CN112162996A - Database access method and system for in-station graph editor - Google Patents
Database access method and system for in-station graph editor Download PDFInfo
- Publication number
- CN112162996A CN112162996A CN202011005897.9A CN202011005897A CN112162996A CN 112162996 A CN112162996 A CN 112162996A CN 202011005897 A CN202011005897 A CN 202011005897A CN 112162996 A CN112162996 A CN 112162996A
- Authority
- CN
- China
- Prior art keywords
- database
- client
- access
- sql statement
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 230000006854 communication Effects 0.000 claims description 14
- 238000004891 communication Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 claims description 13
- 230000006837 decompression Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 2
- 238000011161 development Methods 0.000 abstract description 5
- 238000012545 processing Methods 0.000 description 9
- 230000006835 compression Effects 0.000 description 5
- 238000007906 compression Methods 0.000 description 5
- 238000004806 packaging method and process Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000007175 bidirectional communication Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003245 working effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2453—Query optimisation
- G06F16/24534—Query rewriting; Transformation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a database access method and a system of an in-station graph editor, which are based on the invention, a database is accessed by utilizing a data access agent service of a server side, no matter which development language is adopted as a technical type selection, the client side of the in-station graph editor does not need to install a database client side on a user PC when being deployed, and the database access operation is actually executed by the data access agent service of the server side rather than the client side. Therefore, further, the connection information (access address, access user name and password) of the database is stored in the server side (data access proxy service), and the in-station graph editor does not directly interact with the database, so that the security of the database is improved.
Description
Technical Field
The invention relates to a database access method of an on-site graph editor, and further relates to a database access system of the on-site graph editor.
Background
The in-station diagram editor refers to an editing client of a device wiring diagram in a substation under the jurisdiction of a power company, and can be called as a power wiring diagram industrial control configuration editor, a station configuration editor and the like in some specific applications. The in-station diagram editor can be designed and developed by adopting a BS (Browser/Server architecture, which is an abbreviation of Browser/Server architecture, and can also be written as a B/S architecture, which is a structure for changing or improving a C/S structure along with the rise of Internet technology) or a CS (Client/Server architecture, which is an abbreviation of Client/Server architecture, is in a form of Windows desktop application, and can also be written as a C/S architecture).
The DataBase access part of the in-station graph editor adopting the CS architecture is usually developed by using technologies such as ADO (active x Data Objects, i.e. active x Data Objects, C + + as development language), JDBC (Java DataBase Connectivity, Java as development language) or DataBase driver provided by a DataBase manufacturer, and the like, and the development is performed by using the above methods, which has the following disadvantages:
1) deployment is complex, database drivers provided by ADO or database manufacturers are used as technical model selection, and when client deployment and installation are performed, a client of a corresponding database needs to be installed on a user PC (otherwise, the database server cannot be normally accessed), so that deployment difficulty is increased.
2) The security is poor, and under the CS framework, the client side usually adopts a mode of directly connecting the database, so that the access user name and the password of the database are both stored on the user PC, and the risk of database password leakage exists.
Disclosure of Invention
The invention aims to provide a database access method of an in-station graph editor, which has low deployment difficulty and high database access safety, and also provides a database access system of the in-station graph editor.
In an embodiment of the present invention, there is provided a database access method of an in-station graph editor, a client accesses a server by means of a data access proxy service of a server, and the database access method includes the steps of:
requesting, the client generates an SQL statement to be executed, encrypts the SQL statement according to a preset encryption algorithm to generate an encryption sequence, and sends the encryption sequence to a data access proxy service unit of the server;
analyzing, namely analyzing the encrypted sequence by the data access proxy service unit according to a corresponding decryption algorithm to analyze an SQL statement and further sending the analyzed SQL statement to a database;
and executing, wherein the database executes the SQL statement to obtain an access result, and the access result is packaged and then returned to the client through the data access proxy service unit in an encryption mode.
The method of claim 1, wherein the client compresses the SQL statement before encrypting the SQL statement;
accordingly, the parsing step or the executing step decompresses the parsed SQL statement.
Optionally, the SQL statement is encapsulated in a predetermined format and then compressed by UIF-8 encoding to generate a binary data stream;
correspondingly, the binary data stream is converted into a character string after decompression, and then is analyzed according to a preset format.
Optionally, the encryption algorithm is an asymmetric key encryption algorithm.
Optionally, the SQL statement and the access result are packaged into JSON format strings before transmission.
Optionally, before accessing the database, the client needs to verify whether the client has the right to access the database.
Optionally, the authentication is performed by means of password authentication; or
The method comprises the steps that a client ID and a bound mobile terminal are prestored in a database, when the client accesses the database, an access request is sent to the database, the database responds to the access request and sends a random password to the bound mobile terminal, and the client accesses the database by using the client ID and the random password.
Optionally, the communication between the server and the client is communication using org.apache.http.client packets;
the client side adopts communication between a Socket and a data access proxy service of the server side, and the communication protocol is HTTP/TCP.
Optionally, the server side accesses the database through a Java database connection.
In an embodiment of the present invention, there is also provided a database access system of an in-station graph editor, in which a client accesses a server by means of a data access proxy service module of the server, and the database access system includes the following steps:
the client generates an SQL statement to be executed, encrypts the SQL statement according to a preset encryption algorithm to generate an encryption sequence, and sends the encryption sequence to the data access proxy service module of the server;
the data access proxy service module analyzes the encrypted sequence according to a corresponding decryption algorithm to analyze an SQL statement and further sends the analyzed SQL statement to a database;
and the execution unit is used for executing the SQL statement by the database to obtain an access result, and the access result is packaged and then returned to the client in an encryption mode through the data access proxy service module.
In the embodiment of the invention, the database is accessed by using the data access proxy service of the server, no matter which development language is adopted as the technical type selection, the database client does not need to be installed on the user PC when the in-station diagram editor client is deployed, and the database access operation is actually executed by the data access proxy service of the server instead of the client. Therefore, further, the connection information (access address, access user name and password) of the database is stored in the server side (data access proxy service), and the in-station graph editor does not directly interact with the database, so that the security of the database is improved.
Drawings
FIG. 1 is a block diagram of a communication system between a client and a server of an embodiment of an in-station graph editor.
Detailed Description
The present invention is described in detail with reference to the accompanying drawings, and other available or alternative means will be described in the description of the embodiments.
The client accesses the server through the proxy service based on the proxy service providing the proxy service at the server, so that a data access proxy service needs to be added at the server, in the embodiment of the invention, data access proxy service software based on a Spring Boot architecture (architecture provided by Pivotal team) is adopted, or the server is provided with the data access proxy service software, so that when the client accesses the database, the client needs to establish connection with the data access proxy service software (hereinafter referred to as proxy service module) first, then sends a connection request for connecting the database through the proxy service module, the proxy service module establishes connection with the database, requests for obtaining related resources from the database, and then returns the obtained related resources or other information to the client through the proxy service module.
Specific addresses, access the database, and, for the in-site graph editor client, generate SQL statements in the background based on the operations, because of the data access proxy service, the operation of the client is analyzed into SQL statements by the data access proxy module, correspondingly, the operation of the client can be understood as an instruction for accessing the database, the client equivalently sends the instruction to the data access proxy module, the data access proxy module analyzes the instruction string sent by the client into corresponding SQL statements, and then sending the result to a database for execution, wherein a server providing the database or a database server responds to SQL statements to execute corresponding database operation to generate an operation result, the operation result is called a result for short, the database returns the result to the data access agent module, and the data access agent module returns the result to the in-station graph editor client after processing (such as data encryption and the like) the result.
SQL is an abbreviation for Structured Query Language, a Structured Query Language, and is a database Query and programming Language that accesses data and queries, updates, and manages relational database systems.
In some embodiments, as shown in fig. 1, it is a communication system framework diagram of an in-station diagram editor client and a server, hereinafter, the in-station diagram editor client is referred to as a client for short, and the server refers to a server. The architecture shown in particular in fig. 1 is described as follows:
design description:
1. client-instruction sending and receiving:
the client side of the in-station graph editor adopts SOCKET technology to communicate with a data access proxy service module of the server side, and the communication protocol adopts HTTP/TCP.
Socket, i.e., Socket, is an abstraction of an endpoint that performs bidirectional communication between application processes on different hosts in a network. A socket is the end of a process's communication over a network and provides a mechanism for application layer processes to exchange data using a network protocol.
The data access proxy service module is responsible for realizing a basic communication API between the client and the server. The API is an abbreviation of Application Programming Interface, i.e. Application program Interface, which is some predefined functions or appointments for linking different components of the software system. To provide a set of routines that applications and developers can access based on certain software or hardware without accessing source code or understanding the details of the internal workings.
2. Client-instruction processing:
the client-instruction processing module is responsible for the following 2 functions:
1) and packaging the SQL command to be executed according to a fixed protocol format, and sending the SQL command to a command sending and receiving module to a data access agent server.
2) And analyzing the data returned by the data access agent server, namely the data returned by the server, which is received by the command sending and receiving module.
In some embodiments, the packaging of the SQL instructions, i.e., the packaging of the database operation instructions, is gzip-compressed, and the character encoding is UTF-8.
It is obvious that gzip is a compression format that appeared in the 90 s of the last century, and can be substituted for other types of compression formats.
Further, the gzip compressed binary bytes are encrypted using the national standard SM2 algorithm. After compression, binary bytes are formed based on the character encoding described above. And the national secret SM2 algorithm is an asymmetric key algorithm, developed by our country. It can be understood that, for encryption, other types of asymmetric key algorithms can be adopted, and the asymmetric key algorithm has the advantages of good encryption effect and difficulty in secret disclosure. The disadvantage is that the speed is somewhat slow, but the efficiency is already sufficient for database access.
Encryption is completed at the client, and then the data access module at the client side sends the character string obtained after encryption to the data access agent service module by using the command sending and receiving module.
3. And (3) data access proxy service return data analysis:
the data access proxy service module return data parsing processing logic depends on the processing logic of the data access proxy service module for return values, and is specifically adapted to section 6 below.
First, the data returned by the database is decrypted by using the SM2 algorithm.
And then decompressing the decrypted data by using the gzip algorithm.
Then, the binary data obtained after decompression is converted into a character string.
And finally, analyzing the character string obtained in the last step according to a JSON format, and finally obtaining a return result of the SQL instruction.
The JSON format, namely JavaScript Object Notation, is a lightweight data exchange format. It stores and represents data in a text format that is completely independent of the programming language, based on a subset of ECMAScript (js specification set by the european computer association). The compact and clear hierarchy makes JSON an ideal data exchange language.
4. For server-command send and receive:
the method and the system realize communication with an in-station diagram editor client by utilizing org, apache, http and client packets.
For server-instruction processing:
the server-instruction processing is mainly responsible for the following 2 functions:
1) analyzing a database operation instruction received from a station inner diagram editor client to obtain an SQL statement to be executed, and executing the SQL statement by utilizing a database access module.
2) And packaging a returned result after the database server executes the SQL instruction, and sending the result to the in-station diagram editor client by using the 'instruction sending and receiving' module.
5. Analyzing the database operation instruction:
the database operation instruction parsing processing logic depends on the encapsulation processing logic of the in-station graph editor client for the database operation instructions.
Accordingly, the returned data is first decrypted using the national standard SM2 algorithm.
The decrypted data is then decompressed using the gzip algorithm.
Further, the binary data obtained after decompression is converted into a character string, i.e., an SQL command to be executed.
6. And (3) packaging a returned result of the database:
first, the database execution result is converted into a JSON format string.
And then, carrying out gzip algorithm compression on the JSON format character string.
Then, the binary bytes after gzip compression are encrypted by using the national standard SM2 algorithm, and finally the encrypted character string is obtained.
7. For server-database access:
the server side utilizes JDBC technology to realize access operation on a relational database (oracle, mysql and the like).
JDBC, Java Database Connectivity, is an application program interface in Java language that specifies how a client program accesses a Database.
Claims (10)
1. A database access method of an in-station graph editor, wherein a client accesses a server by means of a data access proxy service of a server side, and the database access method comprises the steps of:
requesting, the client generates an SQL statement to be executed, encrypts the SQL statement according to a preset encryption algorithm to generate an encryption sequence, and sends the encryption sequence to a data access proxy service unit of the server;
analyzing, namely analyzing the encrypted sequence by the data access proxy service unit according to a corresponding decryption algorithm to analyze an SQL statement and further sending the analyzed SQL statement to a database;
and executing, wherein the database executes the SQL statement to obtain an access result, and the access result is packaged and then returned to the client through the data access proxy service unit in an encryption mode.
2. The method of claim 1, wherein the client compresses the SQL statement before encrypting the SQL statement;
accordingly, the parsing step or the executing step decompresses the parsed SQL statement.
3. The database access method of the in-station graph editor of claim 2, wherein the SQL statements are encapsulated in a predetermined format and then compressed with UIF-8 encoding to generate a binary data stream;
correspondingly, the binary data stream is converted into a character string after decompression, and then is analyzed according to a preset format.
4. The method of claim 1, wherein the encryption algorithm is an asymmetric key encryption algorithm.
5. The method of claim 1, wherein the SQL statement and the access result are encapsulated into a JSON-formatted string before transmission.
6. The method of claim 1, wherein the client is authenticated before accessing the database if the client has the right to access the database.
7. The method of claim 6, wherein the authentication is performed by means of password authentication; or
The method comprises the steps that a client ID and a bound mobile terminal are prestored in a database, when the client accesses the database, an access request is sent to the database, the database responds to the access request and sends a random password to the bound mobile terminal, and the client accesses the database by using the client ID and the random password.
8. The database access method of the in-station diagram editor according to claim 1, wherein the communication between the server side and the client side is a communication using an org.apache.http.client package;
the client side adopts communication between a Socket and a data access proxy service of the server side, and the communication protocol is HTTP/TCP.
9. The method of claim 1, wherein the server accesses the database through a Java database connection.
10. A database access system of an in-station graph editor, wherein a client accesses a server by means of a data access proxy service module of a server side, and the database access system comprises the steps of:
the client generates an SQL statement to be executed, encrypts the SQL statement according to a preset encryption algorithm to generate an encryption sequence, and sends the encryption sequence to the data access proxy service module of the server;
the data access proxy service module analyzes the encrypted sequence according to a corresponding decryption algorithm to analyze an SQL statement and further sends the analyzed SQL statement to a database;
and the execution unit is used for executing the SQL statement by the database to obtain an access result, and the access result is packaged and then returned to the client in an encryption mode through the data access proxy service module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011005897.9A CN112162996A (en) | 2020-09-23 | 2020-09-23 | Database access method and system for in-station graph editor |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011005897.9A CN112162996A (en) | 2020-09-23 | 2020-09-23 | Database access method and system for in-station graph editor |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112162996A true CN112162996A (en) | 2021-01-01 |
Family
ID=73862728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011005897.9A Pending CN112162996A (en) | 2020-09-23 | 2020-09-23 | Database access method and system for in-station graph editor |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112162996A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112910980A (en) * | 2021-01-27 | 2021-06-04 | ***股份有限公司 | Database access system and method |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101848245A (en) * | 2010-02-05 | 2010-09-29 | 南京德讯信息***有限公司 | Database access agent method and system based on SSL/XML |
CN102739654A (en) * | 2012-06-08 | 2012-10-17 | 北京久其软件股份有限公司 | Method for realizing application program to access database |
CN105956143A (en) * | 2016-05-11 | 2016-09-21 | 深圳市永兴元科技有限公司 | Database access method and database proxy node |
CN107222500A (en) * | 2017-07-04 | 2017-09-29 | 山东浪潮商用***有限公司 | A kind of data transmission system and method based on message queue |
CN107465641A (en) * | 2016-06-02 | 2017-12-12 | 上海海典软件股份有限公司 | Based on three-tier architecture software systems and its data request method |
CN108228597A (en) * | 2016-12-14 | 2018-06-29 | 深圳市优朋普乐传媒发展有限公司 | Data bank access method and device |
CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
CN110413676A (en) * | 2019-07-25 | 2019-11-05 | 中国工商银行股份有限公司 | The access method and its device of database, electronic equipment and medium |
-
2020
- 2020-09-23 CN CN202011005897.9A patent/CN112162996A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101848245A (en) * | 2010-02-05 | 2010-09-29 | 南京德讯信息***有限公司 | Database access agent method and system based on SSL/XML |
CN102739654A (en) * | 2012-06-08 | 2012-10-17 | 北京久其软件股份有限公司 | Method for realizing application program to access database |
CN105956143A (en) * | 2016-05-11 | 2016-09-21 | 深圳市永兴元科技有限公司 | Database access method and database proxy node |
CN107465641A (en) * | 2016-06-02 | 2017-12-12 | 上海海典软件股份有限公司 | Based on three-tier architecture software systems and its data request method |
CN108228597A (en) * | 2016-12-14 | 2018-06-29 | 深圳市优朋普乐传媒发展有限公司 | Data bank access method and device |
CN107222500A (en) * | 2017-07-04 | 2017-09-29 | 山东浪潮商用***有限公司 | A kind of data transmission system and method based on message queue |
CN108306877A (en) * | 2018-01-30 | 2018-07-20 | 泰康保险集团股份有限公司 | Verification method, device and the storage medium of subscriber identity information based on NODE JS |
CN110413676A (en) * | 2019-07-25 | 2019-11-05 | 中国工商银行股份有限公司 | The access method and its device of database, electronic equipment and medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112910980A (en) * | 2021-01-27 | 2021-06-04 | ***股份有限公司 | Database access system and method |
CN112910980B (en) * | 2021-01-27 | 2022-11-15 | ***股份有限公司 | Database access system and method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107682159B (en) | Trusted application management method and trusted application management system of intelligent terminal | |
KR100420428B1 (en) | Method of transmitting information data from a sender to a receiver via a transcoder | |
JP4061288B2 (en) | WEB service system, requester, SOAP message intermediate processing device, requester request SOAP message processing method, requestor response SOAP message processing method, SOAP message intermediate processing device request SOAP message processing method, SOAP message intermediate SOAP message processing method and program for response of processing device | |
CN111818166B (en) | Method for realizing communication middleware by adopting HTTP proxy database protocol | |
WO2020233049A1 (en) | Data authorization method and apparatus of blockchain system, storage medium, and electronic device | |
CN1291396A (en) | Communication system and communication method | |
TW201445355A (en) | Protecting data | |
CN106415491B (en) | Application protection method, server and terminal | |
US20240214472A1 (en) | Communication protocol conversion method, and device, system, and gateway device | |
CN106603579B (en) | The tele-control system and method and its wireless terminal of a kind of wireless terminal | |
CN107508846B (en) | Updating method and system of application client and terminal equipment | |
CN114157649A (en) | Reliable data transmission method and device, computer equipment and storage medium | |
CN111756751A (en) | Message transmission method and device and electronic equipment | |
CN112162996A (en) | Database access method and system for in-station graph editor | |
CN110830493B (en) | Single sign-on implementation method based on intelligent enterprise portal | |
CN113645193B (en) | Network security protection method, service management system and computer readable storage medium | |
CN106657028B (en) | Method for realizing data encryption and export technology of android mobile phone | |
CN114978769A (en) | Unidirectional lead-in device, method, medium, and apparatus | |
CN105959263B (en) | Aged caring institutions data interactive method and system based on JSON | |
CN116437377A (en) | Communication method, system, electronic device and medium for device control communication protocol | |
CN111064560B (en) | Data encryption transmission method and device, terminal and data encryption transmission system | |
CN114124914A (en) | Data security transmission method and device, computer equipment and storage medium | |
CN113922976A (en) | Equipment log transmission method and device, electronic equipment and storage medium | |
CN113596027B (en) | Data encryption transmission method and device and electronic equipment | |
WO2023159900A1 (en) | Remote development method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210101 |