WO2021227609A1 - 数据访问连接会话保护方法以及装置 - Google Patents

数据访问连接会话保护方法以及装置 Download PDF

Info

Publication number
WO2021227609A1
WO2021227609A1 PCT/CN2021/078984 CN2021078984W WO2021227609A1 WO 2021227609 A1 WO2021227609 A1 WO 2021227609A1 CN 2021078984 W CN2021078984 W CN 2021078984W WO 2021227609 A1 WO2021227609 A1 WO 2021227609A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection
session
context information
information
access
Prior art date
Application number
PCT/CN2021/078984
Other languages
English (en)
French (fr)
Inventor
周家晶
苗浩
周继恩
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2021227609A1 publication Critical patent/WO2021227609A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2471Distributed queries

Definitions

  • This application relates to the computer field, and in particular to the field of access connection session protection.
  • connection pool is responsible for allocating, managing and releasing connections, allowing applications to reuse an existing connection instead of re-establishing one, which can significantly improve the performance of database operations.
  • context information in the access connection session established between the client and the database middleware may be leaked or interfered during the database access process, thereby increasing the security risk of database access.
  • the embodiments of the present application provide a method and device for protecting an access connection session to solve the problems in related technologies.
  • the technical solutions are as follows:
  • a method for protecting an access connection session including:
  • the access connection session includes current context information
  • the first connection is used to send the conversation operation sentence and the current context information to the information protection module, so that the information protection module obtains new context information according to the conversation operation sentence and the current context information.
  • determining the first connection corresponding to the access connection session includes:
  • it further includes:
  • the new context information is synchronously written into the access connection session.
  • it further includes:
  • multiple session operation statements and/or multiple data operation statements are generated.
  • it further includes:
  • it further includes:
  • the second connection is used to send the data operation statement to the corresponding database node, so that the database node executes the data operation according to the data operation statement.
  • it further includes:
  • the information related to the data operation and the data operation statement in the current context information are sent to each database node, so that the database node executes the data operation according to the information related to the data operation and the data operation statement.
  • it further includes:
  • the feedback information obtained after performing the data operation is synchronously written into the current context information.
  • this embodiment provides an access connection session protection device, including:
  • the access connection session establishment module is used to establish an access connection session, and the access connection session includes current context information
  • the first connection determination module is configured to determine the first connection corresponding to the access connection session, and obtain the session operation statement;
  • the current context information processing module is configured to use the first connection to send the conversation operation sentence and current context information to the information protection module, so that the information protection module obtains new context information according to the conversation operation sentence and the current context information.
  • the first connection determination module includes:
  • connection establishment sub-module is used to establish a first connection with the information protection module and bind the first connection to the access connection session;
  • connection acquisition sub-module is used to acquire the first connection from the connection pool.
  • it further includes:
  • the new context information writing module is used to synchronously write the new context information into the access connection session.
  • it further includes:
  • the user operation statement parsing module is used to generate multiple session operation statements and/or multiple data operation statements according to the content of the user operation statement sent by the client.
  • it further includes:
  • the second connection establishment module is used to obtain a second connection from the connection pool or establish a second connection
  • it further includes:
  • the first sending module is configured to use the second connection to send the data operation sentence to the corresponding database node, so that the database node executes the data operation according to the data operation sentence.
  • it further includes:
  • the second sending module is configured to use the second connection to send data operation-related information and data operation statements in the current context information to each database node, so that the database node performs data operations according to the data operation-related information and data operation statements.
  • it further includes:
  • the feedback information writing module is used to synchronously write the feedback information obtained after the data operation is performed into the current context information.
  • an electronic device including:
  • At least one processor At least one processor
  • a memory communicatively connected with at least one processor; wherein,
  • the memory stores instructions that can be executed by at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute any one of the foregoing methods.
  • a non-transitory computer-readable storage medium storing computer instructions, and the computer instructions are used to make a computer execute any of the above-mentioned methods.
  • the first connection corresponding to the access connection session is used to send the session operation sentence and the current context information to the information protection module, so that the information protection module can use the session operation sentence according to the session operation sentence.
  • the new context information is obtained from the current context information. Due to the corresponding relationship between the access connection session and the first connection, the context information in different access connection sessions is independent of each other, effectively avoiding the leakage of context information during the transmission process.
  • the conversation The operation statement and current context information are sent to the information protection module for execution, which effectively avoids the leakage of context information caused by the session operation statement sent to the database node for execution, improves the security of context information transmission and processing, and improves the database access safety.
  • Fig. 1 is a schematic diagram of a method for protecting an access connection session according to an embodiment of the present application
  • Fig. 2 is a schematic diagram of a method for protecting an access connection session according to an embodiment of the present application
  • Fig. 3 is a schematic diagram of another method for protecting an access connection session according to an embodiment of the present application.
  • FIG. 4 is a schematic diagram of another method for protecting an access connection session according to an embodiment of the present application.
  • Fig. 5 is a schematic diagram of an access connection session protection device according to an embodiment of the present application.
  • Fig. 6 is a schematic diagram of another device for protecting an access connection session according to an embodiment of the present application.
  • FIG. 7 is a block diagram of an electronic device used to implement a method for protecting an access connection session according to an embodiment of the present application.
  • this embodiment provides a method for protecting an access connection session, which is applied to database middleware, and includes the following steps:
  • S110 Establish an access connection session, where the access connection session includes current context information
  • S130 Use the first connection to send the conversation operation sentence and the current context information to the information protection module, so that the information protection module obtains new context information according to the conversation operation sentence and the current context information.
  • the client sends user access information to the database middleware.
  • the user access information includes user identification information and user access instructions corresponding to the user identification information.
  • User identification information includes user name, IP (Internet Protocol) address and host name (host), etc.
  • the user access instruction is an instruction received by the transmission port of the client (for example, the host).
  • the database middleware After the database middleware receives the user's access information, it establishes an access connection session based on the user's access information.
  • the access connection session includes the connection between the client and the database middleware, and the context information for establishing the connection. If it is an access connection session established in the current time period, the current context information is included.
  • the first connection may be a physical connection such as a metadata connection, which serves as a data transmission channel for transmitting data from the database middleware to the information protection module.
  • the first connection may be a physical connection such as a metadata connection, which serves as a data transmission channel for transmitting data from the database middleware to the information protection module.
  • the first connection cannot be used by other access connection sessions, so that the context information in each access connection session is independent of each other. In the process, information leakage is effectively avoided and the security of information transmission is improved.
  • the client sends user operation statements to the database middleware.
  • the user operation statements are text information that can be expressed in the form of SQL (Structured Query Language).
  • SQL Structured Query Language
  • the user operation statement involves the maintenance and acquisition of the context information of the connection session, such as setting the character set, user-defined variables, and using the SET statement to modify the current context information, you can use this type of statement as Session operation statement, session operation statement is used to indicate an operation on the access connection session.
  • this type of statement can be used as a data operation statement.
  • the user operation statement may contain only the session operation statement, or only the data operation statement, or both the session operation statement and the data operation statement.
  • the database The middleware extracts the session operation statement from the user operation statement separately, and uses the independent first connection to send the session operation statement and current context information to the information protection module.
  • the information protection module obtains the new context based on the session operation statement and the current context information. information.
  • the information protection module can be set outside the database middleware, or in the database middleware, or in the connection pool in the database middleware, all of which can achieve the same function. All current conversational operation statements can be sent to the information protection module, common conversational operation statements can also be executed in the database middleware, and some complex conversational operation statements can be sent to the information protection module for execution.
  • the first connection corresponding to the access connection session is used to send the session operation sentence and current context information to the information protection module, so that the information protection module obtains new context information based on the session operation sentence and the current context information .
  • the context information in different access connection sessions is independent of each other, effectively avoiding the leakage of context information during the transmission process, and at the same time, the session operation statement and current context information are sent to the information
  • the execution of the protection module effectively avoids the leakage of context information caused by sending the session operation statement to the database node for execution, improves the security of context information transmission and processing, and further improves the security of database access.
  • step S120 determining the first connection corresponding to the access connection session includes:
  • Step S121 Establish a first connection with the information protection module, and bind the first connection with the access connection session; and/or
  • Step S122 Obtain a session operation statement.
  • each access connection session established in the database middleware will establish a first connection with the information protection module.
  • This connection is not used for data operations, but is only used for operations such as maintenance and acquisition of current context information. After being bound to the application session, it is not used by other sessions, ensuring that the current context information in each access connection session will not interfere with each other, and avoiding information leakage.
  • the access connection session may not be bound to the first connection, and the connection pool may be used for management. For example, obtain a first connection from the connection pool (or create a new first connection), then synchronize the current context information of the access connection session to the first connection, and forward the session operation statement to the first connection, the first connection After using it, put it back into the connection pool. Utilizing the first connection in the connection pool can make the first connection reusable, increase the speed of acquiring the first connection, and thereby increase the data transmission speed.
  • the method further includes:
  • Step S140 Synchronously write the new context information into the access connection session.
  • the new context information obtained in the information protection module is synchronized to the access connection session of the database middleware, so that the context information in the access connection session in the database middleware is related to the first connection and the information protection module. Contextual information is kept consistent in real time.
  • the database middleware saves the current context information and new context information of each access connection session, which can improve the speed at which the database middleware reads the context information.
  • the method further includes:
  • Step S150 Generate multiple session operation statements and/or multiple data operation statements according to the content of the user operation statement sent by the client.
  • a parsing module for user operation statements is added to parse user operation statements, and call the information protection module or database node to execute subsequent operations based on the analysis results (multiple session operation statements and/or multiple data operation statements) deal with.
  • the user operation statement is parsed and multiple session operation statements and multiple data operation statements are obtained, avoid directly sending the user operation statement to the database node to prevent information leakage.
  • the method further includes:
  • Step S161 Obtain a second connection from the connection pool or establish a second connection.
  • it further includes:
  • Step S162 Use the second connection to send the data operation sentence to the corresponding database node, so that the database node executes the data operation according to the data operation sentence.
  • the first connection is used to send the session operation statement to the information protection module for processing, the situation that different access connection sessions may use the same first connection is avoided, and context information is not leaked.
  • the data operation statement is sent to the database node involved in the data operation statement, so that the second connection can be shared on the basis of ensuring that the context information will not be leaked, A balance between performance and function is achieved, avoiding operations on the context information in the access connection session (for example, executing select last_insert_id()), which affects the execution of data operation statements.
  • the method further includes:
  • Step S163 Use the second connection to send information and data operation statements related to the data operation in the current context information to each database node, so that the database node performs data operations according to the information and data operation statements related to the data operation.
  • some context information included in the access connection session may have an impact on data operations.
  • the influential information includes character set information. Therefore, the information related to the data operation in the current context information is extracted, and the data operation statement is sent to each database node to perform the data operation, which effectively improves the accuracy of the data operation.
  • the method further includes:
  • Step S170 synchronously write the feedback information obtained after the data operation is performed into the current context information.
  • the data in the database is manipulated using information such as data manipulation statements, and the result obtained is used as feedback information.
  • the feedback information includes information about successful execution, information about execution failure, and information about where the modification occurred.
  • the feedback information is synchronized to the access connection session, the current context information is written, and the current context information is modified or updated, so that the next set of context information obtained during the next establishment of the access connection session is more accurate.
  • the distributed database includes a plurality of database nodes (Datanode), for example, a relational database management system (MySQL) node.
  • Datanode database nodes
  • MySQL relational database management system
  • a connection pool is set in the database middleware such as the coordinator (Coordinator).
  • the coordinator When the user needs to operate the data in the database node, the coordinator will use the connection pool mechanism.
  • an information protection module is added. This module is regarded as a special MySQL. When the user needs to operate the access connection session, it establishes a connection with the information protection module.
  • an access connection session is first established between the client and the coordinator, that is, the access connection session is maintained on the coordinator.
  • the coordinator first establishes a Metadata connection (first connection) with the information protection module, and the Metadata The connection is bound to the access connection session, or a Metadata connection is obtained from the connection pool (or a new connection is created).
  • the client sends an SQL statement to the coordinator. If the SQL statement involves the maintenance and acquisition of context information in the access connection session, (such as setting the character set, user-defined variables, etc.), the Metadata connection is used to forward the SQL statement and The current context information to the information protection module.
  • the information protection module obtains new context information according to the session operation sentence and the current context information, and synchronizes the new context information to the access connection session in the coordinator. If the SQL statement involves data operations, obtain a Metadata connection from the connection pool (or create a new Metadata connection), and synchronize the context information that affects the data operation behavior to the Metadata connection, and then the Metadata connection forwards the data that affects the data operation behavior. Context information and SQL statements are executed in the database node. Finally, the Metadata connection is put back into the connection pool, and the Metadata connection between the information protection module and the coordinator is closed.
  • the modified context information needs to be synchronously recorded on the access connection session of the coordinator, and the Metadata connection can be responsible for processing the access
  • the modification action of the connection session only assumes the role of calculation.
  • a device for protecting an access connection session including:
  • the access connection session establishment module 110 is used to establish an access connection session, and the access connection session includes current context information
  • the first connection determining module 120 is configured to determine the first connection corresponding to the access connection session, and obtain the session operation statement;
  • the current context information processing module 130 is configured to use the first connection to send the conversation operation sentence and current context information to the information protection module, so that the information protection module obtains new context information according to the conversation operation sentence and the current context information.
  • the first connection determination module 120 includes:
  • connection establishment sub-module 121 is configured to establish a first connection with the information protection module and bind the first connection to the access connection session;
  • connection acquisition sub-module 122 is configured to acquire the first connection from the connection pool.
  • the method further includes:
  • the new context information writing module 140 is used to synchronously write the new context information into the access connection session.
  • the method further includes:
  • the user operation sentence parsing module 150 is configured to generate multiple session operation statements and/or multiple data operation statements according to the content of the user operation statement sent by the client.
  • the method further includes:
  • the second connection establishment module 161 is configured to obtain a second connection from the connection pool or establish a second connection
  • the method further includes:
  • the first sending module 162 is configured to send the data operation sentence to the corresponding database node by using the second connection, so that the database node executes the data operation according to the data operation sentence.
  • the method further includes:
  • the second sending module 163 is configured to use the second connection to send information and data operation statements related to data operations in the current context information to each database node, so that the database nodes perform data operations according to the information and data operation statements related to data operations .
  • the method further includes:
  • the feedback information writing module 170 is used to synchronously write the feedback information obtained after performing the data operation into the current context information.
  • the present application also provides an electronic device and a readable storage medium.
  • FIG. 7 it is a block diagram of an electronic device for a method for protecting an access connection session according to an embodiment of the present application.
  • Electronic devices are intended to represent various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers.
  • Electronic devices can also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices.
  • the components shown herein, their connections and relationships, and their functions are merely examples, and are not intended to limit the implementation of the application described and/or required herein.
  • the electronic device includes: one or more processors 701, a memory 702, and interfaces for connecting various components, including a high-speed interface and a low-speed interface.
  • the various components are connected to each other using different buses, and can be installed on a common motherboard or installed in other ways as needed.
  • the processor may process instructions executed in the electronic device, including instructions stored in or on the memory to display graphical information of the GUI on an external input/output device (such as a display device coupled to an interface).
  • an external input/output device such as a display device coupled to an interface.
  • multiple processors and/or multiple buses can be used with multiple memories and multiple memories.
  • multiple electronic devices can be connected, and each device provides part of the necessary operations (for example, as a server array, a group of blade servers, or a multi-processor system).
  • a processor 701 is taken as an example.
  • the memory 702 is a non-transitory computer-readable storage medium provided by this application.
  • the memory stores instructions executable by at least one processor, so that the at least one processor executes an access connection session protection method provided in this application.
  • the non-transitory computer-readable storage medium of the present application stores computer instructions, and the computer instructions are used to make a computer execute the method for protecting an access connection session provided by the present application.
  • the memory 702 as a non-transitory computer-readable storage medium, can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as program instructions/modules corresponding to a method for protecting an access connection session in the embodiment of the present application (For example, the access connection session establishment module 110, the first connection determination module 120, and the current context information processing module 130 shown in FIG. 5).
  • the processor 701 executes various functional applications and data processing of the server by running non-transitory software programs, instructions, and modules stored in the memory 702, that is, implements an access connection session protection method in the foregoing method embodiment.
  • the memory 702 may include a program storage area and a data storage area.
  • the program storage area may store an operating system and an application program required by at least one function; Created data, etc.
  • the memory 702 may include a high-speed random access memory, and may also include a non-transitory memory, such as at least one magnetic disk storage device, a flash memory device, or other non-transitory solid-state storage devices.
  • the memory 702 may optionally include a memory remotely provided with respect to the processor 701, and these remote memories may be connected to an electronic device that accesses a connection session protection method through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.
  • An electronic device for accessing a connection session protection method may further include: an input device 703 and an output device 704.
  • the processor 701, the memory 702, the input device 703, and the output device 704 may be connected by a bus or in other ways. In FIG. 7, the connection by a bus is taken as an example.
  • the input device 703 can receive input digital or character information, and generate key signal input related to user settings and function control of an electronic device that accesses a connection session protection method, such as touch screen, keypad, mouse, track pad, touch pad , Pointing stick, one or more mouse buttons, trackball, joystick and other input devices.
  • the output device 704 may include a display device, an auxiliary lighting device (for example, LED), a tactile feedback device (for example, a vibration motor), and the like.
  • the display device may include, but is not limited to, a liquid crystal display (LCD), a light emitting diode (LED) display, and a plasma display. In some embodiments, the display device may be a touch screen.
  • Various implementations of the systems and techniques described herein can be implemented in digital electronic circuit systems, integrated circuit systems, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: being implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, the programmable processor It can be a dedicated or general-purpose programmable processor that can receive data and instructions from the storage system, at least one input device, and at least one output device, and transmit the data and instructions to the storage system, the at least one input device, and the at least one output device. An output device.
  • machine-readable medium and “computer-readable medium” refer to any computer program product, device, and/or device used to provide machine instructions and/or data to a programmable processor ( For example, magnetic disks, optical disks, memory, programmable logic devices (PLD)), including machine-readable media that receive machine instructions as machine-readable signals.
  • machine-readable signal refers to any signal used to provide machine instructions and/or data to a programmable processor.
  • the systems and techniques described here can be implemented on a computer that has: a display device for displaying information to the user (for example, a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) ); and a keyboard and a pointing device (for example, a mouse or a trackball) through which the user can provide input to the computer.
  • a display device for displaying information to the user
  • LCD liquid crystal display
  • keyboard and a pointing device for example, a mouse or a trackball
  • Other types of devices can also be used to provide interaction with the user; for example, the feedback provided to the user can be any form of sensory feedback (for example, visual feedback, auditory feedback, or tactile feedback); and can be in any form (including Acoustic input, voice input, or tactile input) to receive input from the user.
  • the systems and technologies described herein can be implemented in a computing system that includes back-end components (for example, as a data server), or a computing system that includes middleware components (for example, an application server), or a computing system that includes front-end components (for example, A user computer with a graphical user interface or a web browser, through which the user can interact with the implementation of the system and technology described herein), or includes such back-end components, middleware components, Or any combination of front-end components in a computing system.
  • the components of the system can be connected to each other through any form or medium of digital data communication (for example, a communication network). Examples of communication networks include: local area network (LAN), wide area network (WAN), and the Internet.
  • the computer system can include clients and servers.
  • the client and server are generally far away from each other and usually interact through a communication network.
  • the relationship between the client and the server is generated by computer programs that run on the corresponding computers and have a client-server relationship with each other.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Software Systems (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

一种访问连接会话保护方法,应用于数据库中间件,包括如下步骤:S110:建立访问连接会话,访问连接会话包括当前上下文信息;S120:确定访问连接会话对应的第一连接,并获取会话操作语句;S130:利用第一连接将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块根据会话操作语句和当前上下文信息得到新的上下文信息。避免了在传输过程中上下文信息的泄露以及会话操作语句发送至数据库节点中执行造成的上下文信息的泄露,提高了上下文信息传输和处理的安全性。此外,还公开了一种实现该方法的保护装置、电子设备及存储介质。

Description

数据访问连接会话保护方法以及装置 技术领域
本申请涉及计算机领域,尤其涉及访问连接会话保护领域。
背景技术
连接池负责分配、管理和释放连接,允许应用程序重复使用一个现有的连接,而不是再重新建立一个,能明显提高对数据库操作的性能。然而,客户端与数据库中间件之间建立的访问连接会话中的上下文信息在数据库访问过程中可能发生泄漏或干扰,进而增大了数据库访问的安全风险。
发明内容
本申请实施例提供一种访问连接会话保护方法以及装置,以解决相关技术存在的问题,技术方案如下:
第一方面,提供了一种访问连接会话保护方法,包括:
建立访问连接会话,访问连接会话包括当前上下文信息;
确定访问连接会话对应的第一连接,并获取会话操作语句;
利用第一连接将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块根据会话操作语句和当前上下文信息得到新的上下文信息。
在一种实施方式中,确定访问连接会话对应的第一连接,包括:
与信息保护模块建立第一连接,并将第一连接与访问连接会话绑定;和/或
从连接池中获取第一连接。
在一种实施方式中,还包括:
将新的上下文信息同步写入访问连接会话中。
在一种实施方式中,还包括:
根据客户端发送的用户操作语句的内容,生成多个会话操作语句和/或多 个数据操作语句。
在一种实施方式中,还包括:
从连接池中获取第二连接或建立一个第二连接。
在一种实施方式中,还包括:
利用第二连接将数据操作语句发送至对应的数据库节点,以使数据库节点根据数据操作语句执行数据操作。
在一种实施方式中,还包括:
利用第二连接,将当前上下文信息中数据操作相关的信息和数据操作语句发送至各数据库节点,以使数据库节点根据数据操作相关的信息和数据操作语句执行数据操作。
在一种实施方式中,还包括:
将执行数据操作后得到的反馈信息同步写入当前上下文信息中。
第二方面,本实施方式提供了一种访问连接会话保护装置,包括:
访问连接会话建立模块,用于建立访问连接会话,访问连接会话包括当前上下文信息;
第一连接确定模块,用于确定访问连接会话对应的第一连接,并获取会话操作语句;
当前上下文信息处理模块,用于利用第一连接将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块根据会话操作语句和当前上下文信息得到新的上下文信息。
在一种实施方式中,第一连接确定模块包括:
连接建立子模块,用于与信息保护模块建立第一连接,并将第一连接与访问连接会话绑定;和/或
连接获取子模块,用于从连接池中获取第一连接。
在一种实施方式中,还包括:
新的上下文信息写入模块,用于将新的上下文信息同步写入访问连接会话中。
在一种实施方式中,还包括:
用户操作语句解析模块,用于根据客户端发送的用户操作语句的内容, 生成多个会话操作语句和/或多个数据操作语句。
在一种实施方式中,还包括:
第二连接建立模块,用于从连接池中获取第二连接或建立一个第二连接;
在一种实施方式中,还包括:
第一发送模块,用于利用第二连接将数据操作语句发送至对应的数据库节点,以使数据库节点根据数据操作语句执行数据操作。
在一种实施方式中,还包括:
第二发送模块,用于利用第二连接,将当前上下文信息中数据操作相关的信息和数据操作语句发送至各数据库节点,以使数据库节点根据数据操作相关的信息和数据操作语句执行数据操作。
在一种实施方式中于,还包括:
反馈信息写入模块,用于将执行数据操作后得到的反馈信息同步写入当前上下文信息中。
第三方面,提供了一种电子设备,包括:
至少一个处理器;以及
与至少一个处理器通信连接的存储器;其中,
存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器能够执行上述任一项的方法。
第四方面,提供了一种存储有计算机指令的非瞬时计算机可读存储介质,计算机指令用于使计算机执行上述任一项的方法。
上述申请中的一个实施例具有如下优点或有益效果:利用与访问连接会话对应的第一连接,来将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块来根据会话操作语句和当前上下文信息得到新的上下文信息,由于访问连接会话与第一连接的对应关系使得不同的访问连接会话中的上下文信息相互独立,有效避免了在传输过程中上下文信息的泄露,同时,将会话操作语句和当前上下文信息发送至信息保护模块进行执行,有效避免了会话操作语句发送至数据库节点中执行造成的上下文信息的泄露,提高了上下文信息传输和处理的安全性,进而提高了数据库访问的安全性。
上述可选方式所具有的其他效果将在下文中结合具体实施例加以说明。
附图说明
附图用于更好地理解本方案,不构成对本申请的限定。其中:
图1是根据本申请一实施例的一种访问连接会话保护方法的示意图;
图2是根据本申请一实施例的一种访问连接会话保护方法的示意图;
图3是根据本申请一实施例的另一种访问连接会话保护方法的示意图;
图4是根据本申请一实施例的另一种访问连接会话保护方法的示意图;
图5是根据本申请一实施例的一种访问连接会话保护装置的示意图;
图6是根据本申请一实施例的另一种访问连接会话保护装置的示意图;
图7是用来实现本申请实施例的一种访问连接会话保护方法的电子设备的框图。
具体实施方式
以下结合附图对本申请的示范性实施例做出说明,其中包括本申请实施例的各种细节以助于理解,应当将它们认为仅仅是示范性的。因此,本领域普通技术人员应当认识到,可以对这里描述的实施例做出各种改变和修改,而不会背离本申请的范围和精神。同样,为了清楚和简明,以下的描述中省略了对公知功能和结构的描述。
如图1所示,如图1所示,本实施方式提供了一种访问连接会话保护方法,应用于数据库中间件,包括如下步骤:
S110:建立访问连接会话,访问连接会话包括当前上下文信息;
S120:确定访问连接会话对应的第一连接,并获取会话操作语句;
S130:利用第一连接将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块根据会话操作语句和当前上下文信息得到新的上下 文信息。
一种示例中,如图2所示,客户端将用户访问信息发送至数据库中间件。用户访问信息包括用户标识信息和与用户标识信息对应的用户访问指令。用户标识信息包括用户名、IP(网际互连协议,Internet Protocol)地址和主机名(host)等。用户访问指令是客户端(例如,主机)的传输端口接收的指令。数据库中间件接收用户访问信息后,根据用户访问信息建立访问连接会话。访问连接会话包括客户端与数据库中间件之间的连接,以及建立连接的上下文信息。如果是当前时间段建立的访问连接会话,则包含有当前上下文信息。
确定数据库中间件和信息保护模块之间的第一连接,第一连接可以是元数据(Metadata)连接等物理连接,作为数据传输通道,用于将数据从数据库中间件传输至信息保护模块。第一连接与访问连接会话一一对应关系,不同的访问连接会话对应不同的第一连接,第一连接不能被其它的访问连接会话使用,使得各个访问连接会话中的上下文信息相互独立,在传输过程中有效避免信息泄露,提高了信息传输的安全性。
客户端发送用户操作语句至数据库中间件,用户操作语句是可以用SQL(结构化查询语言,Structured Query Language)等形式来表示的文本信息。在用户操作语句涉及访问连接会话的上下文信息的维护和获取等操作的情况下,例如设置字符集、用户自定义变量以及使用SET语句修改当前上下文信息的操作等,则可以将此类型的语句作为会话操作语句,会话操作语句用于表示对访问连接会话进行操作。在用户操作语句涉及对数据库中数据进行操作的情况下,则可以将此类型的语句作为数据操作语句。用户操作语句中可能仅包含会话操作语句,或者仅包含数据操作语句,或者同时包含会话操作语句和数据操作语句。
为了避免了在用户操作语句同时包含会话操作语句和数据操作语句的情况下,直接将用户操作语句直接发送至各个数据库节点中执行,导致访问连接会话中的上下文信息泄露,本实施方式中,数据库中间件将用户操作语句中的会话操作语句单独提取出来,利用独立的第一连接将会话操作语句和当前上下文信息发送至信息保护模块,信息保护模块根据会话操作语句和当前上下文信息得到新的上下文信息。其中,信息保护模块可以设置在数据库中 间件之外,也可以设置在数据库中间件内,或数据库中间件内的连接池内,均实现相同的功能。当前所有的会话操作语句,都可以发送至信息保护模块,也可以将常用的会话操作语句在数据库中间件中执行,一些复杂的会话操作语句发送至信息保护模块中执行。
本实施方式中,利用与访问连接会话对应的第一连接,来将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块来根据会话操作语句和当前上下文信息得到新的上下文信息,由于访问连接会话与第一连接的对应关系使得不同的访问连接会话中的上下文信息相互独立,有效避免了在传输过程中上下文信息的泄露,同时,将会话操作语句和当前上下文信息发送至信息保护模块进行执行,有效避免了将会话操作语句发送至数据库节点中执行造成的上下文信息的泄露,提高了上下文信息传输和处理的安全性,进而提高了数据库访问的安全性。
在一种实施方式中,如图3所示,步骤S120中,确定访问连接会话对应的第一连接,包括:
步骤S121:与信息保护模块建立第一连接,并将第一连接与访问连接会话绑定;和/或
从连接池中获取第一连接。
步骤S122:获取会话操作语句。
一种示例中,数据库中间件中建立的每一个访问连接会话,都会和信息保护模块建立一条第一连接,该连接不用于数据操作,而仅用于当前上下文信息维护和获取等操作,该连接与应用会话绑定后,不被其他会话使用,保证各个访问连接会话中的当前上下文信息之间不会相互干扰,并且避免了信息泄露。
访问连接会话也可以不与第一连接绑定,可以使用连接池进行管理。例如,从连接池获取一个第一连接(或新建一个第一连接),然后将访问连接会话的当前上下文信息同步给该第一连接,并将会话操作语句转发给该第一连接,第一连接用过之后,将其放回连接池中。利用连接池中的第一连接可以使得第一连接可以重复利用,提高了第一连接获取的速度,进而提高了数据传输速度。
在一种实施方式中,如图3所示,还包括:
步骤S140:将新的上下文信息同步写入访问连接会话中。
一种示例中,将在信息保护模块中得到的新的上下文信息同步到数据库中间件的访问连接会话中,使得数据库中间件中访问连接会话中的上下文信息与第一连接以及信息保护模块中的上下文信息实时的保持一致。数据库中间件保存每个访问连接会话的当前上下文信息和新的上下文信息,可以提高数据库中间件读取上下文信息的速度。
在一种实施方式中,如图3所示,还包括:
步骤S150:根据客户端发送的用户操作语句的内容,生成多个会话操作语句和/或多个数据操作语句。
一种示例中,增加一个针对用户操作语句的解析模块,用于将用户操作语句解析,根据解析结果(多个会话操作语句和/或多个数据操作语句)调用信息保护模块或者数据库节点执行后续处理。对用户操作语句进行解析,得到多个会话操作语句和多个数据操作语句的情况下,避免直接将用户操作语句发送给数据库节点,防止信息泄露。
在一种实施方式中,如图3所示,还包括:
步骤S161:从连接池中获取第二连接或建立一个第二连接。
在一种实施方式中,还包括:
步骤S162:利用第二连接将数据操作语句发送至对应的数据库节点,以使数据库节点根据数据操作语句执行数据操作。
一种示例中,由于利用第一连接将会话操作语句发送至信息保护模块进行处理,从而避免了不同的访问连接会话可能使用同一个第一连接的情况,保证上下文信息不会泄露。进而,利用数据库中间件和各个数据库节点之间建立的第二连接,将数据操作语句发送至数据操作语句涉及的数据库节点,在保证上下文信息不会泄露的基础上,使得第二连接可以共享,在性能和功能上取得了平衡,避免了对访问连接会话中的上下文信息进行操作(例如,执行select last_insert_id()),而影响到数据操作语句的执行。
在一种实施方式中,如图3所示,还包括:
步骤S163:利用第二连接将当前上下文信息中数据操作相关的信息和数 据操作语句发送至各数据库节点,以使数据库节点根据数据操作相关的信息和数据操作语句执行数据操作。
一种示例中,访问连接会话中包含的一些上下文信息可能对数据操作有影响,例如,有影响的信息包括字符集信息。所以将当前上下文信息中数据操作相关的信息提取出来,和数据操作语句共同发送至各个数据库节点中进行执行数据操作,有效提高了数据操作的准确性。
在一种实施方式中,如图3所示,还包括:
步骤S170:将执行数据操作后得到的反馈信息同步写入当前上下文信息中。
一种示例中,利用数据操作语句等信息对数据库中的数据进行操作,得到得结果作为反馈信息。反馈信息包括执行成功的信息、执行失败的信息以及修改发生的位置等信息。将反馈信息同步给访问连接会话,写入当前上下文信息,对当前上下文信息进行了修改或更新,使得下一次建立访问连接会话的过程中,得到的下一组上下文信息更准确。
在一种具体实施方式中,如图4所示,分布式数据库包括多个数据库节点(Datanode),例如,关系型数据库管理系统(MySQL)节点。在数据库中间件如协调器(Coordinator)中设置有连接池,当用户需要对操作数据库节点中的数据进行操作时,协调器会使用连接池机制。同时,增加了一个信息保护模块,此模块看作是特殊的MySQL,当用户需要对访问连接会话进行操作时,与信息保护模块建立连接。
具体的,首先在客户端与协调器之间建立访问连接会话,即在协调器上维护访问连接会话,协调器先与信息保护模块建立Metadata(元数据)连接(第一连接),将该Metadata连接与访问连接会话绑定,或者,从连接池获取一个Metadata连接(或新建一个连接)。之后,客户端向协调器发送SQL语句,如果该SQL语句涉及对访问连接会话中的上下文信息的维护和获取,(如设置字符集、用户自定义变量等),则利用Metadata连接转发SQL语句和当前上下文信息至信息保护模块。信息保护模块根据所述会话操作语句和所述当前上下文信息得到新的上下文信息,将新的上下文信息同步至协调器中的访问连接会话。如果该SQL语句涉及数据操作,则从连接池中获取一个 Metadata连接(或新建一个Metadata连接),并将影响数据操作行为的上下文信息,同步到Metadata连接后,Metadata连接再转发影响数据操作行为的上下文信息和SQL语句至数据库节点中进行执行。最后将Metadata连接放回连接池中,关闭信息保护模块与协调器的Metadata连接。
由于数据节点的操作结果会影响上下文信息(例如MySQL执行的last_insert_id)所以当上下文信息发生了修改,需要将修改后的上下文信息同步记录在协调器的访问连接会话上,而Metadata连接可以负责处理访问连接会话的修改动作,只承担计算的角色。
在一种具体实施方式中,如图5所示,提供了一种访问连接会话保护装置,包括:
访问连接会话建立模块110,用于建立访问连接会话,访问连接会话包括当前上下文信息;
第一连接确定模块120,用于确定访问连接会话对应的第一连接,并获取会话操作语句;
当前上下文信息处理模块130,用于利用第一连接将会话操作语句和当前上下文信息发送至信息保护模块,以使信息保护模块根据会话操作语句和当前上下文信息得到新的上下文信息。
在一种实施方式中,如图6所示,第一连接确定模块120包括:
连接建立子模块121,用于与信息保护模块建立第一连接,并将第一连接与访问连接会话绑定;和/或
连接获取子模块122,用于从连接池中获取第一连接。
在一种实施方式中,如图6所示,还包括:
新的上下文信息写入模块140,用于将新的上下文信息同步写入访问连接会话中。
在一种实施方式中,如图6所示,还包括:
用户操作语句解析模块150,用于根据客户端发送的用户操作语句的内容,生成多个会话操作语句和/或多个数据操作语句。
在一种实施方式中,如图6所示,还包括:
第二连接建立模块161,用于从连接池中获取第二连接或建立一个第二 连接;
在一种实施方式中,如图6所示,还包括:
第一发送模块162,用于利用第二连接将数据操作语句发送至对应的数据库节点,以使数据库节点根据数据操作语句执行数据操作。
在一种实施方式中,如图6所示,还包括:
第二发送模块163,用于利用第二连接,将当前上下文信息中数据操作相关的信息和数据操作语句发送至各数据库节点,以使数据库节点根据数据操作相关的信息和数据操作语句执行数据操作。
在一种实施方式中于,如图6所示,还包括:
反馈信息写入模块170,用于将执行数据操作后得到的反馈信息同步写入当前上下文信息中。
请实施例各装置中的各模块的功能可以参见上述方法中的对应描述,在此不再赘述。
根据本申请的实施例,本申请还提供了一种电子设备和一种可读存储介质。
如图7所示,是根据本申请实施例的一种访问连接会话保护方法的电子设备的框图。电子设备旨在表示各种形式的数字计算机,诸如,膝上型计算机、台式计算机、工作台、个人数字助理、服务器、刀片式服务器、大型计算机、和其它适合的计算机。电子设备还可以表示各种形式的移动装置,诸如,个人数字处理、蜂窝电话、智能电话、可穿戴设备和其它类似的计算装置。本文所示的部件、它们的连接和关系、以及它们的功能仅仅作为示例,并且不意在限制本文中描述的和/或者要求的本申请的实现。
如图7所示,该电子设备包括:一个或多个处理器701、存储器702,以及用于连接各部件的接口,包括高速接口和低速接口。各个部件利用不同的总线互相连接,并且可以被安装在公共主板上或者根据需要以其它方式安装。处理器可以对在电子设备内执行的指令进行处理,包括存储在存储器中或者存储器上以在外部输入/输出装置(诸如,耦合至接口的显示设备)上显示GUI的图形信息的指令。在其它实施方式中,若需要,可以将多个处理器和/或多条总线与多个存储器和多个存储器一起使用。同样,可 以连接多个电子设备,各个设备提供部分必要的操作(例如,作为服务器阵列、一组刀片式服务器、或者多处理器系统)。图7中以一个处理器701为例。
存储器702即为本申请所提供的非瞬时计算机可读存储介质。其中,所述存储器存储有可由至少一个处理器执行的指令,以使所述至少一个处理器执行本申请所提供的一种访问连接会话保护方法。本申请的非瞬时计算机可读存储介质存储计算机指令,该计算机指令用于使计算机执行本申请所提供的一种访问连接会话保护方法。
存储器702作为一种非瞬时计算机可读存储介质,可用于存储非瞬时软件程序、非瞬时计算机可执行程序以及模块,如本申请实施例中的一种访问连接会话保护方法对应的程序指令/模块(例如,附图5所示的访问连接会话建立模块110、第一连接确定模块120、当前上下文信息处理模块130)。处理器701通过运行存储在存储器702中的非瞬时软件程序、指令以及模块,从而执行服务器的各种功能应用以及数据处理,即实现上述方法实施例中的一种访问连接会话保护方法。
存储器702可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据一种访问连接会话保护方法的电子设备的使用所创建的数据等。此外,存储器702可以包括高速随机存取存储器,还可以包括非瞬时存储器,例如至少一个磁盘存储器件、闪存器件、或其他非瞬时固态存储器件。在一些实施例中,存储器702可选包括相对于处理器701远程设置的存储器,这些远程存储器可以通过网络连接至一种访问连接会话保护方法的电子设备。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。
一种访问连接会话保护方法的电子设备还可以包括:输入装置703和输出装置704。处理器701、存储器702、输入装置703和输出装置704可以通过总线或者其他方式连接,图7中以通过总线连接为例。
输入装置703可接收输入的数字或字符信息,以及产生与一种访问连接会话保护方法的电子设备的用户设置以及功能控制有关的键信号输入, 例如触摸屏、小键盘、鼠标、轨迹板、触摸板、指示杆、一个或者多个鼠标按钮、轨迹球、操纵杆等输入装置。输出装置704可以包括显示设备、辅助照明装置(例如,LED)和触觉反馈装置(例如,振动电机)等。该显示设备可以包括但不限于,液晶显示器(LCD)、发光二极管(LED)显示器和等离子体显示器。在一些实施方式中,显示设备可以是触摸屏。
此处描述的系统和技术的各种实施方式可以在数字电子电路系统、集成电路系统、专用ASIC(专用集成电路)、计算机硬件、固件、软件、和/或它们的组合中实现。这些各种实施方式可以包括:实施在一个或者多个计算机程序中,该一个或者多个计算机程序可在包括至少一个可编程处理器的可编程系统上执行和/或解释,该可编程处理器可以是专用或者通用可编程处理器,可以从存储系统、至少一个输入装置、和至少一个输出装置接收数据和指令,并且将数据和指令传输至该存储系统、该至少一个输入装置、和该至少一个输出装置。
这些计算程序(也称作程序、软件、软件应用、或者代码)包括可编程处理器的机器指令,并且可以利用高级过程和/或面向对象的编程语言、和/或汇编/机器语言来实施这些计算程序。如本文使用的,术语“机器可读介质”和“计算机可读介质”指的是用于将机器指令和/或数据提供给可编程处理器的任何计算机程序产品、设备、和/或装置(例如,磁盘、光盘、存储器、可编程逻辑装置(PLD)),包括,接收作为机器可读信号的机器指令的机器可读介质。术语“机器可读信号”指的是用于将机器指令和/或数据提供给可编程处理器的任何信号。
为了提供与用户的交互,可以在计算机上实施此处描述的系统和技术,该计算机具有:用于向用户显示信息的显示装置(例如,CRT(阴极射线管)或者LCD(液晶显示器)监视器);以及键盘和指向装置(例如,鼠标或者轨迹球),用户可以通过该键盘和该指向装置来将输入提供给计算机。其它种类的装置还可以用于提供与用户的交互;例如,提供给用户的反馈可以是任何形式的传感反馈(例如,视觉反馈、听觉反馈、或者触觉反馈);并且可以用任何形式(包括声输入、语音输入或者、触觉输入)来接收来自用户的输入。
可以将此处描述的系统和技术实施在包括后台部件的计算系统(例如,作为数据服务器)、或者包括中间件部件的计算系统(例如,应用服务器)、或者包括前端部件的计算系统(例如,具有图形用户界面或者网络浏览器的用户计算机,用户可以通过该图形用户界面或者该网络浏览器来与此处描述的系统和技术的实施方式交互)、或者包括这种后台部件、中间件部件、或者前端部件的任何组合的计算系统中。可以通过任何形式或者介质的数字数据通信(例如,通信网络)来将系统的部件相互连接。通信网络的示例包括:局域网(LAN)、广域网(WAN)和互联网。
计算机系统可以包括客户端和服务器。客户端和服务器一般远离彼此并且通常通过通信网络进行交互。通过在相应的计算机上运行并且彼此具有客户端-服务器关系的计算机程序来产生客户端和服务器的关系。
应该理解,可以使用上面所示的各种形式的流程,重新排序、增加或删除步骤。例如,本申请中记载的各步骤可以并行地执行也可以顺序地执行也可以不同的次序执行,只要能够实现本申请公开的技术方案所期望的结果,本文在此不进行限制。
上述具体实施方式,并不构成对本申请保护范围的限制。本领域技术人员应该明白的是,根据设计要求和其他因素,可以进行各种修改、组合、子组合和替代。任何在本申请的精神和原则之内所作的修改、等同替换和改进等,均应包含在本申请保护范围之内。

Claims (18)

  1. 一种访问连接会话保护方法,其特征在于,包括:
    建立访问连接会话,所述访问连接会话包括当前上下文信息;
    确定所述访问连接会话对应的第一连接,并获取会话操作语句;
    利用所述第一连接将所述会话操作语句和所述当前上下文信息发送至所述信息保护模块,以使所述信息保护模块根据所述会话操作语句和所述当前上下文信息得到新的上下文信息。
  2. 根据权利要求1所述的方法,其特征在于,确定所述访问连接会话对应的第一连接,包括:
    与所述信息保护模块建立所述第一连接,并将所述第一连接与所述访问连接会话绑定;和/或
    从连接池中获取所述第一连接。
  3. 根据权利要求1所述的方法,其特征在于,还包括:
    将所述新的上下文信息同步写入所述访问连接会话中。
  4. 根据权利要求1所述的方法,其特征在于,还包括:
    根据客户端发送的用户操作语句的内容,生成多个所述会话操作语句和/或多个数据操作语句。
  5. 根据权利要求4所述的方法,其特征在于,还包括:
    从连接池中获取第二连接或建立一个第二连接。
  6. 根据权利要求5所述的方法,其特征在于,还包括:
    利用所述第二连接将所述数据操作语句发送至对应的数据库节点,以使所述数据库节点根据所述数据操作语句执行数据操作。
  7. 根据权利要求5所述的方法,其特征在于,还包括:
    利用所述第二连接,将所述当前上下文信息中数据操作相关的信息和所述数据操作语句发送至各所述数据库节点,以使所述数据库节点根据所述数据操作相关的信息和所述数据操作语句执行数据操作。
  8. 根据权利要求6或7所述的方法,其特征在于,还包括:
    将执行数据操作后得到的反馈信息同步写入所述当前上下文信息中。
  9. 一种访问连接会话保护装置,其特征在于,包括:
    访问连接会话建立模块,用于建立访问连接会话,所述访问连接会话包括当前上下文信息;
    第一连接确定模块,用于确定所述访问连接会话对应的第一连接,并获取会话操作语句;
    当前上下文信息处理模块,用于利用所述第一连接将所述会话操作语句和所述当前上下文信息发送至所述信息保护模块,以使所述信息保护模块根据所述会话操作语句和所述当前上下文信息得到新的上下文信息。
  10. 根据权利要求9所述的装置,其特征在于,所述第一连接确定模块包括:
    连接建立子模块,用于与所述信息保护模块建立所述第一连接,并将所述第一连接与所述访问连接会话绑定;和/或
    连接获取子模块,用于从连接池中获取所述第一连接。
  11. 根据权利要求9所述的装置,其特征在于,还包括:
    新的上下文信息写入模块,用于将所述新的上下文信息同步写入所述访问连接会话中。
  12. 根据权利要求9所述的装置,其特征在于,还包括:
    用户操作语句解析模块,用于根据客户端发送的用户操作语句的内容,生成多个所述会话操作语句和/或多个数据操作语句。
  13. 根据权利要求12所述的装置,其特征在于,还包括:
    第二连接建立模块,用于从连接池中获取第二连接或建立一个第二连接。
  14. 根据权利要求13所述的装置,其特征在于,还包括:
    第一发送模块,用于利用所述第二连接将所述数据操作语句发送至对应的数据库节点,以使所述数据库节点根据所述数据操作语句执行数据操作。
  15. 根据权利要求13所述的装置,其特征在于,还包括:
    第二发送模块,用于利用所述第二连接,将所述当前上下文信息中数据操作相关的信息和所述数据操作语句发送至各所述数据库节点,以使所述数据库节点根据所述数据操作相关的信息和所述数据操作语句执行数据操作。
  16. 根据权利要求14或15所述的装置,其特征在于,还包括:
    反馈信息写入模块,用于将执行数据操作后得到的反馈信息同步写入所述当前上下文信息中。
  17. 一种电子设备,其特征在于,包括:
    至少一个处理器;以及
    与所述至少一个处理器通信连接的存储器;其中,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行权利要求1-8中任一项所述的方法。
  18. 一种存储有计算机指令的非瞬时计算机可读存储介质,其特征在于,所述计算机指令用于使所述计算机执行权利要求1-8中任一项所述的方法。
PCT/CN2021/078984 2020-05-15 2021-03-04 数据访问连接会话保护方法以及装置 WO2021227609A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010413239.7A CN111639116B (zh) 2020-05-15 2020-05-15 数据访问连接会话保护方法以及装置
CN202010413239.7 2020-05-15

Publications (1)

Publication Number Publication Date
WO2021227609A1 true WO2021227609A1 (zh) 2021-11-18

Family

ID=72328945

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/078984 WO2021227609A1 (zh) 2020-05-15 2021-03-04 数据访问连接会话保护方法以及装置

Country Status (2)

Country Link
CN (1) CN111639116B (zh)
WO (1) WO2021227609A1 (zh)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111639116B (zh) * 2020-05-15 2023-06-09 中国银联股份有限公司 数据访问连接会话保护方法以及装置
CN113568964B (zh) * 2021-07-29 2024-09-27 浪潮通用软件有限公司 一种在连接池中使用会话临时表的方法、设备及介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070208686A1 (en) * 2006-02-03 2007-09-06 Infosys Technologies Ltd. Context-aware middleware platform for client devices
US20150379293A1 (en) * 2014-06-25 2015-12-31 Oracle International Corporation Integrating a user's security context in a database for access control
CN106549997A (zh) * 2015-09-22 2017-03-29 阿里巴巴集团控股有限公司 用户上下文信息的获取方法和装置
CN107844711A (zh) * 2017-10-16 2018-03-27 平安科技(深圳)有限公司 数据操作权限隔离方法、应用服务器及计算机可读存储介质
CN111639116A (zh) * 2020-05-15 2020-09-08 中国银联股份有限公司 数据访问连接会话保护方法以及装置

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8220042B2 (en) * 2005-09-12 2012-07-10 Microsoft Corporation Creating secure interactive connections with remote resources
US8549038B2 (en) * 2009-06-15 2013-10-01 Oracle International Corporation Pluggable session context
CN106789617B (zh) * 2016-12-22 2020-03-06 东软集团股份有限公司 一种报文转发方法及装置
EP3657894B1 (en) * 2017-07-20 2022-09-07 Huawei International Pte. Ltd. Network security management method and apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070208686A1 (en) * 2006-02-03 2007-09-06 Infosys Technologies Ltd. Context-aware middleware platform for client devices
US20150379293A1 (en) * 2014-06-25 2015-12-31 Oracle International Corporation Integrating a user's security context in a database for access control
CN106549997A (zh) * 2015-09-22 2017-03-29 阿里巴巴集团控股有限公司 用户上下文信息的获取方法和装置
CN107844711A (zh) * 2017-10-16 2018-03-27 平安科技(深圳)有限公司 数据操作权限隔离方法、应用服务器及计算机可读存储介质
CN111639116A (zh) * 2020-05-15 2020-09-08 中国银联股份有限公司 数据访问连接会话保护方法以及装置

Also Published As

Publication number Publication date
CN111639116B (zh) 2023-06-09
CN111639116A (zh) 2020-09-08

Similar Documents

Publication Publication Date Title
CN111327720B (zh) 一种网络地址转换方法、装置、网关设备及存储介质
US11928432B2 (en) Multi-modal pre-training model acquisition method, electronic device and storage medium
CN111625224B (zh) 代码生成方法、装置、设备及存储介质
US11704498B2 (en) Method and apparatus for training models in machine translation, electronic device and storage medium
US20210209417A1 (en) Method and apparatus for generating shared encoder
WO2021227609A1 (zh) 数据访问连接会话保护方法以及装置
US11222016B2 (en) Dynamic combination of processes for sub-queries
WO2021208625A1 (zh) 数据库访问方法以及装置
JP7397928B2 (ja) 分散データベースのグローバルセカンダリインデックス方法及びその装置
EP3905071A1 (en) Comments-ordering method, apparatus, device and computer storage medium
US20210294911A1 (en) Method for providing applet service capability, electronic device, and storage medium
KR102569210B1 (ko) 애플릿용 데이터 처리 방법, 장치, 기기 및 매체
US20210216212A1 (en) Method and apparatus for processing data
WO2023093016A1 (zh) 云端代码开发系统、方法、装置、设备及存储介质
CN110545324B (zh) 数据处理方法、装置、系统、网络设备和存储介质
US11783565B2 (en) Image processing method, electronic device and readable storage medium for maintaining a face image buffer queue
WO2023103432A1 (zh) 代码文件编辑方法、装置、电子设备以及存储介质
US20220400018A1 (en) Method and apparatus for starting up blockchain system, and non-transitory computer-readable storage medium
WO2021174791A1 (zh) 任务迁移方法、装置、电子设备及存储介质
US9626444B2 (en) Continuously blocking query result data for a remote query
US20210216598A1 (en) Method and apparatus for mining tag, device, and storage medium
US20230132173A1 (en) Data reading method, device and storage medium
US9065814B2 (en) Translation between telephone device and network client
CN115080589A (zh) 数据库操作方法、装置和系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21804487

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21804487

Country of ref document: EP

Kind code of ref document: A1