送模块,用于推送所述性能检测结果和/或安全检测结果、数据库处理提示信息。The pushing module is configured to push the performance detection result and/or the security detection result and the database processing prompt information.
  10. 根据权利要求9所述的装置,其特征在于,所述优先级调整模块包括:The apparatus according to claim 9, wherein the priority adjustment module comprises:
    第一提高子模块,用于在检测类型为性能检测时,提高符合预设的低性能条件的数据库实例的优先级;a first improvement submodule, configured to increase a priority of a database instance that meets a preset low performance condition when the detection type is performance detection;
    和/或,and / or,
    第二提高子模块,用于在检测类型为性能检测时,提高调用频率高于预设的频率阈值的数据库实例的优先级;a second improvement submodule, configured to: when the detection type is performance detection, increase a priority of a database instance whose calling frequency is higher than a preset frequency threshold;
    和/或, and / or,
    第三提高子模块,用于在检测类型为安全检测时,提高创建时间小于预设的时间阈值的数据库实例的优先级;The third improvement sub-module is configured to: when the detection type is security detection, increase the priority of the database instance whose creation time is less than a preset time threshold;
    和/或,and / or,
    第四提高子模块,用于在检测类型为安全检测时,提高优先级低于预设的优先级阈值的数据库实例的优先级。 The fourth improvement submodule is configured to: when the detection type is security detection, increase the priority of the database instance whose priority is lower than the preset priority threshold.
PCT/CN2016/090618 2015-07-29 2016-07-20 Cloud-based database detection method and device WO2017016422A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510456903.5 2015-07-29
CN201510456903.5A CN106407830B (en) 2015-07-29 2015-07-29 Cloud-based database detection method and device

Publications (1)

Publication Number Publication Date
WO2017016422A1 true WO2017016422A1 (en) 2017-02-02

Family

ID=57884104

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/090618 WO2017016422A1 (en) 2015-07-29 2016-07-20 Cloud-based database detection method and device

Country Status (2)

Country Link
CN (1) CN106407830B (en)
WO (1) WO2017016422A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108880855A (en) * 2018-04-12 2018-11-23 合肥天源迪科信息技术有限公司 A kind of desktop cloud intelligence O&M method and system based on cloud computing
CN113626198A (en) * 2021-08-19 2021-11-09 上海观安信息技术股份有限公司 Database traffic load balancing system and method
CN114095528A (en) * 2020-08-07 2022-02-25 丰田自动车株式会社 In-vehicle network system and storage medium storing program for causing computer to execute processing
CN116842000A (en) * 2023-07-19 2023-10-03 北京亿宇嘉隆科技有限公司 Operation and maintenance management method and system for database

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107908532A (en) * 2017-05-05 2018-04-13 平安科技(深圳)有限公司 A kind of database performance diagnostic method, device and equipment
CN109408302B (en) * 2017-08-16 2022-07-05 阿里巴巴集团控股有限公司 Fault detection method and device and electronic equipment
CN110868313A (en) * 2018-08-28 2020-03-06 网宿科技股份有限公司 Inspection method, related device and readable storage medium
CN111078660A (en) * 2018-10-19 2020-04-28 厦门靠谱云股份有限公司 Cloud database performance safety monitoring method
CN109558242A (en) * 2018-11-28 2019-04-02 上海帆尚行科技有限公司 A method of promoting database cloud platform resource utilization
CN110427329B (en) * 2019-08-13 2023-04-25 杭州有赞科技有限公司 Method and system for collecting SQL performance data of database
CN112733101A (en) * 2021-01-07 2021-04-30 深圳市锐尔觅移动通信有限公司 Cloud server management method, device, storage medium and server terminal
CN113138974B (en) * 2021-04-23 2023-08-22 建信金融科技有限责任公司 Method and device for detecting database compliance
CN113641655B (en) * 2021-08-17 2024-06-25 南京云信达科技有限公司 Database performance optimization method and device
CN114186225A (en) * 2021-12-07 2022-03-15 北京天融信网络安全技术有限公司 Database detection method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101093462A (en) * 2006-06-22 2007-12-26 上海全成通信技术有限公司 Automatization method for testing schooling pressure on database application
CN101901219A (en) * 2009-05-27 2010-12-01 北京启明星辰信息技术股份有限公司 Detection method for injection attack of database and system
CN102521536A (en) * 2011-12-06 2012-06-27 杭州安恒信息技术有限公司 Method and system for detecting inner core object invasion of database
CN103020132A (en) * 2012-11-20 2013-04-03 北京奇虎科技有限公司 Method and device for displaying detection result of database performance
CN103810196A (en) * 2012-11-09 2014-05-21 阿里巴巴集团控股有限公司 Method for testing performance of database on basis of business model

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100543746C (en) * 2007-03-16 2009-09-23 华为技术有限公司 The system and method for a kind of fulfillment database system Automatic Optimal
US8286868B2 (en) * 2010-09-02 2012-10-16 Ncr Corporation Checkout methods and apparatus
US8966574B2 (en) * 2012-02-03 2015-02-24 Apple Inc. Centralized operation management
CN102968374B (en) * 2012-11-29 2015-12-09 中国移动(深圳)有限公司 A kind of data warehouse method of testing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101093462A (en) * 2006-06-22 2007-12-26 上海全成通信技术有限公司 Automatization method for testing schooling pressure on database application
CN101901219A (en) * 2009-05-27 2010-12-01 北京启明星辰信息技术股份有限公司 Detection method for injection attack of database and system
CN102521536A (en) * 2011-12-06 2012-06-27 杭州安恒信息技术有限公司 Method and system for detecting inner core object invasion of database
CN103810196A (en) * 2012-11-09 2014-05-21 阿里巴巴集团控股有限公司 Method for testing performance of database on basis of business model
CN103020132A (en) * 2012-11-20 2013-04-03 北京奇虎科技有限公司 Method and device for displaying detection result of database performance

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108880855A (en) * 2018-04-12 2018-11-23 合肥天源迪科信息技术有限公司 A kind of desktop cloud intelligence O&M method and system based on cloud computing
CN114095528A (en) * 2020-08-07 2022-02-25 丰田自动车株式会社 In-vehicle network system and storage medium storing program for causing computer to execute processing
CN113626198A (en) * 2021-08-19 2021-11-09 上海观安信息技术股份有限公司 Database traffic load balancing system and method
CN113626198B (en) * 2021-08-19 2024-03-26 上海观安信息技术股份有限公司 Database flow load balancing system and method
CN116842000A (en) * 2023-07-19 2023-10-03 北京亿宇嘉隆科技有限公司 Operation and maintenance management method and system for database
CN116842000B (en) * 2023-07-19 2024-01-02 北京亿宇嘉隆科技有限公司 Operation and maintenance management method and system for database

Also Published As

Publication number Publication date
CN106407830B (en) 2020-01-21
CN106407830A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
WO2017016422A1 (en) Cloud-based database detection method and device
US10320623B2 (en) Techniques for tracking resource usage statistics per transaction across multiple layers of protocols
US10430581B2 (en) Computer telemetry analysis
WO2019144928A1 (en) Method, system and device for setting access permission of application, and readable medium
US10042931B2 (en) Data query method and apparatus
WO2019192103A1 (en) Concurrent access control method and apparatus, terminal device, and medium
WO2021012553A1 (en) Data processing method and related device
US9916442B2 (en) Real-time recording and monitoring of mobile applications
US9256642B2 (en) Techniques for recommending parallel execution of SQL statements
TW202013234A (en) Data processing method, device and storage medium
US8738657B2 (en) Distribution of key values
TW201638779A (en) Method, device, system, and electronic facility for resource management of virtual host
WO2021013033A1 (en) File operation method, apparatus, device, and system, and computer readable storage medium
WO2020000676A1 (en) Database automatic alarming method and apparatus, terminal device, and readable storage medium
US20150095973A1 (en) Cloud database lockdown
US11297105B2 (en) Dynamically determining a trust level of an end-to-end link
CN104298675B (en) For the method and apparatus of cache management
JP2017215966A (en) Technologies for limiting performance variation in storage device
CN111382206B (en) Data storage method and device
CN112861182A (en) Database query method and system, computer equipment and storage medium
US9195805B1 (en) Adaptive responses to trickle-type denial of service attacks
US10671636B2 (en) In-memory DB connection support type scheduling method and system for real-time big data analysis in distributed computing environment
WO2016078388A1 (en) Data aging method and apparatus
WO2020167469A1 (en) Detecting second-order security vulnerabilities via modelling information flow through persistent storage
US20220335047A1 (en) System and method for dynamic memory allocation for query execution

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16829788

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16829788

Country of ref document: EP

Kind code of ref document: A1