CN111931232B - Method and system for verifying safety of background data interface - Google Patents
Method and system for verifying safety of background data interface Download PDFInfo
- Publication number
- CN111931232B CN111931232B CN202010802652.2A CN202010802652A CN111931232B CN 111931232 B CN111931232 B CN 111931232B CN 202010802652 A CN202010802652 A CN 202010802652A CN 111931232 B CN111931232 B CN 111931232B
- Authority
- CN
- China
- Prior art keywords
- address
- background
- page
- data interface
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for verifying the safety of a background data interface, which comprises the following steps: s1, providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl; s2, after the page requests to enter an access entry, a background checks the authority, judges whether the user logs in, judges whether the user has the authority of the current access address, if not, the operation is not performed to finish the process, if so, the process enters the step S3; s3, organizing and generating an address authority verification parameter according to the background address parameter targetUrl, and jumping to an actual service background page address with the address authority verification parameter; s4, checking whether the address authority checking parameters are legal after entering an actual service background page, thereby realizing the safety verification of the page address; the invention improves the efficiency of the safety verification of the background data interface.
Description
Technical Field
The invention relates to the technical field of webpage security, in particular to a method and a system for verifying the security of a background data interface.
Background
A normally running company has a background management system of the company, and a framework comprises two functions of user management and authority management. If a new service needs to be accessed to the existing background management system and if the new service background is developed by using different languages, the inheritance of the authority of each page is very troublesome; i.e. the development efficiency is low. The patent provides a conversion mode, access authority of an original background system is realized through a unified entry, then the conversion mode is converted into a new background self-owned authority verification method, and finally, a specific service background page is skipped.
Disclosure of Invention
In order to overcome the above problems, an object of the present invention is to provide a method for verifying the security of a background data interface, which is compatible with backgrounds of different development languages and can provide security guarantee for a page address and a data interface address.
The invention is realized by adopting the following scheme: a method of background data interface security verification, the method comprising the steps of:
s1, providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl;
s2, after the page requests to enter an access entry, a background checks the authority, judges whether the user logs in, judges whether the user has the authority of the current access address, if not, the operation is not performed to finish the process, if so, the process enters the step S3;
s3, organizing and generating an address authority verification parameter according to the background address parameter targetUrl, and jumping to an actual service background page address with the address authority verification parameter;
and S4, checking whether the address authority checking parameters are legal after entering the actual service background page, thereby realizing the safety verification of the webpage address.
Further, the step S3 further includes: step S3.1: obtaining an actual service background address Url according to a background address parameter targetUrl, and generating a DES encryption Key DesEnKey which = MD5 (Url + MD5 Key);
step S3.2: acquiring current time, converting the current time into a character string to obtain timeStr = yyyyMMddHHmmss;
step S3.3: DES encryption is carried out according to the timeStr and the DesEnKey to obtain authority signature parameters powerSign, wherein powerSign = DES (timeStr, desEnKey);
step S3.4: and after the powerSign is obtained, the jump link of the specific service page is organized, and the jump is carried out to the service background page corresponding to the link.
Further, the step S4 is further specifically: step S4.1: after entering an actual service background page, carrying out validity check on powerSign;
step S4.2: acquiring an address Url2 entering an actual service background page, and generating DesEnKey2= MD5 (Url 2+ MD5 Key) in an encryption mode;
step S4.3: calling a DES decryption method to obtain timeStre 2= UnDES (powerSign, desEnKey 2); converting the timeStr2 into a normal time object, judging whether the time exceeds a preset time, and if so, judging the time to be illegal; if not, the safety of the web page address is normal.
Further, after the step S4, the method further includes: and S5, when the asynchronous data reading interface is arranged on the service page, the data interface on the service page acquires the previous webpage address after receiving the request, and checks whether the previous webpage address is legal or not so as to judge whether the data interface is legal or not.
Further, the step S5 is further specifically: when an asynchronous data reading interface is arranged on a service page, after the data interface on the service page receives a request, acquiring a previous page address Url3 through a request. UrlReferrer, wherein the Url3 is the jump link, and generating DesEnKey3= MD5 (Url 3+ MD5 Key) in an encryption mode; calling a DES decryption method to obtain timeStre 3= UnDES (powerSign, desEnKey 3); the timestamp str3 is converted into a normal time object, the time object is considered to be correct as long as the time object can be correctly converted into a time format, whether the time is expired or not is not verified, the time format is correct, namely a data interface is legal, and the time format is incorrect, namely the data interface is illegal.
The invention also provides a system for verifying the safety of the background data interface, which comprises the following steps: the system comprises an access entrance setting module, an access authority verification module, an address authority verification parameter production module and a judgment module;
the access entry setting module is used for providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl;
the access authority verification module is used for verifying authority by a background after a page requests to enter an access entrance, judging whether a user logs in or not, judging whether the user has the authority of a current access address or not, if the user does not have the authority, not performing an operation ending process, and if the user has the authority, entering the address authority verification parameter production module;
the address authority verification parameter production module is used for organizing and generating address authority verification parameters according to the background address parameter targetUrl, and skipping to the actual service background page address with the address authority verification parameters;
and the judging module is used for verifying whether the address permission verification parameter is legal or not after entering the actual service background page, thereby realizing the verification of the safety of the webpage address.
Further, the implementation manner of the address right verification parameter production module is further specifically: obtaining an actual service background address Url according to a background address parameter targetUrl, and generating a DES encryption Key DesEnKey, wherein DesEnKey = MD5 (Url + MD5 Key);
obtaining current time, converting the current time into a character string to obtain the time str = yyyyMMddHHmmss;
DES encryption is carried out according to the timeStr and the DesEnKey to obtain authority signature parameters powerSign, wherein powerSign = DES (timeStr, desEnKey);
and after the powerSign is obtained, the jump link of the specific service page is organized, and the jump is carried out to the service background page corresponding to the link.
Further, the implementation manner of the determining module is further specifically: after entering an actual service background page, carrying out validity check on powerSign;
acquiring an address Url2 entering an actual service background page, and generating DesEnKey2= MD5 (Url 2+ MD5 Key) in an encryption mode;
calling a DES decryption method to obtain timeStre 2= UnDES (powerSign, desEnKey 2); converting the timeStr2 into a normal time object, judging whether the time exceeds a preset time, and if so, judging the time to be illegal; if not, the safety of the web page address is normal.
Further, the system further comprises a data interface legality checking module, wherein the data interface legality checking module is used for acquiring a previous webpage address after a data interface on a service page receives a request when the asynchronous data reading interface is arranged on the service page, and checking whether the previous webpage address is legal or not so as to judge whether the data interface is legal or not.
Further, the implementation manner of the data interface validity checking module is further specifically that: when an asynchronous data reading interface is arranged on a service page, after the data interface on the service page receives a request, acquiring a previous page address Url3 through a request. UrlReferrer, wherein the Url3 is the jump link, and generating DesEnKey3= MD5 (Url 3+ MD5 Key) in an encryption mode; calling a DES decryption method to obtain timeStre 3= UnDES (powerSign, desEnKey 3); the timeStr3 is converted into a normal time object, the time object is regarded as correct as long as the time object can be correctly converted into a time format, whether the time is expired or not is not verified, the time format is correct, namely, a data interface is legal, and the time format is incorrect, namely, the data interface is illegal.
The invention has the beneficial effects that: the invention realizes the access authority of the original background system through the unified entry, then converts the access authority into the self-owned authority verification mode of the new background, and finally jumps to the specific service background page. The method of the patent is not only small in invasiveness and allows different development languages to be used compatibly, but also can provide safety guarantee for the page address and the data interface address.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a schematic block diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, a method for verifying security of a background data interface according to the present invention includes the following steps:
s1, providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl;
s2, after the page requests to enter an access entry, a background checks the authority, judges whether the user logs in, judges whether the user has the authority of the current access address, if not, the operation is not performed to finish the process, if so, the process enters the step S3;
s3, organizing according to the background address parameter targetUrl to generate an address authority verification parameter, and jumping to an actual service background page address with the address authority verification parameter;
and S4, after entering the actual service background page, verifying whether the address authority verification parameter is legal or not, thereby realizing the verification of the safety of the webpage address.
And S5, when the asynchronous data reading interface is arranged on the service page, the data interface on the service page acquires the previous webpage address after receiving the request, and checks whether the previous webpage address is legal or not so as to judge whether the data interface is legal or not.
The invention is further illustrated below with reference to a specific embodiment:
step 1: providing a uniform access entry, such as a commodity management background, wherein a page address is/goods/list, and finally providing a parameter address configured by an administrator as follows: com/transformarmatgurl =/goods/list. Where the targetUrl parameter is the actual service address.
Step 2: after entering the access entry transform, firstly, the authority is checked according to the original background system, whether the user logs in or not is judged, and whether the user has the authority of the current access address or not is judged, which are functions which must be provided by the original background system.
And step 3: after the original authority of the frame is judged, next, the own authority parameters of the background are reorganized, and a fixed MD5Key = leafmanage! @ #, the following rights parameter organization will work.
Step 3.1: obtaining the actual service Url address/goods/list according to the targetUrl parameter, and generating a DES encryption Key firstly, wherein DesEnKey = MD5 (Url + MD5 Key);
step 3.2: the current time is taken, converted to a string (yyyyMMddHHmmss), e.g. now 2020-7-2512.
Step 3.3: and performing DES encryption according to the obtained timeStr and DesEnKey to obtain an authority signature parameter powerSign = DES (timeStr, desEnKey).
Step 3.4: and after the powerSign is obtained, the jump link management, leaf, com/goods/listpowerSign = [ powerSign ] of the specific service page is organized to jump to the address.
And 4, step 4: after entering/goods/list, carrying out validity check on the powerSign;
step 4.1: acquiring an address Url2 entering an actual service background page, and generating DesEnKey2= MD5 (Url 2+ MD5 Key) in an encryption mode;
and 4.2: calling a DES decryption method to obtain timeStr2= UnDES (powerSign, desEnKey 2); and converting the timeStr2 into a normal time object, judging whether the time exceeds 5 minutes, and if the time exceeds the minutes, judging that the time is illegal.
And 5: if there is an asynchronous data reading interface on the service page, then the page jumps to the next page, for example, there is a commodity data interface/goods/ajaxDatapage =1, and after the interface receives the request, the interface acquires the previous web page address through request. powerSign = [ powerSign ], acquiring a last page address Url3 through request, wherein Url3 is the jump link, and generating DesEnKey3= MD5 (Url 3+ MD5 Key) in an encryption mode; calling a DES decryption method to obtain timeStre 3= UnDES (powerSign, desEnKey 3); timesstr 3 translates to a normal time object, which is considered correct as long as it translates correctly to the time format, and does not verify that the time has expired because the user may stay on the page to refresh the data. The time format is correct, namely the data interface is legal, and the time format is incorrect, namely the data interface is illegal. The page address needs to be compared with the timeStr, and the interface address does not need to be compared with the timeStr, because after a page is opened, a page may stay for a long time, and an interface on the page may fail if the timeStr is checked.
Referring to fig. 2, the present invention further provides a system for verifying security of a background data interface, where the system includes: the system comprises an access entrance setting module, an access authority verification module, an address authority verification parameter production module and a judgment module;
the access entry setting module is used for providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl;
the access authority verification module is used for verifying the authority in the background after the page requests to enter the access entrance, judging whether the user logs in, judging whether the user has the authority of the current access address, if not, not performing the operation to finish the process, and if so, entering the address authority verification parameter production module;
the address authority verification parameter production module is used for organizing and generating address authority verification parameters according to the background address parameter targetUrl, and skipping to the actual service background page address with the address authority verification parameters;
the judging module is used for verifying whether the address authority verification parameter is legal after the actual business background page is entered, so that the safety verification of the webpage address is realized.
The implementation manner of the address authority verification parameter production module is further specifically as follows: obtaining an actual service background address Url according to a background address parameter targetUrl, and generating a DES encryption Key DesEnKey, wherein DesEnKey = MD5 (Url + MD5 Key);
obtaining current time, converting the current time into a character string to obtain the time str = yyyyMMddHHmmss;
DES encryption is carried out according to the timeStr and the DesEnKey to obtain authority signature parameters powerSign, wherein powerSign = DES (timeStr, desEnKey);
and after the powerSign is obtained, the jump link of the specific service page is organized, and the jump is carried out to the service background page corresponding to the link.
The implementation manner of the judgment module is further specifically that: after entering an actual service background page, carrying out validity check on powerSign;
acquiring an address Url2 entering an actual service background page, and generating DesEnKey2= MD5 (Url 2+ MD5 Key) in an encryption mode;
calling a DES decryption method to obtain timeStre 2= UnDES (powerSign, desEnKey 2); converting the timeStr2 into a normal time object, judging whether the time exceeds a preset time, and if so, judging the time to be illegal; if not, the safety of the web page address is normal.
In addition, the system also comprises a data interface legality checking module, wherein the data interface legality checking module is used for acquiring the last webpage address after the data interface on the service page receives the request when the asynchronous data reading interface is arranged on the service page, and checking whether the last webpage address is legal or not so as to judge whether the data interface is legal or not. The implementation manner of the data interface legal verification module is further specifically as follows: when an asynchronous data reading interface is arranged on a service page, after the data interface on the service page receives a request, acquiring an address Url3 of a previous page through a request. UrlReferrer, wherein the Url3 is the jump link, and generating DesEnKey3= MD5 (Url 3+ MD5 Key) in an encryption mode; calling a DES decryption method to obtain timeStre 3= UnDES (powerSign, desEnKey 3); the timeStr3 is converted into a normal time object, the time object is regarded as correct as long as the time object can be correctly converted into a time format, whether the time is expired or not is not verified, the time format is correct, namely, a data interface is legal, and the time format is incorrect, namely, the data interface is illegal.
In a word, the invention provides a uniform address for access, the address parameter is attached with an actual service background address, and the authority judgment based on the original background system is realized at the uniform access; generating an address authority verification parameter of the cost system, and jumping to an actual service background page address with the parameter; after entering a background page of the actual service, checking whether the authority parameter is legal; after the data interface on the page receives the request, the previous page address is obtained, and whether the previous page address is legal or not is checked, so that whether the request interface is legal or not is judged.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (6)
1. A method for verifying the safety of a background data interface is characterized in that: the method comprises the following steps:
s1, providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl;
s2, after the page requests to enter an access entrance, a background checks the authority, judges whether the user logs in, judges whether the user has the authority of the current access address, if not, does not perform the operation ending process, and if yes, enters the step S3;
s3, organizing according to the background address parameter targetUrl to generate an address authority verification parameter, and jumping to an actual service background page address with the address authority verification parameter;
the step S3 further includes: step S3.1: obtaining an actual service background address Url according to a background address parameter targetUrl, and generating a DES encryption Key DesEnKey, wherein DesEnKey = MD5 (Url + MD5 Key); the MD5Key is a set character string;
step S3.2: obtaining current time, converting the current time into a character string to obtain the time str = yyyyMMddHHmmss;
step S3.3: DES encryption is carried out according to the timeStr and the DesEnKey to obtain authority signature parameters powerSign, wherein powerSign = DES (timeStr, desEnKey);
step S3.4: after the powerSign is obtained, a jump link of a specific service page is organized, and a service background page corresponding to the link is jumped to;
s4, checking whether the address authority checking parameters are legal after entering an actual service background page, thereby realizing the safety verification of the page address;
the step S4 is further specifically: step S4.1: after entering an actual service background page, carrying out validity check on powerSign;
step S4.2: acquiring an address Url2 entering an actual service background page, and generating DesEnKey2= MD5 (Url 2+ MD5 Key) in an encryption mode;
step S4.3: calling a DES decryption method to obtain timeStre 2= UnDES (powerSign, desEnKey 2); converting the timeStr2 into a normal time object, judging whether the time exceeds a preset time, and if so, judging the time to be illegal; if not, the safety of the page address is normal.
2. The method for background data interface security verification according to claim 1, wherein: the step S4 is further followed by: and S5, when the asynchronous data reading interface is arranged on the service page, the data interface on the service page acquires the previous webpage address after receiving the request, and checks whether the previous webpage address is legal or not so as to judge whether the data interface is legal or not.
3. The method for background data interface security verification according to claim 2, wherein: the step S5 is further specifically: when an asynchronous data reading interface is arranged on a service page, after the data interface on the service page receives a request, acquiring a previous page address Url3 through a request. UrlReferrer, wherein the Url3 is the jump link, and generating DesEnKey3= MD5 (Url 3+ MD5 Key) in an encryption mode; calling a DES decryption method to obtain timeStre 3= UnDES (powerSign, desEnKey 3); the timestamp str3 is converted into a normal time object, the time object is considered to be correct as long as the time object can be correctly converted into a time format, whether the time is expired or not is not verified, the time format is correct, namely a data interface is legal, and the time format is incorrect, namely the data interface is illegal.
4. A system for background data interface security verification is characterized in that: the system comprises: the system comprises an access entrance setting module, an access authority verification module, an address authority verification parameter production module and a judgment module;
the access entry setting module is used for providing a uniform access entry, setting a background address parameter targetUrl, and assigning an actual service background address to the background address parameter targetUrl;
the access authority verification module is used for verifying the authority in the background after the page requests to enter the access entrance, judging whether the user logs in, judging whether the user has the authority of the current access address, if not, not performing the operation to finish the process, and if so, entering the address authority verification parameter production module;
the address authority verification parameter production module is used for organizing and generating address authority verification parameters according to the background address parameter targetUrl, and skipping to the actual service background page address with the address authority verification parameters;
the implementation mode of the address authority verification parameter production module is further specifically as follows: obtaining an actual service background address Url according to a background address parameter targetUrl, and generating a DES encryption Key DesEnKey, wherein the DesEnKey = MD5 (Url + MD5 Key), and the MD5Key is a set character string;
acquiring current time, converting the current time into a character string to obtain timeStr = yyyyMMddHHmmss;
DES encryption is carried out according to the timeStr and the DesEnKey to obtain authority signature parameters powerSign, wherein powerSign = DES (timeStr, desEnKey);
after the powerSign is obtained, a skip link of a specific service page is organized, and a service background page corresponding to the skip link is skipped;
the judging module is used for verifying whether the address authority verification parameter is legal or not after entering an actual service background page, so that the safety verification of the page address is realized;
the implementation manner of the judgment module is further specifically that: after entering an actual service background page, carrying out validity check on powerSign;
acquiring an address Url2 entering an actual service background page, and generating DesEnKey2= MD5 (Url 2+ MD5 Key) in an encryption mode;
calling a DES decryption method to obtain timeStre 2= UnDES (powerSign, desEnKey 2); converting the timeStr2 into a normal time object, judging whether the time exceeds a preset time, and if so, judging the time to be illegal; if not, the safety of the page address is normal.
5. The system for background data interface security verification according to claim 4, wherein: the system also comprises a data interface legality checking module, wherein the data interface legality checking module is used for acquiring the previous webpage address after the data interface on the service page receives the request when the asynchronous data reading interface is arranged on the service page, and checking whether the previous webpage address is legal or not so as to judge whether the data interface is legal or not.
6. The system for background data interface security verification according to claim 5, wherein: the implementation manner of the data interface validity check module is further specifically as follows: when an asynchronous data reading interface is arranged on a service page, after the data interface on the service page receives a request, acquiring a previous page address Url3 through a request. UrlReferrer, wherein the Url3 is the jump link, and generating DesEnKey3= MD5 (Url 3+ MD5 Key) in an encryption mode; calling a DES decryption method to obtain timeStre 3= UnDES (powerSign, desEnKey 3); the timestamp str3 is converted into a normal time object, the time object is considered to be correct as long as the time object can be correctly converted into a time format, whether the time is expired or not is not verified, the time format is correct, namely a data interface is legal, and the time format is incorrect, namely the data interface is illegal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010802652.2A CN111931232B (en) | 2020-08-11 | 2020-08-11 | Method and system for verifying safety of background data interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010802652.2A CN111931232B (en) | 2020-08-11 | 2020-08-11 | Method and system for verifying safety of background data interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111931232A CN111931232A (en) | 2020-11-13 |
| CN111931232B true CN111931232B (en) | 2022-12-09 |
Family
ID=73310678
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010802652.2A Active CN111931232B (en) | 2020-08-11 | 2020-08-11 | Method and system for verifying safety of background data interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111931232B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112347442B (en) * | 2020-11-30 | 2023-03-21 | 四川长虹电器股份有限公司 | User authority verification method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170676A (en) * | 2007-11-19 | 2008-04-30 | 中兴通讯股份有限公司 | Method and system for encrypting user login information in interactive network TV system |
| CN101510877A (en) * | 2009-02-25 | 2009-08-19 | 中国网络通信集团公司 | Single-point logging-on method and system, communication apparatus |
| CN103209158A (en) * | 2012-01-12 | 2013-07-17 | 深圳市宇初网络技术有限公司 | Third-party verification method and system |
| EP3287971A1 (en) * | 2015-04-20 | 2018-02-28 | Sigmatrix Technology Co., Ltd. | Data authenticity identification method for safety check of two-dimensional code |
-
2020
- 2020-08-11 CN CN202010802652.2A patent/CN111931232B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101170676A (en) * | 2007-11-19 | 2008-04-30 | 中兴通讯股份有限公司 | Method and system for encrypting user login information in interactive network TV system |
| CN101510877A (en) * | 2009-02-25 | 2009-08-19 | 中国网络通信集团公司 | Single-point logging-on method and system, communication apparatus |
| CN103209158A (en) * | 2012-01-12 | 2013-07-17 | 深圳市宇初网络技术有限公司 | Third-party verification method and system |
| EP3287971A1 (en) * | 2015-04-20 | 2018-02-28 | Sigmatrix Technology Co., Ltd. | Data authenticity identification method for safety check of two-dimensional code |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111931232A (en) | 2020-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101662364B (en) | Method and system for safe login | |
| US8997239B2 (en) | Detecting code injections through cryptographic methods | |
| CN109492884B (en) | Compliance risk information display method and device, computer equipment and storage medium | |
| US8984608B2 (en) | Image processing apparatus, image processing system, and computer-readable storage medium for generating a token value | |
| US7840804B2 (en) | Attribute certificate validation method and device | |
| US20130091578A1 (en) | System and a method for automatically detecting security vulnerabilities in client-server applications | |
| US9032519B1 (en) | Protecting websites from cross-site scripting | |
| CN102355469A (en) | Method for displaying credibility certification for website in address bar of browser | |
| CN106341233A (en) | Authentication method for client to log into server, device, system and electronic device | |
| WO2009132529A1 (en) | Method and device for validating the web form data | |
| US20020099733A1 (en) | Method and apparatus for attaching electronic signature to document having structure | |
| CN111818088A (en) | Authorization mode management method and device, computer equipment and readable storage medium | |
| CN110880146A (en) | Block chain chaining method, device, electronic equipment and storage medium | |
| CN103186637A (en) | Method and device for analyzing user behavior of BOSS database | |
| CN111931232B (en) | Method and system for verifying safety of background data interface | |
| CN116522197A (en) | Identity authentication and access control system based on security management | |
| US20020166066A1 (en) | Method of restricting viewing web page and server | |
| CN107103243A (en) | The detection method and device of leak | |
| CN111949955B (en) | Single sign-on method, device and equipment for web system and readable storage medium | |
| CN111523123A (en) | Intelligent website vulnerability detection method | |
| CN116881275A (en) | Database query method, device and storage medium | |
| CN111931159B (en) | Method and system for verifying validity of webpage data interface | |
| CN114546857A (en) | Interface test case generation method and device, electronic equipment and storage medium | |
| Black et al. | Software assurance tools: Web application security scanner functional specification version 1.0 | |
| US8819413B1 (en) | Method and apparatus for collaborative claim verification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |