WO2020168757A1 - Network system access method and apparatus, computer device, and readable storage medium - Google Patents

Network system access method and apparatus, computer device, and readable storage medium Download PDF

Info

Publication number
WO2020168757A1
WO2020168757A1 PCT/CN2019/118409 CN2019118409W WO2020168757A1 WO 2020168757 A1 WO2020168757 A1 WO 2020168757A1 CN 2019118409 W CN2019118409 W CN 2019118409W WO 2020168757 A1 WO2020168757 A1 WO 2020168757A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
network system
domain name
target
physical location
Prior art date
Application number
PCT/CN2019/118409
Other languages
French (fr)
Chinese (zh)
Inventor
何忠林
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020168757A1 publication Critical patent/WO2020168757A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Definitions

  • This application relates to the field of Internet technology, in particular to a network system access method, device, computer equipment and readable storage medium.
  • the domain names of terminals accessing the network system can be divided into intranet domain names and extranet domain names.
  • the terminal with the intranet domain name is the official website staff
  • the terminal with the extranet domain name is the external person.
  • Staff and external personnel can use their own terminals to log in to the network system, access the network system, and read or write data in the network system.
  • the related technology has at least the following problems: because both staff and external personnel can read or write data in the network system, that is, have an intranet domain name and an extranet The terminal of the domain name can read or write data in the data in the network system, so that the data in the network system may be tampered with, and it is difficult to effectively guarantee the security and high availability of the network system.
  • this application provides a network system access method, device, computer equipment, and readable storage medium.
  • the main purpose is to solve the current risk of data in the network system being tampered with, and it is difficult to effectively ensure the security of the network system. And the issue of high availability.
  • a method for accessing a network system including:
  • the terminal domain name of the terminal When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal identification of the terminal.
  • the terminal domain name indicates the access authority of the terminal to the network system; if the terminal domain name is an extranet domain name, then Determine the physical location where the terminal is currently located, select a target network system from at least one preset network system according to the physical location, and the target geographic distance between the target network system and the physical location meets the distance requirement; close all
  • the write function of the target network system connects the terminal to the target network system.
  • determining the current physical location of the terminal, and selecting a target network system from at least one preset network system according to the physical location includes:
  • the terminal domain name is an external network domain name
  • locate the terminal according to the terminal identification determine the physical location where the terminal is currently located; obtain the at least one preset network system, and calculate the at least At least one geographic distance between a network system and the physical location; sort the at least one geographic distance from largest to smallest to obtain a ranking result; extract the geographic distance ranked last in the ranking result as the The target geographic distance, and the preset network system corresponding to the target geographic distance is used as the target network system.
  • the turning off the write function of the target network system and connecting the terminal to the target network system includes:
  • the data write interface includes at least a database DB write interface and a key-value database Redis write interface; disable the at least one data write interface, and set the terminal Access to the target network system after the at least one data writing interface is disabled.
  • the method when the access request of the terminal is received, after querying the terminal domain name of the terminal according to the terminal identifier of the terminal, the method further includes:
  • an intranet network system is determined in the at least one preset network, the terminal is connected to the intranet network system, and the intranet network system has a writing function and Read function.
  • the method further includes:
  • a network system access device which includes:
  • the query module is configured to query the terminal domain name of the terminal according to the terminal identifier of the terminal when the access request of the terminal is received, and the terminal domain name indicates the access authority of the terminal to the network system;
  • the first determining module is configured to determine the current physical location of the terminal if the terminal domain name is an external network domain name, and select a target network system from at least one preset network system according to the physical location, and the target network The target geographic distance between the system and the physical location meets the distance requirement;
  • the closing module is used to close the write function of the target network system and connect the terminal to the target network system.
  • the first determining module includes:
  • a positioning unit configured to locate the terminal according to the terminal identifier if the terminal domain name is an external network domain name, and determine the physical location where the terminal is currently located;
  • a calculating unit configured to obtain the at least one preset network system, and calculate at least one geographic distance between the at least one network system and the physical location;
  • a sorting unit configured to sort the at least one geographic distance from large to small to obtain a sorting result
  • the extraction unit is configured to extract the geographic distance ranked last in the ranking result as the target geographic distance, and use the preset network system corresponding to the target geographic distance as the target network system.
  • the closing module includes:
  • the determining unit is configured to determine at least one data writing interface of the target network system, the data writing interface includes at least a database DB writing interface and a key-value library Redis writing interface;
  • the access unit is configured to disable the at least one data writing interface, and connect the terminal to the target network system after the at least one data writing interface is disabled.
  • the device further includes:
  • the second determining module is configured to, if the terminal domain name is an intranet domain name, determine an intranet network system in the at least one preset network, and connect the terminal to the intranet network system, and the intranet
  • the network system has a write function and a read function.
  • the device further includes:
  • a receiving module configured to store the target data in the intranet network system when the target data written by the terminal based on the intranet network system is received;
  • the synchronization module is used to synchronize the target data to the at least one preset network system.
  • a computer device including a memory and a processor, the memory stores computer-readable instructions, and the processor implements the method described in the first aspect when the computer-readable instructions are executed A step of.
  • a non-volatile readable storage medium having computer-readable instructions stored thereon, and when the computer-readable instructions are executed by a processor, the method described in the first aspect is implemented. step.
  • the network system access method, device, computer equipment, and readable storage medium can read data in the network system as well as the current terminals with intranet domain names and extranet domain names.
  • this application obtains the terminal domain name of the terminal when receiving the access request of the terminal, and when the terminal domain name is an external network domain name, selects the target network system according to the current physical location of the terminal, and closes
  • the write function of the target network system connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system. Effectively ensure the security and high availability of the network system.
  • FIG. 1 shows a schematic flowchart of a method for accessing a network system according to an embodiment of the present application
  • FIG. 2 shows a schematic flowchart of a method for accessing a network system provided by an embodiment of the present application
  • FIG. 3A shows a schematic structural diagram of a network system access device provided by an embodiment of the present application
  • FIG. 3B shows a schematic structural diagram of a network system access device provided by an embodiment of the present application
  • FIG. 3C shows a schematic structural diagram of a network system access device provided by an embodiment of the present application.
  • FIG. 3D shows a schematic structural diagram of a network system access device provided by an embodiment of the present application.
  • FIG. 3E shows a schematic structural diagram of a network system access device provided by an embodiment of the present application.
  • Fig. 4 shows a schematic structural diagram of a network system access apparatus provided by an embodiment of the present application.
  • the embodiment of the application provides a method for accessing a network system, which can obtain the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal , Turn off the write function of the target network system, and connect the terminal to the target network after the write function is turned off, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the data in the network system from being tampered with
  • the method includes:
  • the terminal domain name indicates the access authority of the terminal to the network system.
  • the terminal domain name is an external network domain name
  • determine the current physical location of the terminal select a target network system from at least one preset network system according to the physical location, and the target geographic distance between the target network system and the physical location meets the distance requirement .
  • the domain name of the terminal is an external domain name, it means that the terminal is an external terminal of the enterprise and cannot provide the writing function for the terminal.
  • the target network system closest to the terminal is selected from at least one preset network system, so that the terminal can be subsequently connected to the target network system.
  • the terminal with the external network domain name indicates that the terminal is a terminal outside the enterprise and cannot provide the terminal with the writing function, therefore, after the target network system is determined, the writing function of the target network system is turned off. And connect the terminal to the target network system with the write function disabled.
  • the method provided in the embodiment of this application obtains the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal, and the target network system is closed.
  • the write function connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system and effectively guarantees the network System security and high availability.
  • the embodiment of the application provides a method for accessing a network system, which can obtain the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal , Turn off the write function of the target network system, and connect the terminal to the target network after the write function is turned off, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the data in the network system from being tampered with
  • the method includes:
  • the terminal domain name of the terminal When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal ID of the terminal. If the terminal domain name is an external domain name, perform the following steps 202 to 204; if the terminal domain name is an intranet domain name, then Perform the following step 205.
  • the applicant realizes that there is a difference in the terminal domain name between the terminal used by the staff and the terminal used by external personnel.
  • the terminal domain name can be used to distinguish whether the terminal is an internal terminal or an external terminal. To avoid that the external terminal has too much authority to cause the data in the network system’s database to be insecure, and there is a risk of tampering.
  • the terminal domain name can be used to determine the authority that the terminal can enjoy. Access to different network systems, thereby limiting the terminal's authority to read and write data.
  • the terminal domain name corresponding to each terminal can be stored in the database, so that when the terminal requests access, the terminal domain name of the terminal can be directly queried.
  • the IP Internet Protocol, interconnection protocol between networks
  • the IP address or user account of the terminal can be used as the terminal identification of the terminal
  • the terminal identifier is used for marking.
  • the domain name table shown in Table 1 can be generated, and the terminal identification and the terminal domain name are stored based on the domain name table.
  • the terminal domain name is stored in the database, when an access request sent by the terminal is received, the terminal ID of the terminal can be obtained, and the database can be queried according to the terminal ID to obtain the terminal domain name corresponding to the terminal ID, so as to follow
  • the domain name connects the terminal to different network systems.
  • the terminal domain name of the terminal is not stored in the database, that is, the corresponding terminal domain name cannot be queried in the database according to the terminal ID. In this case, the terminal can be judged according to the terminal ID.
  • the internal terminal is also the external terminal.
  • the terminal can be queried whether the IP address is an IP address provided inside the enterprise, and when it is determined that the IP address is an IP address provided inside the enterprise, it is directly determined that the terminal is an internal terminal, that is The terminal domain name of the terminal is the intranet domain name.
  • the terminal in order to directly determine the domain name category of the terminal when the terminal requests access again, the terminal can also be assigned an intranet domain name and the intranet domain name assigned to it The terminal identification corresponding to the terminal is stored in the database.
  • the terminal can directly determine the The domain name category of the terminal can also allocate an extranet domain name to the terminal, and store the allocated extranet domain name corresponding to the terminal identification of the terminal in the database.
  • the terminal is identified as a user account, you can query whether the user account is an internal company account, and when determining that the user account is an internal company account, directly determine that the terminal is an internal terminal, that is, the terminal domain name of the terminal is an intranet domain name
  • an intranet domain name can also be assigned to the terminal, and the assigned intranet domain name and the terminal identification of the terminal can be stored in In the database.
  • the terminal is directly determined as an external terminal, that is, the terminal domain name of the terminal is an external domain name.
  • the domain name of the terminal can be directly determined when the terminal requests access again later Category, it is also possible to assign an extranet domain name to the terminal, and store the assigned extranet domain name corresponding to the terminal identification of the terminal in the database.
  • the terminal domain name of the terminal sending the access request is an intranet domain name or an external domain name. If the terminal domain name is an external domain name, it means that the terminal is not an internal terminal of the enterprise and cannot provide writing for the terminal. Access authority, the terminal needs to be connected to the network system without writing function, that is, the following steps 202 to 204 are executed; if the terminal domain name is an intranet domain name, it means that the terminal is an internal terminal of the enterprise and can be used at the same time If the terminal is provided with a read permission and a write permission, the terminal can be connected to a network system with a read function and a write function, that is, the following step 205 is performed.
  • terminal domain name is an external network domain name, locate the terminal according to the terminal identifier, and determine the current physical location of the terminal.
  • the terminal domain name is an external network domain name
  • the terminal is not an internal terminal of the enterprise and can only provide the terminal with a reading function, that is, the terminal can only read data in the network system.
  • it is not possible to modify and write data in the network system. Therefore, it is necessary to determine a target network system that does not have a write function for the terminal, and subsequently connect the terminal to the target network system.
  • the terminal when determining the network system to be accessed by the terminal, considering that some network systems are far away from the terminal, if the terminal is connected to a network system that is far away, the terminal will waste a lot of data when reading data in the network system. Resources and time, and the workload is also relatively large. Therefore, in order to save resources, time and workload, when determining the target network for the terminal to access, a network system close to it can be determined for the terminal to access.
  • the terminal can be located according to the terminal identifier of the terminal, and the physical location of the terminal currently located can be determined, so that the terminal can subsequently determine the network system access nearest to the terminal based on the physical location of the terminal.
  • Obtain at least one preset network system calculate at least one geographic distance between the at least one network system and the physical location, sort the at least one geographic distance from largest to smallest, obtain a ranking result, and extract the ranking result to be ranked last
  • the geographic distance of the location is taken as the target geographic distance
  • the preset network system corresponding to the target geographic distance is taken as the target network system.
  • At least one preset network system will be set up for terminal access. These preset network systems may be in different regions, but at least one preset network system is stored The data is the same. Therefore, after the physical location of the terminal is determined, the at least one geographic distance between the at least one network system and the physical location can be calculated according to the location of the at least one preset network system, and the A geographic distance determines the preset network system closest to the terminal.
  • the at least one geographic distance after calculating at least one geographic distance between at least one network system and the physical location, first, sort the at least one geographic distance from largest to smallest to obtain the ranking result; then, extract the ranking result from the ranking result.
  • the geographic distance of the location is taken as the target geographic distance
  • the preset network system corresponding to the target geographic distance is taken as the target network system, that is, the smallest geographic distance among at least one geographic distance is extracted as the target geographic distance, and the preset network system corresponding to the target geographic distance Set the network system as the target network system so that the terminal can be connected to the target network system later.
  • the terminal domain name of the terminal is an external network domain name
  • the terminal can only read and view data in the target network system data, and the terminal cannot be in the target network system.
  • To write data therefore, it is necessary to turn off the write function of the target network system, and connect the terminal to the target network system whose write function has been turned off.
  • the data write interface can include a DB (Data Base, database) write interface and Redis ( Key value library) write interface.
  • the determined at least one data writing interface is disabled, so that the writing function of the target network system is closed, and the terminal is connected to the target network system after the at least one data writing interface is disabled.
  • terminal domain name is an intranet domain name
  • determine an intranet network system in at least one preset network and connect the terminal to the intranet network system.
  • the terminal domain name is an intranet domain name
  • the terminal is an internal terminal of the enterprise.
  • the terminal can not only read data in the network system, but also write or modify data in the network system.
  • the network system that the terminal needs to access has both writing and reading functions.
  • an intranet network system with writing and reading functions is determined in at least one preset network, and the terminal is connected to In the intranet network system, based on the intranet network system, the terminal provides data reading services and data writing services.
  • the terminal with the intranet domain name since the terminal with the intranet domain name is allowed to write data in the accessed intranet network system, when receiving the target data written by the terminal based on the intranet network system, it will The received target data can be stored in the intranet network system. Since the data stored in each preset network in at least one preset network are consistent, after storing the target data in the intranet network system, the target data needs to be synchronized to at least one preset network system In order to ensure the consistency of data in at least one preset network system.
  • the method provided in the embodiment of this application obtains the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal, and the target network system is closed.
  • the write function connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system and effectively guarantees the network System security and high availability.
  • an embodiment of the present application provides a network system access device.
  • the device includes: a query module 301, a first determination module 302, and a shutdown module 303 .
  • the query module 301 is configured to query the terminal domain name of the terminal according to the terminal identifier of the terminal when an access request of the terminal is received, and the terminal domain name indicates the access authority of the terminal to the network system;
  • the first determining module 302 is configured to determine the current physical location of the terminal if the terminal domain name is an external network domain name, and select a target network system from at least one preset network system according to the physical location, between the target network system and the physical location The target geographic distance meets the distance requirement;
  • the closing module 303 is used to close the write function of the target network system and connect the terminal to the target network system.
  • the first determining module 302 includes: a positioning unit 3021, a calculation unit 3022, a sorting unit 3023, and an extraction unit 3024.
  • the positioning unit 3021 locates the terminal according to the terminal identifier and determines the current physical location of the terminal;
  • the calculation unit 3022 is configured to obtain at least one preset network system, and calculate at least one geographic distance between the at least one network system and the physical location;
  • the sorting unit 3023 is used to sort at least one geographic distance from large to small to obtain a sorting result
  • the extracting unit 3024 is configured to extract the geographic distance ranked last in the ranking result as the target geographic distance, and use the preset network system corresponding to the target geographic distance as the target network system.
  • the closing module 303 includes a determining unit 3031 and an access unit 3032.
  • the determining unit 3031 is configured to determine at least one data writing interface of the target network system, the data writing interface includes at least a database DB writing interface and a key-value library Redis writing interface;
  • the access unit 3032 is configured to disable at least one data writing interface, and connect the terminal to the target network system after the at least one data writing interface is disabled.
  • the device further includes: a second determining module 304.
  • the second determining module 304 is configured to determine the intranet network system in at least one preset network if the terminal domain name is an intranet domain name, and connect the terminal to the intranet network system.
  • the intranet network system has the function of writing and reading. Take function.
  • the device further includes: a receiving module 305 and a synchronization module 306.
  • the receiving module 305 is configured to store the target data in the intranet network system when receiving the target data written by the terminal based on the intranet network system;
  • the synchronization module 306 is used to synchronize the target data to at least one preset network system.
  • the device provided by the embodiment of the present application obtains the terminal domain name of the terminal when receiving the access request of the terminal, and when the terminal domain name is an external network domain name, selects the target network system according to the current physical location of the terminal, and closes the target network system.
  • the write function connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system and effectively guarantees the network System security and high availability.
  • the device 400 includes a communication bus, a processor, a memory, and a communication interface, and may also include an input and output interface, and a display device, wherein one of the functional units The communication between each other can be completed through the bus.
  • the memory stores computer-readable instructions
  • the processor is configured to execute the computer-readable instructions stored in the memory, and execute the network system access method in the foregoing embodiment.
  • a non-volatile readable storage medium has computer readable instructions stored thereon, and when the computer readable instructions are executed by a processor, the steps of the network system access method are realized.
  • the software product can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.), including several
  • the instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute the methods described in each implementation scenario of this application.
  • modules in the device in the implementation scenario can be distributed in the device in the implementation scenario according to the description of the implementation scenario, or can be changed to be located in one or more devices different from the implementation scenario.
  • the modules of the above implementation scenarios can be combined into one module or further divided into multiple sub-modules.

Abstract

The present application discloses a network system access method and apparatus, a computer device and a readable storage medium. The present application relates to the field of Internet technology, and can determine whether to enable a write function of a terminal according to a terminal domain name of the terminal, reducing the risk of data tampering in a network system, and effectively ensuring the security and high availability of the network system. Said method comprises: upon receiving an access request of a terminal, querying a terminal domain name of the terminal according to a terminal identifier of the terminal, the terminal domain name indicating an access permission of the terminal for a network system; if the terminal domain name is an external network domain name, determining the physical location where the terminal is currently located, and selecting a target network system from at least one preset network system according to the physical location, a target geographic distance between the target network system and the physical location satisfying a distance requirement; and disenabling a write function of the target network system, and allowing the terminal to access the target network system.

Description

网络系统访问方法、装置、计算机设备及可读存储介质Network system access method, device, computer equipment and readable storage medium
本申请要求与2019年2月18日提交中国专利局、申请号为201910119331X、申请名称为“网络系统访问方法、装置、计算机设备及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of the Chinese patent application filed on February 18, 2019 with the Chinese Patent Office, the application number is 201910119331X, and the application name is "Network system access methods, devices, computer equipment and readable storage media", and the entire content Incorporated in the application by reference.
技术领域Technical field
本申请涉及互联网技术领域,特别是涉及一种网络系统访问方法、装置、计算机设备及可读存储介质。This application relates to the field of Internet technology, in particular to a network system access method, device, computer equipment and readable storage medium.
背景技术Background technique
随着互联网技术的飞速发展,计算机已经逐渐普及于人们的生活中,许多企业为了对自身进行推广,通常会建立官网,并在官网中展示企业信息以及企业文化,达到对企业进行推广的目的。为了使官网中展示企业相关资讯,官网通常会搭载诸如资讯系统等的网络系统,并基于网络系统在官网中展示相关资讯,使得用户通过终端访问网络系统来更深入的了解企业。With the rapid development of Internet technology, computers have gradually become popular in people's lives. In order to promote themselves, many companies usually establish official websites and display corporate information and corporate culture on the official websites to achieve the purpose of promoting companies. In order to display company-related information on the official website, the official website usually carries network systems such as information systems, and displays relevant information on the official website based on the network system, allowing users to access the network system through the terminal to gain a deeper understanding of the enterprise.
相关技术中,通常来说,访问网络系统的终端的域名可以划分为内网域名和外网域名,其中,具有内网域名的终端为官网的工作人员,具有外网域名的终端为外部人员,工作人员和外部人员可以使用自己所持的终端在网络系统中登录,对网络系统进行访问,并在网络系统中读取数据或者写入数据。In related technologies, generally speaking, the domain names of terminals accessing the network system can be divided into intranet domain names and extranet domain names. Among them, the terminal with the intranet domain name is the official website staff, and the terminal with the extranet domain name is the external person. Staff and external personnel can use their own terminals to log in to the network system, access the network system, and read or write data in the network system.
在实现本申请的过程中,申请人发现相关技术至少存在以下问题:由于工作人员和外部人员均可以对网络系统中的数据进行数据读取或者数据写入,也即具有内网域名和外网域名的终端都可以对网络系统中的数据进行数据读取或者数据写入,使得网络系统中的数据存在被篡改的风险,难以有效的保证网络系统的安全性以及高可用性。In the process of realizing this application, the applicant found that the related technology has at least the following problems: because both staff and external personnel can read or write data in the network system, that is, have an intranet domain name and an extranet The terminal of the domain name can read or write data in the data in the network system, so that the data in the network system may be tampered with, and it is difficult to effectively guarantee the security and high availability of the network system.
发明内容Summary of the invention
有鉴于此,本申请提供了一种网络系统访问方法、装置、计算机设备及可读存储介质,主要目的在于解决目前网络系统中的数据存在被篡改的风险,难以有效的保证网络系统的安全性以及高可用性的问题。In view of this, this application provides a network system access method, device, computer equipment, and readable storage medium. The main purpose is to solve the current risk of data in the network system being tampered with, and it is difficult to effectively ensure the security of the network system. And the issue of high availability.
依据本申请第一方面,提供了一种网络系统访问方法,该方法包括:According to the first aspect of the present application, there is provided a method for accessing a network system, the method including:
当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统, 所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal identification of the terminal. The terminal domain name indicates the access authority of the terminal to the network system; if the terminal domain name is an extranet domain name, then Determine the physical location where the terminal is currently located, select a target network system from at least one preset network system according to the physical location, and the target geographic distance between the target network system and the physical location meets the distance requirement; close all The write function of the target network system connects the terminal to the target network system.
在另一个实施例中,所述如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,包括:In another embodiment, if the terminal domain name is an external network domain name, determining the current physical location of the terminal, and selecting a target network system from at least one preset network system according to the physical location includes:
如果所述终端域名为外网域名,则根据所述终端标识,对所述终端进行定位,确定所述终端当前所在的所述物理位置;获取所述至少一个预设网络系统,计算所述至少一个网络系统与所述物理位置之间的至少一个地理距离;将所述至少一个地理距离从大到小进行排序,得到排序结果;提取所述排序结果中排在末位的地理距离作为所述目标地理距离,将所述目标地理距离对应的预设网络系统作为目标网络系统。If the terminal domain name is an external network domain name, locate the terminal according to the terminal identification, determine the physical location where the terminal is currently located; obtain the at least one preset network system, and calculate the at least At least one geographic distance between a network system and the physical location; sort the at least one geographic distance from largest to smallest to obtain a ranking result; extract the geographic distance ranked last in the ranking result as the The target geographic distance, and the preset network system corresponding to the target geographic distance is used as the target network system.
在另一个实施例中,所述关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统,包括:In another embodiment, the turning off the write function of the target network system and connecting the terminal to the target network system includes:
确定所述目标网络系统的至少一个数据写入接口,所述数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;禁用所述至少一个数据写入接口,将所述终端接入至禁用所述至少一个数据写入接口后的所述目标网络系统。Determine at least one data write interface of the target network system, where the data write interface includes at least a database DB write interface and a key-value database Redis write interface; disable the at least one data write interface, and set the terminal Access to the target network system after the at least one data writing interface is disabled.
在另一个实施例中,所述当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名之后,所述方法还包括:In another embodiment, when the access request of the terminal is received, after querying the terminal domain name of the terminal according to the terminal identifier of the terminal, the method further includes:
如果所述终端域名为内网域名,则在所述至少一个预设网络中确定内网网络系统,将所述终端接入所述内网网络系统,所述内网网络系统具有写入功能以及读取功能。If the terminal domain name is an intranet domain name, an intranet network system is determined in the at least one preset network, the terminal is connected to the intranet network system, and the intranet network system has a writing function and Read function.
在另一个实施例中,所述方法还包括:In another embodiment, the method further includes:
当接收到所述终端基于所述内网网络系统写入的目标数据时,将所述目标数据存储至所述内网网络系统;将所述目标数据同步至所述至少一个预设网络系统中。When receiving the target data written by the terminal based on the intranet network system, store the target data in the intranet network system; synchronize the target data to the at least one preset network system .
依据本申请第二方面,提供了一种网络系统访问装置,该装置包括:According to the second aspect of the present application, there is provided a network system access device, which includes:
查询模块,用于当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;The query module is configured to query the terminal domain name of the terminal according to the terminal identifier of the terminal when the access request of the terminal is received, and the terminal domain name indicates the access authority of the terminal to the network system;
第一确定模块,用于如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;The first determining module is configured to determine the current physical location of the terminal if the terminal domain name is an external network domain name, and select a target network system from at least one preset network system according to the physical location, and the target network The target geographic distance between the system and the physical location meets the distance requirement;
关闭模块,用于关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。The closing module is used to close the write function of the target network system and connect the terminal to the target network system.
在另一个实施例中,所述第一确定模块,包括:In another embodiment, the first determining module includes:
定位单元,用于如果所述终端域名为外网域名,则根据所述终端标识,对所述终端进行定位,确定所述终端当前所在的所述物理位置;A positioning unit, configured to locate the terminal according to the terminal identifier if the terminal domain name is an external network domain name, and determine the physical location where the terminal is currently located;
计算单元,用于获取所述至少一个预设网络系统,计算所述至少一个网络系统与所述物理位置之间的至少一个地理距离;A calculating unit, configured to obtain the at least one preset network system, and calculate at least one geographic distance between the at least one network system and the physical location;
排序单元,用于将所述至少一个地理距离从大到小进行排序,得到排序结果;A sorting unit, configured to sort the at least one geographic distance from large to small to obtain a sorting result;
提取单元,用于提取所述排序结果中排在末位的地理距离作为所述目标地理距离,将所述目标地理距离对应的预设网络系统作为目标网络系统。The extraction unit is configured to extract the geographic distance ranked last in the ranking result as the target geographic distance, and use the preset network system corresponding to the target geographic distance as the target network system.
在另一个实施例中,所述关闭模块,包括:In another embodiment, the closing module includes:
确定单元,用于确定所述目标网络系统的至少一个数据写入接口,所述数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;The determining unit is configured to determine at least one data writing interface of the target network system, the data writing interface includes at least a database DB writing interface and a key-value library Redis writing interface;
接入单元,用于禁用所述至少一个数据写入接口,将所述终端接入至禁用所述至少一个数据写入接口后的所述目标网络系统。The access unit is configured to disable the at least one data writing interface, and connect the terminal to the target network system after the at least one data writing interface is disabled.
在另一个实施例中,所述装置还包括:In another embodiment, the device further includes:
第二确定模块,用于如果所述终端域名为内网域名,则在所述至少一个预设网络中确定内网网络系统,将所述终端接入所述内网网络系统,所述内网网络系统具有写入功能以及读取功能。The second determining module is configured to, if the terminal domain name is an intranet domain name, determine an intranet network system in the at least one preset network, and connect the terminal to the intranet network system, and the intranet The network system has a write function and a read function.
在另一个实施例中,所述装置还包括:In another embodiment, the device further includes:
接收模块,用于当接收到所述终端基于所述内网网络系统写入的目标数据时,将所述目标数据存储至所述内网网络系统;A receiving module, configured to store the target data in the intranet network system when the target data written by the terminal based on the intranet network system is received;
同步模块,用于将所述目标数据同步至所述至少一个预设网络系统中。The synchronization module is used to synchronize the target data to the at least one preset network system.
依据本申请第三方面,提供了一种计算机设备,包括存储器和处理器,所述存储器存储有计算机可读指令,所述处理器执行所述计算机可读指令时实现上述第一方面所述方法的步骤。According to a third aspect of the present application, there is provided a computer device including a memory and a processor, the memory stores computer-readable instructions, and the processor implements the method described in the first aspect when the computer-readable instructions are executed A step of.
依据本申请第四方面,提供了一种非易失性可读存储介质,其上存储有计算机可读指令,所述计算机可读指令被处理器执行时实现上述第一方面所述的方法的步骤。According to the fourth aspect of the present application, there is provided a non-volatile readable storage medium having computer-readable instructions stored thereon, and when the computer-readable instructions are executed by a processor, the method described in the first aspect is implemented. step.
借由上述技术方案,本申请提供的一种网络系统访问方法、装置、计算机设备及可读存储介质,与目前具有内网域名和外网域名的终端都可以对网络系统中的数据进行数据读取或者数据写入的方式相比,本申请在接收到终端的访问请求时,获取终端的终端域名,并在终端域名为外网域名时,根据终端当前所在的物理位置选取目标网络系统,关闭目标网络系统 的写入功能,将终端接入关闭写入功能后的目标网络中,使得可以根据终端的终端域名确定是否给终端开启写入功能,降低了网络系统中的数据被篡改的风险,有效的保证网络系统的安全性以及高可用性。With the above technical solutions, the network system access method, device, computer equipment, and readable storage medium provided by this application can read data in the network system as well as the current terminals with intranet domain names and extranet domain names. Compared with the method of fetching or data writing, this application obtains the terminal domain name of the terminal when receiving the access request of the terminal, and when the terminal domain name is an external network domain name, selects the target network system according to the current physical location of the terminal, and closes The write function of the target network system connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system. Effectively ensure the security and high availability of the network system.
上述说明仅是本申请技术方案的概述,为了能够更清楚了解本申请的技术手段,而可依照说明书的内容予以实施,并且为了让本申请的上述和其它目的、特征和优点能够更明显易懂,以下特举本申请的具体实施方式。The above description is only an overview of the technical solution of this application. In order to understand the technical means of this application more clearly, it can be implemented in accordance with the content of the specification, and to make the above and other purposes, features and advantages of this application more obvious and understandable. , The following specifically cite the specific implementation of this application.
附图说明Description of the drawings
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本申请的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:By reading the detailed description of the preferred embodiments below, various other advantages and benefits will become clear to those of ordinary skill in the art. The drawings are only used for the purpose of illustrating the preferred embodiments, and are not considered as a limitation to the application. Also, throughout the drawings, the same reference symbols are used to denote the same components. In the attached picture:
图1示出了本申请实施例提供的一种网络系统访问方法流程示意图;FIG. 1 shows a schematic flowchart of a method for accessing a network system according to an embodiment of the present application;
图2示出了本申请实施例提供的一种网络系统访问方法流程示意图;FIG. 2 shows a schematic flowchart of a method for accessing a network system provided by an embodiment of the present application;
图3A示出了本申请实施例提供的一种网络系统访问装置的结构示意图;FIG. 3A shows a schematic structural diagram of a network system access device provided by an embodiment of the present application;
图3B示出了本申请实施例提供的一种网络系统访问装置的结构示意图;FIG. 3B shows a schematic structural diagram of a network system access device provided by an embodiment of the present application;
图3C示出了本申请实施例提供的一种网络系统访问装置的结构示意图;FIG. 3C shows a schematic structural diagram of a network system access device provided by an embodiment of the present application;
图3D示出了本申请实施例提供的一种网络系统访问装置的结构示意图;FIG. 3D shows a schematic structural diagram of a network system access device provided by an embodiment of the present application;
图3E示出了本申请实施例提供的一种网络系统访问装置的结构示意图;FIG. 3E shows a schematic structural diagram of a network system access device provided by an embodiment of the present application;
图4示出了本申请实施例提供的一种网络系统访问的装置结构示意图。Fig. 4 shows a schematic structural diagram of a network system access apparatus provided by an embodiment of the present application.
具体实施方式detailed description
下面将参照附图更详细地描述本申请的示例性实施例。虽然附图中显示了本申请的示例性实施例,然而应当理解,可以以各种形式实现本申请而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本申请,并且能够将本申请的范围完整的传达给本领域的技术人员。Hereinafter, exemplary embodiments of the present application will be described in more detail with reference to the accompanying drawings. Although the drawings show exemplary embodiments of the present application, it should be understood that the present application can be implemented in various forms and should not be limited by the embodiments set forth herein. On the contrary, these embodiments are provided for a more thorough understanding of the application, and to fully convey the scope of the application to those skilled in the art.
本申请实施例提供了一种网络系统访问方法,可以在接收到终端的访问请求时,获取终端的终端域名,并在终端域名为外网域名时,根据终端当前所在的物理位置选取目标网络系统,关闭目标网络系统的写入功能,将终端接入关闭写入功能后的目标网络中,使得可以根据终端的终端域名确定是否给终端开启写入功能,达到了降低网络系统中的数据被篡改的风险,有效保证网络系统的安全性以及高可用性的目的,如图1所示,该方法包括:The embodiment of the application provides a method for accessing a network system, which can obtain the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal , Turn off the write function of the target network system, and connect the terminal to the target network after the write function is turned off, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the data in the network system from being tampered with The risk of effectively ensuring the security of the network system and the purpose of high availability, as shown in Figure 1, the method includes:
101、当接收到终端的访问请求时,根据终端的终端标识,查询终端的终端域名,终端 域名指示了终端对网络系统的访问权限。101. When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal identification of the terminal. The terminal domain name indicates the access authority of the terminal to the network system.
在本申请实施例中,当接收到终端的访问请求时,为了确定是否可以给终端提供写入功能,需要根据终端的终端标识,查询终端的终端域名,并在后续根据终端域名确定将终端接入到哪一个网络系统。In this embodiment of the application, when a terminal's access request is received, in order to determine whether a write function can be provided to the terminal, it is necessary to query the terminal domain name of the terminal according to the terminal identifier of the terminal, and then determine whether to connect the terminal according to the terminal domain name. Which network system to enter.
102、如果终端域名为外网域名,则确定终端当前所在的物理位置,根据物理位置在至少一个预设网络系统中选取目标网络系统,目标网络系统与物理位置之间的目标地理距离满足距离要求。102. If the terminal domain name is an external network domain name, determine the current physical location of the terminal, select a target network system from at least one preset network system according to the physical location, and the target geographic distance between the target network system and the physical location meets the distance requirement .
在本申请实施例中,如果终端域名为外网域名,则表示终端是企业外部的终端,不能为终端提供写入功能,且为了缩短终端访问网络系统的时间,需要确定终端当前所在的物理位置,根据物理位置在至少一个预设网络系统中选取距离终端最近的目标网络系统,以便在后续将终端接入到该目标网络系统中。In the embodiment of this application, if the domain name of the terminal is an external domain name, it means that the terminal is an external terminal of the enterprise and cannot provide the writing function for the terminal. In order to shorten the time for the terminal to access the network system, it is necessary to determine the current physical location of the terminal According to the physical location, the target network system closest to the terminal is selected from at least one preset network system, so that the terminal can be subsequently connected to the target network system.
103、关闭目标网络系统的写入功能,将终端接入至目标网络系统。103. Turn off the write function of the target network system, and connect the terminal to the target network system.
在本申请实施例中,由于具有外网域名的终端表示该终端是企业外部的终端,不能给终端提供写入功能,因此,在确定了目标网络系统后,关闭目标网络系统的写入功能,并将终端接入至关闭了写入功能的目标网络系统。In the embodiment of this application, since the terminal with the external network domain name indicates that the terminal is a terminal outside the enterprise and cannot provide the terminal with the writing function, therefore, after the target network system is determined, the writing function of the target network system is turned off. And connect the terminal to the target network system with the write function disabled.
本申请实施例提供的方法,在接收到终端的访问请求时,获取终端的终端域名,并在终端域名为外网域名时,根据终端当前所在的物理位置选取目标网络系统,关闭目标网络系统的写入功能,将终端接入关闭写入功能后的目标网络中,使得可以根据终端的终端域名确定是否给终端开启写入功能,降低了网络系统中的数据被篡改的风险,有效的保证网络系统的安全性以及高可用性。The method provided in the embodiment of this application obtains the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal, and the target network system is closed. The write function connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system and effectively guarantees the network System security and high availability.
本申请实施例提供了一种网络系统访问方法,可以在接收到终端的访问请求时,获取终端的终端域名,并在终端域名为外网域名时,根据终端当前所在的物理位置选取目标网络系统,关闭目标网络系统的写入功能,将终端接入关闭写入功能后的目标网络中,使得可以根据终端的终端域名确定是否给终端开启写入功能,达到了降低网络系统中的数据被篡改的风险,有效保证网络系统的安全性以及高可用性的目的,如图2所示,该方法包括:The embodiment of the application provides a method for accessing a network system, which can obtain the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal , Turn off the write function of the target network system, and connect the terminal to the target network after the write function is turned off, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the data in the network system from being tampered with The risk of effectively ensuring the security of the network system and the purpose of high availability, as shown in Figure 2, the method includes:
201、当接收到终端的访问请求时,根据终端的终端标识,查询终端的终端域名,如果终端域名为外网域名,则执行下述步骤202至步骤204;如果终端域名为内网域名,则执行下述步骤205。201. When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal ID of the terminal. If the terminal domain name is an external domain name, perform the following steps 202 to 204; if the terminal domain name is an intranet domain name, then Perform the following step 205.
在本申请实施例中,申请人认识到,工作人员使用的终端与外部人员使用的终端在终端域名上是存在差异的,通过终端域名可以区分终端是内部的终端还是外部的终端,因此,为 了避免外部终端具有过大的权限而导致网络系统的数据库中数据不安全,存在被篡改的风险,可以在检测到终端请求进行访问时,根据终端的终端域名,确定终端可以享有的权限,将终端接入不同的网络系统中,从而限制终端在数据读取和写入中的权限。In the embodiments of this application, the applicant realizes that there is a difference in the terminal domain name between the terminal used by the staff and the terminal used by external personnel. The terminal domain name can be used to distinguish whether the terminal is an internal terminal or an external terminal. To avoid that the external terminal has too much authority to cause the data in the network system’s database to be insecure, and there is a risk of tampering. When a terminal request for access is detected, the terminal domain name can be used to determine the authority that the terminal can enjoy. Access to different network systems, thereby limiting the terminal's authority to read and write data.
其中,数据库中可以存储每个终端对应的终端域名,从而在终端请求访问时,可以直接查询到该终端的终端域名。考虑到每个终端的IP(Internet Protocol,网络之间互连的协议)地址以及用户所使用的用户账户是不同的,因此,可以将终端的IP地址或者用户账户作为终端的终端标识,并在数据库中存储每个终端对应的终端域名时,采用终端标识进行标记。具体地,在数据库中存储终端域名时,可以生成如表1所示的域名表,并基于该域名表存储终端标识与终端域名。Among them, the terminal domain name corresponding to each terminal can be stored in the database, so that when the terminal requests access, the terminal domain name of the terminal can be directly queried. Considering that the IP (Internet Protocol, interconnection protocol between networks) address of each terminal and the user account used by the user are different, the IP address or user account of the terminal can be used as the terminal identification of the terminal, and When the terminal domain name corresponding to each terminal is stored in the database, the terminal identifier is used for marking. Specifically, when the terminal domain name is stored in the database, the domain name table shown in Table 1 can be generated, and the terminal identification and the terminal domain name are stored based on the domain name table.
表1Table 1
终端标识Terminal ID 终端域名Terminal domain name
166.111.1.11166.111.1.11 XXX.comXXX.com
166.111.1.12166.111.1.12 yyy.comyyy.com
由于数据库中存储有终端域名,因此,当接收到终端发送的访问请求时,便可以获取终端的终端标识,根据终端标识在数据库中进行查询,获取该终端标识对应的终端域名,以便后续根据终端的域名将终端接入到不同的网络系统中。在实际应用的过程中,可能存在数据库中并未存储终端的终端域名的情况,也即根据终端标识是不能在数据库中查询到对应的终端域名,此时,便可以根据终端标识判断该终端是内部的终端还是外部的终端。Since the terminal domain name is stored in the database, when an access request sent by the terminal is received, the terminal ID of the terminal can be obtained, and the database can be queried according to the terminal ID to obtain the terminal domain name corresponding to the terminal ID, so as to follow The domain name connects the terminal to different network systems. In the actual application process, there may be the case that the terminal domain name of the terminal is not stored in the database, that is, the corresponding terminal domain name cannot be queried in the database according to the terminal ID. In this case, the terminal can be judged according to the terminal ID. The internal terminal is also the external terminal.
具体地,如果终端标识为IP地址,则可以查询该IP地址是否为企业内部提供的IP地址,并在确定该IP地址为企业内部提供的IP地址时,直接确定该终端为内部终端,也即该终端的终端域名为内网域名,此时,为了后续该终端再次请求访问时可以直接确定该终端的域名类别,还可以为该终端分配一个内网域名,并将为其分配的内网域名与该终端的终端标识对应存储至数据库中。在确定该IP地址并不是企业内部提供的IP地址时,直接确定该终端为外部终端,也即该终端的终端域名为外网域名,此时,为了后续该终端再次请求访问时可以直接确定该终端的域名类别,还可以为该终端分配一个外网域名,并将为其分配的外网域名与该终端的终端标识对应存储至数据库中。Specifically, if the terminal is identified as an IP address, it can be queried whether the IP address is an IP address provided inside the enterprise, and when it is determined that the IP address is an IP address provided inside the enterprise, it is directly determined that the terminal is an internal terminal, that is The terminal domain name of the terminal is the intranet domain name. At this time, in order to directly determine the domain name category of the terminal when the terminal requests access again, the terminal can also be assigned an intranet domain name and the intranet domain name assigned to it The terminal identification corresponding to the terminal is stored in the database. When it is determined that the IP address is not an IP address provided by the enterprise, directly determine that the terminal is an external terminal, that is, the terminal domain name of the terminal is an external network domain name. In this case, the terminal can directly determine the The domain name category of the terminal can also allocate an extranet domain name to the terminal, and store the allocated extranet domain name corresponding to the terminal identification of the terminal in the database.
如果终端标识为用户账户,则可以查询该用户账户是否为企业内部账户,并在确定该用户账户为企业内部账户时,直接确定该终端为内部终端,也即该终端的终端域名为内网域名,此时,为了后续该终端再次请求访问时可以直接确定该终端的域名类别,还可以为该终端分配一个内网域名,并将为其分配的内网域名与该终端的终端标识对应存储至数据库中。在确 定该用户账户并不是企业内部账户时,直接确定该终端为外部终端,也即该终端的终端域名为外网域名,此时,为了后续该终端再次请求访问时可以直接确定该终端的域名类别,还可以为该终端分配一个外网域名,并将为其分配的外网域名与该终端的终端标识对应存储至数据库中。If the terminal is identified as a user account, you can query whether the user account is an internal company account, and when determining that the user account is an internal company account, directly determine that the terminal is an internal terminal, that is, the terminal domain name of the terminal is an intranet domain name At this time, in order to directly determine the domain name category of the terminal when the terminal requests access again later, an intranet domain name can also be assigned to the terminal, and the assigned intranet domain name and the terminal identification of the terminal can be stored in In the database. When it is determined that the user account is not an internal company account, the terminal is directly determined as an external terminal, that is, the terminal domain name of the terminal is an external domain name. At this time, the domain name of the terminal can be directly determined when the terminal requests access again later Category, it is also possible to assign an extranet domain name to the terminal, and store the assigned extranet domain name corresponding to the terminal identification of the terminal in the database.
通过执行上述过程,便可以确定发送访问请求的终端的终端域名是内网域名还是外网域名,如果终端域名为外网域名,则表示该终端并不是企业内部的终端,不能为该终端提供写入权限,需要将该终端接入到没有写入功能的网络系统,也即执行下述步骤202至步骤204;如果终端域名为内网域名,则表示该终端是企业内部的终端,是可以同时为该终端提供读取权限和写入权限的,可将该终端接入到具有读取功能和写入功能的网络系统,也即执行下述步骤205。By performing the above process, it can be determined whether the terminal domain name of the terminal sending the access request is an intranet domain name or an external domain name. If the terminal domain name is an external domain name, it means that the terminal is not an internal terminal of the enterprise and cannot provide writing for the terminal. Access authority, the terminal needs to be connected to the network system without writing function, that is, the following steps 202 to 204 are executed; if the terminal domain name is an intranet domain name, it means that the terminal is an internal terminal of the enterprise and can be used at the same time If the terminal is provided with a read permission and a write permission, the terminal can be connected to a network system with a read function and a write function, that is, the following step 205 is performed.
202、如果终端域名为外网域名,则根据终端标识,对终端进行定位,确定终端当前所在的物理位置。202. If the terminal domain name is an external network domain name, locate the terminal according to the terminal identifier, and determine the current physical location of the terminal.
在本申请实施例中,如果终端域名为外网域名,则表示该终端并不是企业内部的终端,只能为该终端提供读取功能,也即该终端只能读取网络系统中的数据,但是并不能对网络系统中的数据进行更改以及写入等操作,因此,需要为终端确定一个不具有写入功能的目标网络系统,并在后续将终端接入到该目标网络系统中。In the embodiments of this application, if the terminal domain name is an external network domain name, it means that the terminal is not an internal terminal of the enterprise and can only provide the terminal with a reading function, that is, the terminal can only read data in the network system. However, it is not possible to modify and write data in the network system. Therefore, it is necessary to determine a target network system that does not have a write function for the terminal, and subsequently connect the terminal to the target network system.
其中,在为终端确定接入的网络系统时,考虑到有些网络系统距离终端较远,如果将终端接入到距离较远的网络系统,则终端在网络系统中读取数据时会浪费大量的资源和时间,且工作量也较大,因此,为了节省资源、时间和工作量,在为终端确定接入的目标网络时,可以为终端确定一个距离其较近的网络系统接入。具体地,可以根据终端的终端标识,对终端进行定位,确定终端当前所在的物理位置,以便在后续可以根据终端的物理位置为终端确定距离终端最近的网络系统接入。Among them, when determining the network system to be accessed by the terminal, considering that some network systems are far away from the terminal, if the terminal is connected to a network system that is far away, the terminal will waste a lot of data when reading data in the network system. Resources and time, and the workload is also relatively large. Therefore, in order to save resources, time and workload, when determining the target network for the terminal to access, a network system close to it can be determined for the terminal to access. Specifically, the terminal can be located according to the terminal identifier of the terminal, and the physical location of the terminal currently located can be determined, so that the terminal can subsequently determine the network system access nearest to the terminal based on the physical location of the terminal.
203、获取至少一个预设网络系统,计算至少一个网络系统与物理位置之间的至少一个地理距离,将至少一个地理距离从大到小进行排序,得到排序结果,并提取排序结果中排在末位的地理距离作为目标地理距离,将目标地理距离对应的预设网络系统作为目标网络系统。203. Obtain at least one preset network system, calculate at least one geographic distance between the at least one network system and the physical location, sort the at least one geographic distance from largest to smallest, obtain a ranking result, and extract the ranking result to be ranked last The geographic distance of the location is taken as the target geographic distance, and the preset network system corresponding to the target geographic distance is taken as the target network system.
在本申请实施例中,对于一个企业来说,其中会设置至少一个预设网络系统以供终端的接入,这些预设网络系统可能在不同的地区,但是至少一个预设网络系统中存储的数据都是相同的,因此,当确定了终端的物理位置后,便可以根据该至少一个预设网络系统所在的位置,计算至少一个网络系统与物理位置之间的至少一个地理距离,并通过至少一个地理距离,确定距离终端最近的预设网络系统。In the embodiment of this application, for an enterprise, at least one preset network system will be set up for terminal access. These preset network systems may be in different regions, but at least one preset network system is stored The data is the same. Therefore, after the physical location of the terminal is determined, the at least one geographic distance between the at least one network system and the physical location can be calculated according to the location of the at least one preset network system, and the A geographic distance determines the preset network system closest to the terminal.
具体地,在计算得到至少一个网络系统与物理位置之间的至少一个地理距离后,首先,将至少一个地理距离从大到小进行排序,得到排序结果;随后,在排序结果中提取排在末位的地理距离作为目标地理距离,将目标地理距离对应的预设网络系统作为目标网络系统,也即提取至少一个地理距离中最小的地理距离作为目标地理距离,并将该目标地理距离对应的预设网络系统作为目标网络系统,以便在后续将终端接入到该目标网络系统。需要说明的是,在将至少一个地理距离进行排序时,还可以按照从小到大的顺序排序,并将排在首位的地理距离作为目标地理距离,只要保证目标地理距离是至少一个地理距离中最小的即可。Specifically, after calculating at least one geographic distance between at least one network system and the physical location, first, sort the at least one geographic distance from largest to smallest to obtain the ranking result; then, extract the ranking result from the ranking result. The geographic distance of the location is taken as the target geographic distance, and the preset network system corresponding to the target geographic distance is taken as the target network system, that is, the smallest geographic distance among at least one geographic distance is extracted as the target geographic distance, and the preset network system corresponding to the target geographic distance Set the network system as the target network system so that the terminal can be connected to the target network system later. It should be noted that when sorting at least one geographic distance, you can also sort from smallest to largest, and set the top geographic distance as the target geographic distance, as long as the target geographic distance is the smallest of at least one geographic distance. Can be.
204、关闭目标网络系统的写入功能,将终端接入至目标网络系统。204. Turn off the write function of the target network system, and connect the terminal to the target network system.
在本申请实施例中,当确定了目标网络系统后,由于该终端的终端域名是外网域名,该终端仅可以在目标网络系统数读取和查看数据,该终端是不能在目标网络系统中写入数据的,因此,需要关闭该目标网络系统的写入功能,并将终端接入到已经关闭写入功能的目标网络系统中。其中,在关闭目标网络系统的写入功能时,首先,可以确定目标网络系统的至少一个数据写入接口,具体地,数据写入接口可包括DB(Data Base,数据库)写入接口以及Redis(键值库)写入接口。随后,禁用确定的至少一个数据写入接口,从而实现将目标网络系统的写入功能关闭,并将终端接入至禁用至少一个数据写入接口后的目标网络系统。In the embodiment of this application, after the target network system is determined, since the terminal domain name of the terminal is an external network domain name, the terminal can only read and view data in the target network system data, and the terminal cannot be in the target network system. To write data, therefore, it is necessary to turn off the write function of the target network system, and connect the terminal to the target network system whose write function has been turned off. Among them, when closing the write function of the target network system, firstly, at least one data write interface of the target network system can be determined. Specifically, the data write interface can include a DB (Data Base, database) write interface and Redis ( Key value library) write interface. Subsequently, the determined at least one data writing interface is disabled, so that the writing function of the target network system is closed, and the terminal is connected to the target network system after the at least one data writing interface is disabled.
205、如果终端域名为内网域名,则在至少一个预设网络中确定内网网络系统,将终端接入内网网络系统。205. If the terminal domain name is an intranet domain name, determine an intranet network system in at least one preset network, and connect the terminal to the intranet network system.
在本申请实施例中,如果终端域名为内网域名,则表示该终端是企业内部的终端,终端不仅可以在网络系统中读取数据,还可以在网络系统中写入数据或者修改数据,因此,需要该终端接入的网络系统同时具备写入功能和读取功能,这样,在至少一个预设网络中确定具有写入功能以及读取功能的内网网络系统,并将该终端接入到内网网络系统中,基于该内网网络系统为终端提供数据读取服务以及数据写入服务。In the embodiment of this application, if the terminal domain name is an intranet domain name, it means that the terminal is an internal terminal of the enterprise. The terminal can not only read data in the network system, but also write or modify data in the network system. , The network system that the terminal needs to access has both writing and reading functions. In this way, an intranet network system with writing and reading functions is determined in at least one preset network, and the terminal is connected to In the intranet network system, based on the intranet network system, the terminal provides data reading services and data writing services.
在实际应用的过程中,由于具有内网域名的终端是被允许在接入的内网网络系统中写入数据的,因此,当接收到终端基于内网网络系统写入的目标数据时,便可以将接收到的目标数据存储至内网网络系统。而由于至少一个预设网络中的每一个预设网络中存储的数据都是一致的,因此,在将目标数据存储至内网网络系统中后,需要将目标数据同步至至少一个预设网络系统中,从而保证至少一个预设网络系统中数据的一致性。In the actual application process, since the terminal with the intranet domain name is allowed to write data in the accessed intranet network system, when receiving the target data written by the terminal based on the intranet network system, it will The received target data can be stored in the intranet network system. Since the data stored in each preset network in at least one preset network are consistent, after storing the target data in the intranet network system, the target data needs to be synchronized to at least one preset network system In order to ensure the consistency of data in at least one preset network system.
本申请实施例提供的方法,在接收到终端的访问请求时,获取终端的终端域名,并在终端域名为外网域名时,根据终端当前所在的物理位置选取目标网络系统,关闭目标网络系统的写入功能,将终端接入关闭写入功能后的目标网络中,使得可以根据终端的终端域名确定 是否给终端开启写入功能,降低了网络系统中的数据被篡改的风险,有效的保证网络系统的安全性以及高可用性。The method provided in the embodiment of this application obtains the terminal domain name of the terminal when the terminal's access request is received, and when the terminal domain name is an external network domain name, the target network system is selected according to the current physical location of the terminal, and the target network system is closed. The write function connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system and effectively guarantees the network System security and high availability.
进一步地,作为图1所述方法的具体实现,本申请实施例提供了一种网络系统访问装置,如图3A所示,所述装置包括:查询模块301,第一确定模块302和关闭模块303。Further, as a specific implementation of the method described in FIG. 1, an embodiment of the present application provides a network system access device. As shown in FIG. 3A, the device includes: a query module 301, a first determination module 302, and a shutdown module 303 .
该查询模块301,用于当接收到终端的访问请求时,根据终端的终端标识,查询终端的终端域名,终端域名指示了终端对网络系统的访问权限;The query module 301 is configured to query the terminal domain name of the terminal according to the terminal identifier of the terminal when an access request of the terminal is received, and the terminal domain name indicates the access authority of the terminal to the network system;
该第一确定模块302,用于如果终端域名为外网域名,则确定终端当前所在的物理位置,根据物理位置在至少一个预设网络系统中选取目标网络系统,目标网络系统与物理位置之间的目标地理距离满足距离要求;The first determining module 302 is configured to determine the current physical location of the terminal if the terminal domain name is an external network domain name, and select a target network system from at least one preset network system according to the physical location, between the target network system and the physical location The target geographic distance meets the distance requirement;
该关闭模块303,用于关闭目标网络系统的写入功能,将终端接入至目标网络系统。The closing module 303 is used to close the write function of the target network system and connect the terminal to the target network system.
在具体的应用场景中,如图3B所示,该第一确定模块302,包括:定位单元3021,计算单元3022,排序单元3023和提取单元3024。In a specific application scenario, as shown in FIG. 3B, the first determining module 302 includes: a positioning unit 3021, a calculation unit 3022, a sorting unit 3023, and an extraction unit 3024.
该定位单元3021果终端域名为外网域名,则根据终端标识,对终端进行定位,确定终端当前所在的物理位置;If the terminal domain name is an external network domain name, the positioning unit 3021 locates the terminal according to the terminal identifier and determines the current physical location of the terminal;
该计算单元3022,用于获取至少一个预设网络系统,计算至少一个网络系统与物理位置之间的至少一个地理距离;The calculation unit 3022 is configured to obtain at least one preset network system, and calculate at least one geographic distance between the at least one network system and the physical location;
该排序单元3023,用于将至少一个地理距离从大到小进行排序,得到排序结果;The sorting unit 3023 is used to sort at least one geographic distance from large to small to obtain a sorting result;
该提取单元3024,用于提取排序结果中排在末位的地理距离作为目标地理距离,将目标地理距离对应的预设网络系统作为目标网络系统。The extracting unit 3024 is configured to extract the geographic distance ranked last in the ranking result as the target geographic distance, and use the preset network system corresponding to the target geographic distance as the target network system.
在具体的应用场景中,如图3C所示,该关闭模块303,包括:确定单元3031和接入单元3032。In a specific application scenario, as shown in FIG. 3C, the closing module 303 includes a determining unit 3031 and an access unit 3032.
该确定单元3031,用于确定目标网络系统的至少一个数据写入接口,数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;The determining unit 3031 is configured to determine at least one data writing interface of the target network system, the data writing interface includes at least a database DB writing interface and a key-value library Redis writing interface;
该接入单元3032,用于禁用至少一个数据写入接口,将终端接入至禁用至少一个数据写入接口后的目标网络系统。The access unit 3032 is configured to disable at least one data writing interface, and connect the terminal to the target network system after the at least one data writing interface is disabled.
在具体的应用场景中,如图3D所示,该装置还包括:第二确定模块304。In a specific application scenario, as shown in FIG. 3D, the device further includes: a second determining module 304.
该第二确定模块304,用于如果终端域名为内网域名,则在至少一个预设网络中确定内网网络系统,将终端接入内网网络系统,内网网络系统具有写入功能以及读取功能。The second determining module 304 is configured to determine the intranet network system in at least one preset network if the terminal domain name is an intranet domain name, and connect the terminal to the intranet network system. The intranet network system has the function of writing and reading. Take function.
在具体的应用场景中,如图3E所示,该装置还包括:接收模块305和同步模块306。In a specific application scenario, as shown in FIG. 3E, the device further includes: a receiving module 305 and a synchronization module 306.
该接收模块305,用于当接收到终端基于内网网络系统写入的目标数据时,将目标数据 存储至内网网络系统;The receiving module 305 is configured to store the target data in the intranet network system when receiving the target data written by the terminal based on the intranet network system;
该同步模块306,用于将目标数据同步至至少一个预设网络系统中。The synchronization module 306 is used to synchronize the target data to at least one preset network system.
本申请实施例提供的装置,在接收到终端的访问请求时,获取终端的终端域名,并在终端域名为外网域名时,根据终端当前所在的物理位置选取目标网络系统,关闭目标网络系统的写入功能,将终端接入关闭写入功能后的目标网络中,使得可以根据终端的终端域名确定是否给终端开启写入功能,降低了网络系统中的数据被篡改的风险,有效的保证网络系统的安全性以及高可用性。The device provided by the embodiment of the present application obtains the terminal domain name of the terminal when receiving the access request of the terminal, and when the terminal domain name is an external network domain name, selects the target network system according to the current physical location of the terminal, and closes the target network system. The write function connects the terminal to the target network after the write function is disabled, so that it can be determined whether to enable the write function for the terminal according to the terminal domain name of the terminal, which reduces the risk of data tampering in the network system and effectively guarantees the network System security and high availability.
需要说明的是,本申请实施例提供的一种网络系统访问装置所涉及各功能单元的其他相应描述,可以参考图1和图2中的对应描述,在此不再赘述。It should be noted that, for other corresponding descriptions of the functional units involved in the network system access device provided in the embodiment of the present application, reference may be made to the corresponding descriptions in FIG. 1 and FIG. 2, and details are not repeated here.
在示例性实施例中,参见图4,还提供了一种设备,该设备400包括通信总线、处理器、存储器和通信接口,还可以包括、输入输出接口和显示设备,其中,各个功能单元之间可以通过总线完成相互间的通信。该存储器存储有计算机可读指令,处理器,用于执行存储器上所存放的计算机可读指令,执行上述实施例中的网络系统访问方法。In an exemplary embodiment, referring to FIG. 4, a device is also provided. The device 400 includes a communication bus, a processor, a memory, and a communication interface, and may also include an input and output interface, and a display device, wherein one of the functional units The communication between each other can be completed through the bus. The memory stores computer-readable instructions, and the processor is configured to execute the computer-readable instructions stored in the memory, and execute the network system access method in the foregoing embodiment.
一种非易失性可读存储介质,其上存储有计算机可读指令,所述计算机可读指令被处理器执行时实现所述的网络系统访问方法的步骤。通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到本申请可以通过硬件实现,也可以借助软件加必要的通用硬件平台的方式来实现。基于这样的理解,本申请的技术方案可以以软件产品的形式体现出来,该软件产品可以存储在一个非易失性存储介质(可以是CD-ROM,U盘,移动硬盘等)中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施场景所述的方法。A non-volatile readable storage medium has computer readable instructions stored thereon, and when the computer readable instructions are executed by a processor, the steps of the network system access method are realized. Through the description of the above implementation manners, those skilled in the art can clearly understand that this application can be implemented by hardware, or by software plus a necessary general hardware platform. Based on this understanding, the technical solution of this application can be embodied in the form of a software product. The software product can be stored in a non-volatile storage medium (which can be a CD-ROM, U disk, mobile hard disk, etc.), including several The instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute the methods described in each implementation scenario of this application.
本领域技术人员可以理解附图只是一个优选实施场景的示意图,附图中的模块或流程并不一定是实施本申请所必须的。Those skilled in the art can understand that the accompanying drawings are only schematic diagrams of preferred implementation scenarios, and the modules or processes in the accompanying drawings are not necessarily necessary for implementing this application.
本领域技术人员可以理解实施场景中的装置中的模块可以按照实施场景描述进行分布于实施场景的装置中,也可以进行相应变化位于不同于本实施场景的一个或多个装置中。上述实施场景的模块可以合并为一个模块,也可以进一步拆分成多个子模块。Those skilled in the art can understand that the modules in the device in the implementation scenario can be distributed in the device in the implementation scenario according to the description of the implementation scenario, or can be changed to be located in one or more devices different from the implementation scenario. The modules of the above implementation scenarios can be combined into one module or further divided into multiple sub-modules.
上述本申请序号仅仅为了描述,不代表实施场景的优劣。The above serial number of this application is only for description, and does not represent the merits of implementation scenarios.
以上公开的仅为本申请的几个具体实施场景,但是,本申请并非局限于此,任何本领域的技术人员能思之的变化都应落入本申请的保护范围。The above disclosures are only a few specific implementation scenarios of the application, but the application is not limited to these, and any changes that can be thought of by those skilled in the art should fall into the protection scope of the application.

Claims (20)

  1. 一种网络系统访问方法,其特征在于,包括:A method for accessing a network system, characterized in that it comprises:
    当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal identifier of the terminal, where the terminal domain name indicates the access authority of the terminal to the network system;
    如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;If the terminal domain name is an external network domain name, the current physical location of the terminal is determined, and a target network system is selected from at least one preset network system according to the physical location. The target network system is between the target network system and the physical location. The geographic distance between the target meets the distance requirement;
    关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。Turn off the write function of the target network system, and connect the terminal to the target network system.
  2. 根据权利要求1所述的方法,其特征在于,所述如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,包括:The method according to claim 1, wherein if the terminal domain name is an external network domain name, the physical location of the terminal is determined, and the physical location is selected from at least one preset network system according to the physical location Target network system, including:
    如果所述终端域名为外网域名,则根据所述终端标识,对所述终端进行定位,确定所述终端当前所在的所述物理位置;If the terminal domain name is an external network domain name, locate the terminal according to the terminal identifier, and determine the physical location where the terminal is currently located;
    获取所述至少一个预设网络系统,计算所述至少一个网络系统与所述物理位置之间的至少一个地理距离;Acquiring the at least one preset network system, and calculating at least one geographic distance between the at least one network system and the physical location;
    将所述至少一个地理距离从大到小进行排序,得到排序结果;Sort the at least one geographic distance from largest to smallest to obtain a ranking result;
    提取所述排序结果中排在末位的地理距离作为所述目标地理距离,将所述目标地理距离对应的预设网络系统作为目标网络系统。The geographic distance ranked last in the ranking result is extracted as the target geographic distance, and a preset network system corresponding to the target geographic distance is used as the target network system.
  3. 根据权利要求1所述的方法,其特征在于,所述关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统,包括:The method according to claim 1, wherein the turning off the writing function of the target network system and connecting the terminal to the target network system comprises:
    确定所述目标网络系统的至少一个数据写入接口,所述数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;Determine at least one data writing interface of the target network system, where the data writing interface includes at least a database DB writing interface and a key-value database Redis writing interface;
    禁用所述至少一个数据写入接口,将所述终端接入至禁用所述至少一个数据写入接口后的所述目标网络系统。Disabling the at least one data writing interface, and connecting the terminal to the target network system after the at least one data writing interface is disabled.
  4. 根据权利要求1所述的方法,其特征在于,所述当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名之后,所述方法还包括:The method according to claim 1, characterized in that, after the terminal domain name of the terminal is inquired according to the terminal identifier of the terminal when the access request of the terminal is received, the method further comprises:
    如果所述终端域名为内网域名,则在所述至少一个预设网络中确定内网网络系统,将所述终端接入所述内网网络系统,所述内网网络系统具有写入功能以及读取功能。If the terminal domain name is an intranet domain name, an intranet network system is determined in the at least one preset network, the terminal is connected to the intranet network system, and the intranet network system has a writing function and Read function.
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method according to claim 4, wherein the method further comprises:
    当接收到所述终端基于所述内网网络系统写入的目标数据时,将所述目标数据存储至所述内网网络系统;When receiving the target data written by the terminal based on the intranet network system, storing the target data in the intranet network system;
    将所述目标数据同步至所述至少一个预设网络系统中。The target data is synchronized to the at least one preset network system.
  6. 一种网络系统访问装置,其特征在于,包括:A network system access device, characterized in that it comprises:
    查询模块,用于当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;The query module is configured to query the terminal domain name of the terminal according to the terminal identifier of the terminal when the access request of the terminal is received, and the terminal domain name indicates the access authority of the terminal to the network system;
    第一确定模块,用于如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;The first determining module is configured to determine the current physical location of the terminal if the terminal domain name is an external network domain name, and select a target network system from at least one preset network system according to the physical location, and the target network The target geographic distance between the system and the physical location meets the distance requirement;
    关闭模块,用于关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。The closing module is used to close the write function of the target network system and connect the terminal to the target network system.
  7. 根据权利要求6所述的装置,其特征在于,所述第一确定模块,包括:The device according to claim 6, wherein the first determining module comprises:
    定位单元,用于如果所述终端域名为外网域名,则根据所述终端标识,对所述终端进行定位,确定所述终端当前所在的所述物理位置;A positioning unit, configured to locate the terminal according to the terminal identifier if the terminal domain name is an external network domain name, and determine the physical location where the terminal is currently located;
    计算单元,用于获取所述至少一个预设网络系统,计算所述至少一个网络系统与所述物理位置之间的至少一个地理距离;A calculating unit, configured to obtain the at least one preset network system, and calculate at least one geographic distance between the at least one network system and the physical location;
    排序单元,用于将所述至少一个地理距离从大到小进行排序,得到排序结果;A sorting unit, configured to sort the at least one geographic distance from large to small to obtain a sorting result;
    提取单元,用于提取所述排序结果中排在末位的地理距离作为所述目标地理距离,将所述目标地理距离对应的预设网络系统作为目标网络系统。The extraction unit is configured to extract the geographic distance ranked last in the ranking result as the target geographic distance, and use the preset network system corresponding to the target geographic distance as the target network system.
  8. 根据权利要求6所述的装置,其特征在于,所述关闭模块,包括:The device according to claim 6, wherein the closing module comprises:
    确定单元,用于确定所述目标网络系统的至少一个数据写入接口,所述数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;The determining unit is configured to determine at least one data writing interface of the target network system, the data writing interface includes at least a database DB writing interface and a key-value library Redis writing interface;
    接入单元,用于禁用所述至少一个数据写入接口,将所述终端接入至禁用所述至少一个数据写入接口后的所述目标网络系统。The access unit is configured to disable the at least one data writing interface, and connect the terminal to the target network system after the at least one data writing interface is disabled.
  9. 根据权利要求6所述的装置,其特征在于,所述装置还包括:The device according to claim 6, wherein the device further comprises:
    第二确定模块,用于如果所述终端域名为内网域名,则在所述至少一个预设网络中确定内网网络系统,将所述终端接入所述内网网络系统,所述内网网络系统具有写入功能以及读取功能。The second determining module is configured to, if the terminal domain name is an intranet domain name, determine an intranet network system in the at least one preset network, and connect the terminal to the intranet network system, and the intranet The network system has a write function and a read function.
  10. 根据权利要求7所述的装置,其特征在于,所述装置还包括:The device according to claim 7, wherein the device further comprises:
    接收模块,用于当接收到所述终端基于所述内网网络系统写入的目标数据时,将所述目标数据存储至所述内网网络系统;A receiving module, configured to store the target data in the intranet network system when the target data written by the terminal based on the intranet network system is received;
    同步模块,用于将所述目标数据同步至所述至少一个预设网络系统中。The synchronization module is used to synchronize the target data to the at least one preset network system.
  11. 一种计算机设备,包括存储器和处理器,所述存储器存储有计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现网络系统访问方法,包括:A computer device includes a memory and a processor, the memory stores computer-readable instructions, and is characterized in that the method for implementing network system access when the processor executes the computer-readable instructions includes:
    当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal identification of the terminal. The terminal domain name indicates the access authority of the terminal to the network system; if the terminal domain name is an extranet domain name, then Determine the physical location where the terminal is currently located, select a target network system from at least one preset network system according to the physical location, and the target geographic distance between the target network system and the physical location meets the distance requirement; close all The write function of the target network system connects the terminal to the target network system.
  12. 根据权利要求11所述的计算机设备,其特征在于,所述如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,包括:The computer device according to claim 11, wherein if the terminal domain name is an external network domain name, the current physical location of the terminal is determined, and in at least one preset network system according to the physical location Select the target network system, including:
    如果所述终端域名为外网域名,则根据所述终端标识,对所述终端进行定位,确定所述终端当前所在的所述物理位置;If the terminal domain name is an external network domain name, locate the terminal according to the terminal identifier, and determine the physical location where the terminal is currently located;
    获取所述至少一个预设网络系统,计算所述至少一个网络系统与所述物理位置之间的至少一个地理距离;Acquiring the at least one preset network system, and calculating at least one geographic distance between the at least one network system and the physical location;
    将所述至少一个地理距离从大到小进行排序,得到排序结果;Sort the at least one geographic distance from largest to smallest to obtain a ranking result;
    提取所述排序结果中排在末位的地理距离作为所述目标地理距离,将所述目标地理距离对应的预设网络系统作为目标网络系统。The geographic distance ranked last in the ranking result is extracted as the target geographic distance, and a preset network system corresponding to the target geographic distance is used as the target network system.
  13. 根据权利要求11所述的计算机设备,其特征在于,所述关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统,包括:The computer device according to claim 11, wherein the closing the write function of the target network system and connecting the terminal to the target network system comprises:
    确定所述目标网络系统的至少一个数据写入接口,所述数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;Determine at least one data writing interface of the target network system, where the data writing interface includes at least a database DB writing interface and a key-value database Redis writing interface;
    禁用所述至少一个数据写入接口,将所述终端接入至禁用所述至少一个数据写入接口后的所述目标网络系统。Disabling the at least one data writing interface, and connecting the terminal to the target network system after the at least one data writing interface is disabled.
  14. 根据权利要求11所述的计算机设备,其特征在于,所述当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名之后,所述方法还包括:The computer device according to claim 11, wherein the method further comprises: after the terminal domain name of the terminal is inquired according to the terminal identifier of the terminal when the access request of the terminal is received, the method further comprises:
    如果所述终端域名为内网域名,则在所述至少一个预设网络中确定内网网络系统,将所述终端接入所述内网网络系统,所述内网网络系统具有写入功能以及读取功能。If the terminal domain name is an intranet domain name, an intranet network system is determined in the at least one preset network, the terminal is connected to the intranet network system, and the intranet network system has a writing function and Read function.
  15. 根据权利要求14所述的计算机设备,其特征在于,所述方法还包括:The computer device according to claim 14, wherein the method further comprises:
    当接收到所述终端基于所述内网网络系统写入的目标数据时,将所述目标数据存储至所述内网网络系统;When receiving the target data written by the terminal based on the intranet network system, storing the target data in the intranet network system;
    将所述目标数据同步至所述至少一个预设网络系统中。The target data is synchronized to the at least one preset network system.
  16. 一种非易失性可读存储介质,其上存储有计算机可读指令,其特征在于,所述计算机可读指令被处理器执行时实现网络系统访问方法,包括:A non-volatile readable storage medium having computer readable instructions stored thereon, characterized in that, when the computer readable instructions are executed by a processor, a method for accessing a network system is realized, including:
    当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;When receiving the access request of the terminal, query the terminal domain name of the terminal according to the terminal identifier of the terminal, where the terminal domain name indicates the access authority of the terminal to the network system;
    如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;If the terminal domain name is an external network domain name, the current physical location of the terminal is determined, and a target network system is selected from at least one preset network system according to the physical location. The target network system is between the target network system and the physical location. The geographic distance between the target meets the distance requirement;
    关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。Turn off the write function of the target network system, and connect the terminal to the target network system.
  17. 根据权利要求16所述的非易失性可读存储介质,其特征在于,当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名,所述终端域名指示了终端对网络系统的访问权限;The non-volatile readable storage medium according to claim 16, wherein when an access request of the terminal is received, the terminal domain name of the terminal is queried according to the terminal identification of the terminal, and the terminal domain name indicates The terminal has access to the network system;
    如果所述终端域名为外网域名,则确定所述终端当前所在的物理位置,根据所述物理位置在至少一个预设网络系统中选取目标网络系统,所述目标网络系统与所述物理位置之间的目标地理距离满足距离要求;If the terminal domain name is an external network domain name, the current physical location of the terminal is determined, and a target network system is selected from at least one preset network system according to the physical location. The target network system is between the target network system and the physical location. The geographic distance between the target meets the distance requirement;
    关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统。Turn off the write function of the target network system, and connect the terminal to the target network system.
  18. 根据权利要求16所述的非易失性可读存储介质,其特征在于,所述关闭所述目标网络系统的写入功能,将所述终端接入至所述目标网络系统,包括:The non-volatile readable storage medium according to claim 16, wherein the closing the write function of the target network system and connecting the terminal to the target network system comprises:
    确定所述目标网络系统的至少一个数据写入接口,所述数据写入接口至少包括数据库DB写入接口以及键值库Redis写入接口;Determine at least one data writing interface of the target network system, where the data writing interface includes at least a database DB writing interface and a key-value database Redis writing interface;
    禁用所述至少一个数据写入接口,将所述终端接入至禁用所述至少一个数据写入接口后的所述目标网络系统。Disabling the at least one data writing interface, and connecting the terminal to the target network system after the at least one data writing interface is disabled.
  19. 根据权利要求16所述的非易失性可读存储介质,其特征在于,所述当接收到终端的访问请求时,根据所述终端的终端标识,查询所述终端的终端域名之后,所述方法还包括:The non-volatile readable storage medium according to claim 16, wherein when the access request of the terminal is received, after querying the terminal domain name of the terminal according to the terminal identifier of the terminal, the Methods also include:
    如果所述终端域名为内网域名,则在所述至少一个预设网络中确定内网网络系统,将所述终端接入所述内网网络系统,所述内网网络系统具有写入功能以及读取功能。If the terminal domain name is an intranet domain name, an intranet network system is determined in the at least one preset network, the terminal is connected to the intranet network system, and the intranet network system has a writing function and Read function.
  20. 根据权利要求19所述的非易失性可读存储介质,其特征在于,所述方法还包括:The non-volatile readable storage medium of claim 19, wherein the method further comprises:
    当接收到所述终端基于所述内网网络系统写入的目标数据时,将所述目标数据存储至所述内网网络系统;When receiving the target data written by the terminal based on the intranet network system, storing the target data in the intranet network system;
    将所述目标数据同步至所述至少一个预设网络系统中。The target data is synchronized to the at least one preset network system.
PCT/CN2019/118409 2019-02-18 2019-11-14 Network system access method and apparatus, computer device, and readable storage medium WO2020168757A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910119331.X 2019-02-18
CN201910119331.XA CN109981569B (en) 2019-02-18 2019-02-18 Network system access method, device, computer equipment and readable storage medium

Publications (1)

Publication Number Publication Date
WO2020168757A1 true WO2020168757A1 (en) 2020-08-27

Family

ID=67077062

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/118409 WO2020168757A1 (en) 2019-02-18 2019-11-14 Network system access method and apparatus, computer device, and readable storage medium

Country Status (2)

Country Link
CN (1) CN109981569B (en)
WO (1) WO2020168757A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116155859A (en) * 2023-02-15 2023-05-23 中国工商银行股份有限公司 Network access method, device, computer equipment and storage medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981569B (en) * 2019-02-18 2022-01-11 平安科技(深圳)有限公司 Network system access method, device, computer equipment and readable storage medium
CN112565360A (en) * 2020-11-26 2021-03-26 上海互海信息科技有限公司 Comprehensive management system combining external official network and internal network
CN114338817B (en) * 2021-12-22 2023-11-10 中国人民银行清算总中心 Multi-plane network access control method and multi-plane network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120225678A1 (en) * 2011-03-03 2012-09-06 Industry-Academic Cooperation Foundation, Yonsei University Apparatus and method for constructing wireless ap map
CN102761528A (en) * 2011-04-28 2012-10-31 中兴通讯股份有限公司 System and method for data management
CN103354550A (en) * 2013-07-03 2013-10-16 杭州华三通信技术有限公司 Authorization control method and device based on terminal information
CN103457876A (en) * 2012-05-30 2013-12-18 方正宽带网络服务股份有限公司 Method and system for determining nearest access network resources
CN109981569A (en) * 2019-02-18 2019-07-05 平安科技(深圳)有限公司 Network system access method, device, computer equipment and readable storage medium storing program for executing

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9600662B2 (en) * 2014-06-06 2017-03-21 T-Mobile Usa, Inc. User configurable profiles for security permissions
CN104517067B (en) * 2014-12-30 2017-12-15 华为技术有限公司 Access the method, apparatus and system of data
US10187391B2 (en) * 2016-05-06 2019-01-22 Sap Se Data access by external users
JP6737189B2 (en) * 2017-01-18 2020-08-05 トヨタ自動車株式会社 Fraud determination system and fraud determination method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120225678A1 (en) * 2011-03-03 2012-09-06 Industry-Academic Cooperation Foundation, Yonsei University Apparatus and method for constructing wireless ap map
CN102761528A (en) * 2011-04-28 2012-10-31 中兴通讯股份有限公司 System and method for data management
CN103457876A (en) * 2012-05-30 2013-12-18 方正宽带网络服务股份有限公司 Method and system for determining nearest access network resources
CN103354550A (en) * 2013-07-03 2013-10-16 杭州华三通信技术有限公司 Authorization control method and device based on terminal information
CN109981569A (en) * 2019-02-18 2019-07-05 平安科技(深圳)有限公司 Network system access method, device, computer equipment and readable storage medium storing program for executing

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116155859A (en) * 2023-02-15 2023-05-23 中国工商银行股份有限公司 Network access method, device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN109981569A (en) 2019-07-05
CN109981569B (en) 2022-01-11

Similar Documents

Publication Publication Date Title
WO2020168757A1 (en) Network system access method and apparatus, computer device, and readable storage medium
US11294983B2 (en) Inferred user identity in content distribution
US9432358B2 (en) System and method of authenticating user account login request messages
US20170364859A1 (en) Implicitly linking access policies using group names
US8505107B2 (en) Cloud server and access management method
JP6599906B2 (en) Login account prompt
US9544726B2 (en) Adding location names using private frequent location data
US8856865B1 (en) Prioritizing content classification categories
WO2021143497A1 (en) Infringement evidence storage method, apparatus, and device based on evidence storage blockchain
WO2018201887A1 (en) Data response method, apparatus, terminal device, and medium
US10834105B2 (en) Method and apparatus for identifying malicious website, and computer storage medium
WO2016045498A1 (en) Password protection question setting method and device
WO2023193687A1 (en) Shared memory access method and apparatus, device, and storage medium
US11531716B2 (en) Resource distribution based upon search signals
US20130167218A1 (en) Single logon system and method
US10110607B2 (en) Database access using a common web interface
US20150373027A1 (en) Managing access to a network
US20140297953A1 (en) Removable Storage Device Identity and Configuration Information
WO2015062266A1 (en) System and method of authenticating user account login request messages
WO2019242279A1 (en) Message processing method and device
WO2019227572A1 (en) Association topological graph-based collaborative office processing method and apparatus, device, and medium
US10951600B2 (en) Domain authentication
CN107958142B (en) User account generation method and device
CN116684282B (en) Method and device for initializing newly-added cloud server and computer equipment
TW201403362A (en) Managing large data sets through page based information tracking in multi-master environments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19915822

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19915822

Country of ref document: EP

Kind code of ref document: A1