CN112434020A - Database account cleaning method and device and electronic equipment - Google Patents

Database account cleaning method and device and electronic equipment Download PDF

Info

Publication number
CN112434020A
CN112434020A CN202011356806.6A CN202011356806A CN112434020A CN 112434020 A CN112434020 A CN 112434020A CN 202011356806 A CN202011356806 A CN 202011356806A CN 112434020 A CN112434020 A CN 112434020A
Authority
CN
China
Prior art keywords
time point
account
ith
node
connection information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011356806.6A
Other languages
Chinese (zh)
Other versions
CN112434020B (en
Inventor
禤欢子
沈登徽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN202011356806.6A priority Critical patent/CN112434020B/en
Publication of CN112434020A publication Critical patent/CN112434020A/en
Application granted granted Critical
Publication of CN112434020B publication Critical patent/CN112434020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/217Database tuning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The disclosure relates to the technical field of databases, and provides a method and a device for cleaning database accounts and electronic equipment. Wherein, the method comprises the following steps: a method for cleaning database accounts comprises the following steps: collecting current connection information and historical accumulated connection information of the account at the node at each time point; determining whether the node is restarted from the ith-1 time point to the ith time point according to the historical accumulated connection information acquired at the ith time point and the historical accumulated connection information acquired at the ith-1 time point, wherein i is an integer greater than 1; in response to the fact that the node is restarted from the ith-1 time point to the ith time point, updating the last login time of the first account corresponding to the current connection information collected at the ith time point to the ith time point; and cleaning the first account number based on the last login time of the first account number in the node. The technical scheme can effectively guarantee the data security of the database and is beneficial to improving the high availability of the database.

Description

Database account cleaning method and device and electronic equipment
Technical Field
The disclosure relates to the technical field of databases, in particular to a method and a device for cleaning database accounts and electronic equipment for implementing the method for cleaning the database accounts.
Background
The safety management of the database is an important measure for guaranteeing the data safety. Wherein, the management of the database account number authority is an important link of safety management. Abnormal accounts (e.g., account permissions are amplified) are a significant security concern for databases. Therefore, the abnormal account of the database needs to be cleaned.
In the account cleaning scheme in the related art, a structure diagram of a database framework is shown in fig. 1, a database middleware is arranged between a database cluster and a business service, and specifically, the middleware is respectively connected with a node 1 and a node 2 … … n in the database cluster. The application service in the middleware database framework accesses the database through the middleware, realizes unified identity and authority management through the middleware, can also conveniently realize account connection records and collect access records of all accounts, and can solve the problem of account life cycle acquisition.
However, when the middleware is down or the service is not available, the service cannot be accessed by any database node, which is not beneficial to realizing high availability of the database.
It is to be noted that the information disclosed in the background section above is only used to enhance understanding of the background of the present disclosure.
Disclosure of Invention
The purpose of the present disclosure is to provide a method and an apparatus for cleaning database accounts, and a computer storage medium and an electronic device for implementing the method for cleaning database accounts, so as to improve the high availability of a database at least in a certain degree.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to one aspect of the disclosure, a method for cleaning database accounts is provided, which includes: collecting current connection information and historical accumulated connection information of the account at the node at each time point; determining whether the node is restarted from the ith-1 time point to the ith time point according to the historical accumulated connection information acquired at the ith time point and the historical accumulated connection information acquired at the ith-1 time point, wherein i is an integer greater than 1; in response to the node being restarted from the ith-1 time point to the ith time point, updating the last login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point; and cleaning the first account number based on the latest login time of the first account number in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the method further includes: responding to the restart of the node between the ith-1 time point and the ith time point, and acquiring an account set which establishes connection with the node at the ith-1 time point; updating the last login time of a second account except the first account in the account set to be the i-1 time point; and cleaning the second account according to the last login time of the second account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the method further includes: in response to that the node is not restarted from the i-1 th time point to the i-th time point, determining whether a third account corresponding to the current connection information acquired at the i-th time point is connected with the node at the i-th time point according to the current connection information acquired at the i-th time point; responding to the third account to establish connection with the node at the ith time point, and updating the last login time of the third account to the ith time point; and cleaning the third account number based on the last login time of the third account number at the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the method further includes: in response to the third account not establishing connection with the node at the ith time point, determining whether the third account has been connected with the node between the ith-1 time point and the ith time point according to historical cumulative connection information collected at the ith time point and historical cumulative connection information collected at the ith-1 time point; updating the last login time of the third account to the ith time point in response to the third account being connected with the node between the ith-1 time point and the ith time point; and cleaning the third account according to the last login time of the third account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the method further includes: and in response to the third account not being connected with the node between the i-1 th time point and the i-th time point, keeping the last login time of the third account not updated.
In an exemplary embodiment of the disclosure, based on the foregoing solution, the determining whether the third account is connected to the node between the i-1 th time point and the i-1 th time point according to the historical cumulative connection information collected at the i-1 th time point and the historical cumulative connection information collected at the i-1 th time point includes: responding that the connection times of the historical accumulated connection information collected at the ith time point are greater than the connection times of the historical accumulated connection information collected at the ith-1 time point, and connecting the third account between the ith-1 time point and the ith time point; and in response to that the connection times of the historical accumulated connection information collected at the ith time point are the same as the connection times of the historical accumulated connection information collected at the ith-1 time point, the third account is not connected between the ith-1 time point and the ith time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the determining, according to the current connection information acquired at the ith time point, whether a third account corresponding to the current connection information acquired at the ith time point establishes a connection with the node at the ith time point includes: and determining that the third account establishes connection with the node at the ith time point in response to that the connection times of the current connection information acquired at the ith time point are greater than zero.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the determining, according to the current connection information acquired at the ith time point, whether a third account corresponding to the current connection information acquired at the ith time point establishes a connection with the node at the ith time point includes: and determining that the third account is not connected with the node at the ith time point in response to that the connection times of the current connection information acquired at the ith time point are equal to zero.
In an exemplary embodiment of the present disclosure, based on the foregoing solution, the determining whether the node has been restarted between the i-1 th time point and the i-1 th time point according to the historical cumulative connection information collected at the i-1 th time point and the historical cumulative connection information collected at the i-1 th time point includes: and determining that the node is not restarted between the ith-1 time point and the ith time point in response to the fact that the connection frequency of the historical accumulated connection information collected at the ith time point is not less than the connection frequency of the historical accumulated connection information collected at the ith-1 time point.
In an exemplary embodiment of the present disclosure, based on the foregoing solution, the determining whether the node has been restarted between the i-1 th time point and the i-1 th time point according to the historical cumulative connection information collected at the i-1 th time point and the historical cumulative connection information collected at the i-1 th time point includes: and determining that the node is restarted between the i-1 time point and the i-1 time point in response to the fact that the connection frequency of the historical accumulated connection information collected at the i time point is less than that of the historical accumulated connection information collected at the i-1 time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the clearing the first account based on the last login time of the first account in the node includes: determining a target node which is connected with the first account in a database cluster; acquiring the last login time of the first account in each target node, and taking the last login time with the maximum timestamp as cleaning reference time; and responding to the condition that the time length from the cleaning reference time to the current time point is greater than the preset time length, and cleaning the first account.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the method further includes: and in response to that the time length from the cleaning reference time to the current time point is not more than the preset time length, reserving the first account, and respectively updating the last login time of the first account in each target node based on the current connection information and the historical accumulated connection information acquired at the (i + 1) th time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node is a MySQL node; the above collecting current connection information and historical accumulated connection information of the account at the node at each time point includes: acquiring a performance _ schema.accounts table stored in a memory in a MySQL node once a day; determining the CURRENT connection information according to a CURRENT _ CONNECTIONS field in the performance _ schema.
According to one aspect of the disclosure, a database account cleaning device is provided, which includes: the system comprises an acquisition module, a node restart determining module, an updating module and a cleaning module. Wherein:
the above-mentioned acquisition module is configured to: collecting current connection information and historical accumulated connection information of the account at the node at each time point; the node restart determining module is configured to: determining whether the node is restarted between the ith-1 time point and the ith time point according to the historical accumulated connection information acquired at the ith time point and the historical accumulated connection information acquired at the ith-1 time point; the update module is configured to: in response to the node being restarted from the ith-1 time point to the ith time point, updating the last login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point; and, the cleaning module configured to: and clearing the first account number based on the last login time of the first account number in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the apparatus for cleaning a database account further includes: and an acquisition module.
Wherein the acquisition module is configured to: responding to the restart of the node between the ith-1 time point and the ith time point, and acquiring an account set which establishes connection with the node at the ith-1 time point; the update module is further configured to: updating the last login time of a second account except the first account in the account set to the i-1 time point; and, the cleaning module is further configured to: and cleaning the second account according to the last login time of the second account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the apparatus for cleaning a database account further includes: the account is connected with the first determining module.
Wherein the account connection first determining module is configured to: in response to that the node is not restarted from the i-1 th time point to the i-th time point, determining whether a third account corresponding to the current connection information acquired at the i-th time point is connected with the node at the i-th time point according to the current connection information acquired at the i-th time point; the update module is further configured to: responding to the third account to establish connection with the node at the ith time point, and updating the last login time of the third account to the ith time point; and, the cleaning module is further configured to: and cleaning the third account according to the last login time of the third account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the apparatus for cleaning a database account further includes: the account is connected with the second determining module.
Wherein the account connection second determining module is configured to: in response to the third account not establishing connection with the node at the ith time point, determining whether the third account has been connected with the node between the ith-1 time point and the ith time point according to the history accumulated connection information collected at the ith time point and the history accumulated connection information collected at the ith-1 time point; the update module is further configured to: updating the last login time of the third account to the ith time point in response to the third account being connected with the node between the ith-1 time point and the ith time point; and, the cleaning module is further configured to: and cleaning the third account according to the last login time of the third account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing solution, the update module is further configured to: and in response to the third account not being connected with the node between the i-1 th time point and the i-th time point, keeping the last login time of the third account not updated.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the account connection second determining module is specifically configured to: responding that the connection times of the historical accumulated connection information collected at the ith time point are greater than the connection times of the historical accumulated connection information collected at the ith-1 time point, and connecting the third account between the ith-1 time point and the ith time point; the account connection second determining module is specifically configured to: and in response to that the connection times of the historical cumulative connection information collected at the ith time point are the same as the connection times of the historical cumulative connection information collected at the ith-1 time point, the third account is not connected between the ith-1 time point and the ith time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the account connection first determining module is specifically configured to: and determining that the third account establishes connection with the node at the ith time point in response to the fact that the connection times of the current connection information acquired at the ith time point are greater than zero.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the account connection first determining module is specifically configured to: and determining that the third account is not connected with the node at the ith time point in response to the fact that the connection times of the current connection information acquired at the ith time point are equal to zero.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node restart determining module is specifically configured to: and determining that the node is not restarted between the ith-1 time point and the ith time point in response to the fact that the connection times of the historical accumulated connection information collected at the ith time point are not less than the connection times of the historical accumulated connection information collected at the ith-1 time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node restart determining module is specifically configured to: and determining that the node is restarted from the ith-1 time point to the ith time point in response to the fact that the connection frequency of the historical accumulated connection information collected at the ith time point is less than that of the historical accumulated connection information collected at the ith-1 time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the cleaning module is specifically configured to: determining a target node which is connected with the first account in a database cluster; acquiring the last login time of the first account in each target node, and taking the last login time with the maximum timestamp as cleaning reference time; and responding to the condition that the time length from the cleaning reference time to the current time point is longer than the preset time length, and cleaning the first account.
In an exemplary embodiment of the disclosure, based on the foregoing scheme, in response to that a duration from the cleaning reference time to a current time point is not greater than the preset duration, the first account is reserved, and the update module is further configured to: and respectively updating the last login time of the first account at each target node based on the current connection information and the historical accumulated connection information acquired at the (i + 1) th time point in each target node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node is a MySQL node; the acquisition module is specifically configured to: acquiring a performance _ schema.accounts table stored in a memory in a MySQL node once a day; determining the CURRENT connection information according to a CURRENT _ CONNECTIONS field in the performance _ schema.
According to an aspect of the present disclosure, there is provided a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the method for cleaning a database account of the first aspect.
According to an aspect of the present disclosure, there is provided an electronic device including: one or more processors; and a memory for storing one or more programs; when executed by the one or more processors, the one or more programs cause the one or more processors to implement the method for cleaning a database account of the first aspect.
According to an aspect of the present disclosure, there is provided a computer program product or computer program comprising a computer therapy, the computer instructions being stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and executes the computer instructions, so that the computer device executes the database account cleaning method provided in the above embodiments.
According to the technical scheme, the method and the device for cleaning the database account, the computer storage medium and the electronic device for implementing the method for cleaning the database account in the exemplary embodiment of the disclosure have at least the following advantages and positive effects:
in the technical scheme provided by some embodiments of the present disclosure, the connection information of the account at the current node is collected for many times, and the last login time of the account at the current node is determined by comparing the account connection information collected twice in a neighboring manner. Further, the last login time of the account in the whole cluster can be determined according to the last login time of the account in the current node, and further, the cluster can be determined to be not accessed by the account for at least a long time. Therefore, abnormal account numbers which do not visit the cluster for a long time can be effectively and safely cleaned. The account cleaning scheme provided by the scheme has no influence on information exchange between the database and the application service, and meanwhile, compared with the related technology, the technical scheme does not need to introduce middleware between the application service and the database cluster, does not have the problem that the database is inaccessible due to downtime of the middleware, and is favorable for improving the high availability of the database.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those skilled in the art without the exercise of inventive faculty. In the drawings:
fig. 1 schematically shows a structure diagram of a database architecture according to the background art of the present disclosure.
FIG. 2 schematically shows a block diagram of a database architecture according to an embodiment of the disclosure.
Fig. 3 is a system architecture diagram schematically illustrating an exemplary application environment to which the method and apparatus for cleaning database accounts according to the embodiment of the present disclosure may be applied.
Fig. 4 schematically shows a flowchart of a method for cleaning a database account according to an embodiment of the present disclosure.
Fig. 5 schematically shows a flowchart of a method for determining a last login time according to an embodiment of the present disclosure.
FIG. 6 schematically illustrates a database rights detail view displayed at the front-end interface in accordance with an embodiment of the present disclosure.
Fig. 7 schematically shows a flowchart of a first account cleaning method according to an embodiment of the present disclosure.
Fig. 8 schematically shows an architecture diagram of a cleaning device for database accounts in an exemplary embodiment of the present disclosure. And the number of the first and second groups,
fig. 9 shows a schematic structural diagram of an electronic device in an exemplary embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
The abnormal account number exists in the database, and the method comprises the following steps: permission amplification (for example, a read account is granted with a write permission), an on-line account uses a weak password account, and an authorized account is not recovered during capacity expansion of a machine room. The existence of the abnormal account number is a great safety hazard for the data security of the database.
However, if it cannot be assured that an account has not been used by a business to transact a clean up of the account, an online incident may result. However, since one account may be used in multiple scenes of one service, and one service generally has many accounts, counting whether the account is still used according to the service consumes a lot of manpower and material resources, and error cleaning is very easy to occur.
The account cleaning scheme provided by the related art is based on the database architecture shown in fig. 1, however, if the account cleaning scheme is used in a financial payment scenario (e.g., WeChat payment, etc.), and a large number of database node failures occur, extremely serious consequences are brought to businesses and companies, and therefore, the centralized database middleware architecture is not suitable for supporting a database cluster of the financial scenario. Fig. 2 shows a database architecture diagram based on the technical solution, in which a business service and each node in a database cluster can be directly connected, compared with the database architecture diagram provided in the related art. The problem that the database is inaccessible due to downtime of the middleware does not exist in the scheme, that is, the database framework in the technical scheme is a high-availability framework.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include: the system comprises a block chain bottom layer platform, a platform product service layer and an application service layer.
The block chain underlying platform can comprise processing modules such as user management, basic service, intelligent contract and operation monitoring. The user management module is responsible for identity information management of all block chain participants, and comprises public and private key generation maintenance (account management), key management, user real identity and block chain address corresponding relation maintenance (authority management) and the like, and under the authorization condition, the user management module monitors and audits the transaction condition of some real identities and provides rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node point equipment and used for verifying the validity of the service request, recording the service request after the effective request is identified in a consensus mode to the storage, for a new service request, the basic service firstly performs interface adaptation analysis and authentication processing (interface adaptation), then encrypts service information (consensus management) through a consensus algorithm, transmits the encrypted service information to a shared account in a complete and consistent mode (network communication), and records and stores the encrypted service information; the intelligent contract module is responsible for registering and issuing contracts, triggering the contracts and executing the contracts, developers can define contract logics through a certain programming language, issue the contract logics to a block chain (contract registration), call keys or trigger execution of other events according to the logic of contract terms, complete the contract logic and simultaneously provide the function of upgrading and cancelling the contracts; the operation monitoring module is mainly responsible for deployment, configuration modification, contract setting, cloud adaptation in the product release process and visual output of real-time states in product operation, such as: alarm, monitoring network conditions, monitoring node equipment health status, and the like.
The platform product service layer provides basic capability and an implementation framework of typical application, and developers can complete block chain implementation of business logic based on the basic capability and the characteristics of the superposed business. The application service layer provides the application service based on the block chain scheme for the business participants to use.
Fig. 3 is a schematic diagram illustrating a system architecture of an exemplary application environment to which the database account cleaning method and apparatus according to the embodiment of the present disclosure may be applied.
As shown in FIG. 3, system architecture 300 may include a database cluster 310, a network 304, and a server 305, where database cluster 310 in turn includes one or more of database nodes 301, 302, 303. The server 305 may be a device of a block link node in the block chain. As is exemplary. The method for cleaning the database account provided by the disclosure can be executed by any block chain node, that is, the response algorithm of the technical scheme can be stored in any node of the block chain.
In particular, network 304 serves as a medium for providing communication links between nodes 301, 302, 303 and server 305. Network 304 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few. The database nodes 301, 302, 303 may store data of different services in a distributed manner. It should be understood that the number of database nodes, networks, and servers in fig. 3 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation. For example, the server 305 may be a server cluster composed of a plurality of servers.
The method for cleaning the database account provided by the embodiment of the disclosure can be executed by any block chain node. For example, it can be implemented by the blockchain node server 305, and accordingly, the database account cleaning device is generally disposed in the server 305. However, it is easily understood by those skilled in the art that the method for cleaning the database account provided in the embodiment of the present disclosure may also be executed by other blockchain nodes, and accordingly, the cleaning device for the database account may also be disposed in the corresponding blockchain node, which is not particularly limited in this exemplary embodiment.
For example, in an exemplary embodiment, the server 305 may collect current connection information and historical accumulated connection information of the account at the database nodes 301, 302, 303 at each time point. Further, the server 305 determines whether the database nodes 301, 302, and 303 have been restarted from the i-1 th time point to the i-1 th time point according to the historical cumulative connection information acquired at the i-1 th time point and the historical cumulative connection information acquired at the i-1 th time point, where i is an integer greater than 1. In response to that the database nodes 301, 302, and 303 are restarted, the server 105 updates the last login time of the first account corresponding to the current connection information collected at the ith time point to the ith time point. Therefore, the service end 105 cleans up the first account based on the last login time of the first account in the database nodes 301, 302, 303.
Illustratively, the related algorithm of the technical scheme is stored in the block chain in a distributed manner, so that the efficiency of determining the abnormal account is improved, and the data security of the database cluster is improved.
The following first describes in detail embodiments of the database account cleaning method provided by the present disclosure:
fig. 4 schematically shows a flowchart of a method for cleaning a database account according to an embodiment of the present disclosure. Specifically, referring to fig. 4, the embodiment shown in this figure includes:
step S410, collecting current connection information and historical accumulated connection information of the account at the node at each time point;
step S420, determining whether the node is restarted from the ith-1 time point to the ith time point according to the historical accumulated connection information collected at the ith time point and the historical accumulated connection information collected at the ith-1 time point, wherein i is an integer greater than 1;
step S430, in response to the node being restarted from the ith-1 time point to the ith time point, updating the latest login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point; and the number of the first and second groups,
step S440, based on the last login time of the first account at the node, cleaning the first account.
The technical scheme provided by the embodiment shown in fig. 4 can determine how long the account has not visited the database cluster, and can effectively and safely clean up abnormal accounts that have not visited the cluster for a long time. Meanwhile, the information interaction between the database and the application service is not influenced in the account cleaning process. In addition, the problem that the database cannot be accessed due to downtime of the middleware does not exist, and the high availability of the database is improved.
In an exemplary embodiment, the technical scheme is suitable for cleaning the accounts in the MySQL database cluster. Specifically, the last logging time of an account in the cluster is determined based on the scheme, and if the last logging time exceeds a preset time (for example, 15 days) until the account is cleared, the account is used as an abnormal account and the abnormal account is cleared. For example, the account is prohibited from logging in next time, the authority of the account is checked whether to be amplified or not, and whether the account is a weak password or not is distinguished. And if the authority of the account is amplified, further performing authority adjustment. And if the account password belongs to the weak password, informing the user to perform password strengthening processing and the like. Therefore, the technical effect of guaranteeing the data security of the MySQL database is achieved by cleaning the abnormal account.
For example, fig. 5 schematically shows a flow diagram of a method for cleaning MySQL database accounts according to an embodiment of the present disclosure, and the following describes in detail specific implementation manners of each step in the embodiment shown in fig. 4 with reference to fig. 5:
as a specific implementation manner of step S410, for any node (denoted as "node j") in the MySQL data cluster, the current connection information and the historical accumulated connection information of the account at the node are collected every day (for example, two to four points in the morning) (step S510). The CURRENT connection information may be determined according to a CURRENT _ CONNECTIONS field in the performance _ schema.accounts table by obtaining the performance _ schema.accounts table (table 1) in the node j, and the historical accumulated connection information may be determined according to a TOTAL _ CONNECTIONS field in the performance _ schema.accounts table.
TABLE 1
USER HOST CURRENT_CONNECTIONS TOTAL_CONNECTIONS
Null Null 38 1072332
Fmha_a 127.0.0.1 19 136822
MySQL_u 100.87.44.2 0 123661
Wherein, each field in the above table is explained as follows: the USER: username of MySQL account. HOST: and the host IP corresponding to the MySQL account. CURRENT _ CONNECTIONS: the current connection number of the account at the node, namely how many connections the account has at the MySQL node currently during data acquisition. Since the tables in the performance _ schema library are all stored in the memory, the data of the performance _ schema library is lost once the MySQL node is restarted. Thus, TOTAL _ CONNECTIONS: the total number of connections for this account since the MySQL node initiated.
It should be noted that the embodiment of obtaining the current connection information and the historical cumulative connection information of the account at the node is not limited to obtaining from the performance _ schema.
In the technical scheme, the last login time of the account on the node j is determined through the data acquired twice in the adjacent process. It should be noted that, after data is acquired for the first time, the last logging time of the account is set as the current acquisition time. For example, data acquisition is performed on the MySQL node j for the first time at 2 points in early morning of 12 months and 10 days in 2009, and the current connection information of the account a on the node is obtained as follows: 2, and the historical accumulated connection information is: 4. the last login time of account a is set to "2 am 12 months and 10 days in 2009". Further, data acquisition is performed on the MySQL node j for the first time at 2 points in early morning of 12, 11 and 2009, and the current connection information of the account a on the node is obtained as follows: 3, and the historical accumulated connection information is: 5. the last login time of the account a can be determined based on the technical scheme, that is, the last login time of the account on the node j is determined based on the data acquired twice. The specific determination can be made with reference to the following examples:
as a specific implementation manner of step S420, it is determined whether the node has been restarted from the x point on the i-1 th day to the x day on the i-1 th day according to the historical cumulative connection information collected on the i-1 th day and the historical cumulative connection information collected on the i-1 th day, where i is an integer greater than 1 (step S520).
In view of that once the MySQL node is restarted, the data in the performance _ schema. And if the connection times of the historical accumulated connection information collected by the 2 nd-day 2 point are not less than the connection times of the historical accumulated connection information collected by the 2 nd-day 1 point, determining that the node is not restarted from the 2 nd-day 2 point to the 2 nd-day 2 point. Similarly, if the connection frequency of the historical accumulated connection information collected at the 2 nd point on the 2 nd day is less than that collected at the 2 nd point on the 1 st day, it is determined that the node has been restarted from the 2 nd point on the 1 st day to the 2 nd point on the 2 nd day. It should be noted that, if the connection record related to the account b is collected at the i-1 th time point, but there is no connection record related to the account b (that is, the number of connections is zero) at the time of collection at the i-1 th time point, that is, regarding the account b, the number of connections of the historical cumulative connection information collected at the i-th time point is less than the number of connections of the historical cumulative connection information collected at the i-1 th time point, which also indicates that the node has been restarted between the i-1 th time point and the i-th time point.
It should be noted that, a specific implementation manner of determining whether the MySQL node is restarted within a certain time period is not limited to this, and may also be implemented by other manners, and this is not limited by this scheme.
As a specific implementation manner of step S430, that is, after determining that the node is restarted, the last login time of the account currently connected to the node (referred to as "first account") is: the ith time point. For example, if the MySQL node is restarted between the 2 nd day and the 2 nd day from 1 st day, the current connection information acquired at the 2 nd day point includes an account c and an account d, which are connected after the node is restarted, so the last login time of the nodes is updated as: day 2, point 2 (step S530).
In an exemplary embodiment, if a node is restarted from the (i-1) th time point to the (i) th time point, an account set which establishes connection with the node at the (i-1) th time point is also acquired; further, the first account numbers contained in the account number set are screened out to obtain second account numbers. If the accounts are connected with the node before the node is restarted but not connected after the node is restarted, the last login time of the nodes can be updated as follows: time point i-1. For example, if the MySQL node between 2 nd day and 2 nd day is restarted, when the 2 nd day is acquired, the account x, the account y, the account c, and the account d are all connected with the node, and the current connection information acquired at the 2 nd day includes the account c and the account d, but does not include the account x and the account y. It is stated that account x and account y do not reestablish a connection with the node after the node is restarted, so the last login time of the nodes is updated as: day 1, 2 points.
The above embodiment describes the determination of the last login time of the account when the time node between the adjacent time points is restarted, and the following describes the determination of the last login time of the account when the time node between the adjacent time points is not restarted.
In an exemplary embodiment, if the node is not restarted from the i-1 th time point to the i-th time point, further, according to the current connection information acquired at the i-th time point, it is determined whether an account (denoted as "third account") corresponding to the current connection information acquired at the i-th time point establishes a connection with the node at the i-th time point (step S540). The third account number refers to an account number corresponding to CURRENT _ CONNECTIONS in the collected performance _ schema. For example, refer to table 1, where the account corresponding to CURRENT _ CONNECTIONS includes: an account with a user name Null, an account with a user name MySQL _ u, and an account with a user name Fmha _ a.
For example, whether CURRENT _ CONNECTIONS is greater than zero in the performance _ schema _ accounts table collected at the ith time point may be used as a way of determining whether the response account currently has a connection with the node. For example, referring to table 1, if table 1 is data collected at the ith time point, where the user name is an account of MySQL _ u, the number of connection times in the current connection information is 0, that is, the account with the user name of MySQL _ u does not establish connection with the MySQL node in the ith time period. And the account with the user name of Fmha _ a has the connection number of 19 in the current connection information, that is, the account with the user name of Fmha _ a establishes connection with the MySQL node in the ith time period.
In an exemplary embodiment, if the third account establishes a connection with the node at the ith time point, which indicates that the account is in a connection state with the node during data acquisition, the last login time of the third account is updated to the ith time point (step S550).
In an exemplary embodiment, if the third account does not establish a connection with the node at the ith time point, the following two cases may be distinguished:
in case (1), when the third account (e.g., account m and account n) is connected to the node between the i-1 st time point and the i-th time point, the last login time of the third account is updated as: the ith time point (step S550). For example, if the account m and the account n are connected to the node j between 2 nd day 1 and 2 nd day 2, but the account m and the account n are not connected to the node j during data acquisition on 2 nd day 2, the last login time of the account m and the account n is updated to be: day 2, 2 point.
In case (2), if the third account (e.g., account m 'and account n') is not connected to the node between the i-1 st time point and the i-th time point, the last login time of the third account is not updated, i.e., the last login time determined at the i-1 st time point is kept unchanged (step S570). For example, when the data of the account m 'and the account n' are collected from the 2 nd point on day 1 to the 2 nd point on day 2, the account m 'and the account n' are not connected with the node j, and the last login time of the account m 'and the account n' is kept as the time point determined when the data of the 2 nd point on day 1 is collected when the data of the 2 nd point on day 2 is collected.
In an exemplary embodiment, whether the third account is connected to the node between the ith-1 time point and the ith time point is determined according to the historical accumulated connection information collected at the ith time point and the historical accumulated connection information collected at the ith-1 time point (step S560).
Since it is determined in step S520 that the MySQL node is not restarted from the i-1 th time point to the i-th time point, the data in the performance _ schema. Therefore, the specific implementation of determining whether the time period of the account between the two acquisition time points is connected is as follows: for the account p, if the connection frequency of the historical accumulated connection information collected at the 2 nd point on the 2 nd day is greater than that of the historical accumulated connection information collected at the 2 nd point on the 1 st day, it is determined that the account p has connected the node between the 2 nd point on the 1 st day and the 2 nd point on the 2 nd day. Similarly, if the connection times of the historical cumulative connection information collected at the 2 nd point on the 2 nd day are equal to the connection times of the historical cumulative connection information collected at the 2 nd point on the 1 st day, it is determined that the account p has not connected the node between the 2 nd point on the 1 st day and the 2 nd point on the 2 nd day.
In connection with the embodiment shown in fig. 5, for any one node in the database cluster, the "last login time" for each account at each acquisition time can be determined.
In an exemplary embodiment, in order to facilitate a DBA (Database Administrator) to monitor an account more timely and effectively and identify an abnormal account timely, a "last login time" (last _ connect _ time) of the account may be shown in a Database permission detail diagram (600 in fig. 6) provided by a front-end interface. Therefore, abnormal accounts can be cleaned based on information such as the last login time, account authority and the like.
Referring to fig. 6, a result of the database permission collection is shown, including basic information of the MySQL node and specific permission information of the account. The basic information of the node, such as which instance the node belongs to and the ip and port number of the node, includes: instance _ id: BatchSettlement DB (MySQL instance ID), node _ IP:10.164.170.7(MySQL node IP), node _ port:3306 (access port of MySQL node), user: zft _ db _ qry (MySQL Account user name), host:100.87.57.24(MySQL Account host address), and so on. The specific permission information includes, for example, that the account _ locked permission is "N", that is, there is no account _ locked permission, and, for example, that the select _ priv permission is "Y", that is, there is a select _ priv permission. The five fields of instance _ id, node _ ip, node _ port, user and host can uniquely determine an account on a MySQL node. And the last login time of the account and the authority information of the account, such as: account _ locked, password _ expired, etc.
However, for the same account, login may have been performed on a different node. For example, at the collection time point of 10/20/2 in 2020, the "last login time" of the account p at the node a is determined as: 2 o' clock on 9/15/2020. At the collection time point of 2/10/20/2020, the "last login time" of the account p at the node b is determined as: 10/20/2 points in 2020. Therefore, the "last login time" of the account determined on each node cannot be used as the final basis for whether the account is cleared, and the "last login time" of the account in the database cluster (i.e., "clearing reference time") should be further determined on the basis of determining the "last login time" of the account determined on each node.
For example, fig. 7 schematically shows a flowchart of a method for cleaning a first account according to an embodiment of the present disclosure. Referring to fig. 7, steps S710 to S750 are included.
Step S710, determining a target node that has established connection with the first account in the database cluster.
In an exemplary embodiment, suppose the first account establishes data connections with node r, node s, and node t in the database. The target node is: node r, node s, and node t.
Step S720, the last login time of the first account in each target node is obtained, and the last login time with the maximum timestamp is used as the cleaning reference time.
In an exemplary embodiment, for the last collection time point, the "last login time" of the first account at the node r, the node s, and the node t is obtained respectively. Considering that the latest login time is the most valuable, the last login time with the largest timestamp is taken as the cleaning reference time.
Step S730, determining whether the time length from the cleaning reference time to the current time point is greater than a preset time length. In response to that the time period from the cleaning reference time to the current time point is greater than a preset time period (e.g., 15 days), in step S750: and cleaning the first account. And taking the account as an abnormal account and cleaning the abnormal account. Such as prohibiting the account from logging in next time, checking whether the account's authority is enlarged, and distinguishing whether the account is a weak password. And if the authority of the account is amplified, further performing authority adjustment. And if the account password belongs to the weak password, informing the user to perform password strengthening processing and the like. Therefore, the technical effect of guaranteeing the data security of the MySQL database is achieved by cleaning the abnormal account.
In response to that the time period from the cleaning reference time to the current time point is not greater than the preset time period (e.g., 15 days), in step S740: temporarily retaining the first account, and continuing to execute a "last login time" determination scheme shown in fig. 5 in each target node, so as to update the last login time of the first account in the target node based on the current connection information and the historical accumulated connection information acquired at the (i + 1) th time point.
Aiming at the MySQL database, the scheme for acquiring and analyzing and determining whether a large number of MySQL account numbers are still accessed based on the database authority can accurately obtain the number of days that an account number is not accessed at least from the acquisition date, and the abnormal account numbers and the waste account numbers can be safely cleaned.
Therefore, the database account cleaning scheme provided by the technical scheme can effectively and safely clean abnormal accounts which have not visited the cluster for a long time. Meanwhile, the information interaction between the database and the application service is not influenced. In addition, compared with the related art, the technical scheme does not need to introduce the middleware between the application service and the database cluster, does not have the problem that the database is inaccessible due to downtime of the middleware, and is favorable for improving the high availability of the database. The technical scheme can be executed by the block chain link points, and the related algorithm of the technical scheme can be stored in the block chain in a distributed mode. Therefore, the efficiency of determining the abnormal account number is improved, and the data security of the database cluster is improved.
Those skilled in the art will appreciate that all or part of the steps to implement the above embodiments are implemented as computer programs executed by a processor (including a CPU and a GPU). When executed by the CPU, performs the functions defined by the above-described methods provided by the present disclosure. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are merely schematic illustrations of processes involved in methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes illustrated in the above figures are not intended to indicate or limit the temporal order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Embodiments of the database account cleaning apparatus according to the present disclosure are described below, which may be used to execute the database account cleaning method according to the present disclosure.
Fig. 8 schematically shows an architecture diagram of a cleaning device for database accounts in an exemplary embodiment of the present disclosure. As shown in fig. 8, the database account cleaning apparatus 800 includes: an acquisition module 801, a node restart determination module 802, an update module 803, and a cleaning module 804. Wherein:
the above-mentioned acquisition module 801 is configured to: collecting current connection information and historical accumulated connection information of the account at the node at each time point; the node restart determining module 802 is configured to: determining whether the node is restarted between the ith-1 time point and the ith time point according to the historical accumulated connection information acquired at the ith time point and the historical accumulated connection information acquired at the ith-1 time point; the update module 803 is configured to: in response to the node being restarted from the ith-1 time point to the ith time point, updating the last login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point; and the cleaning module 804 is configured to: and cleaning the first account number based on the last login time of the first account number in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the apparatus 800 for cleaning a database account further includes: an acquisition module 805.
Wherein the obtaining module 805 is configured to: responding to the restart of the node between the ith-1 time point and the ith time point, and acquiring an account set which establishes connection with the node at the ith-1 time point; the update module 803 is further configured to: updating the last login time of a second account except the first account in the account set to the i-1 time point; and, the cleaning module 804 is further configured to: and cleaning the second account according to the last login time of the second account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the apparatus 800 for cleaning a database account further includes: the account number is connected to a first determination module 806.
The account connection first determining module 806 is configured to: in response to that the node is not restarted from the i-1 th time point to the i-th time point, determining whether a third account corresponding to the current connection information acquired at the i-th time point is connected with the node at the i-th time point according to the current connection information acquired at the i-th time point; the update module 803 is further configured to: responding to the third account to establish connection with the node at the ith time point, and updating the last login time of the third account to the ith time point; and, the cleaning module 804 is further configured to: and cleaning the third account according to the last login time of the third account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the apparatus 800 for cleaning a database account further includes: the account number is connected to a second determination module 807.
The account connection second determining module 807 is configured to: in response to that the third account is not connected with the node at the ith time point, determining whether the third account is connected with the node between the ith-1 time point and the ith time point according to historical accumulated connection information collected at the ith time point and historical accumulated connection information collected at the ith-1 time point; the update module 803 is further configured to: updating the last login time of the third account to the ith time point in response to the third account being connected with the node between the ith-1 time point and the ith time point; and, the cleaning module 804 is further configured to: and cleaning the third account according to the last login time of the third account in the node.
In an exemplary embodiment of the present disclosure, based on the foregoing solution, the update module 803 is further configured to: and in response to the third account not being connected with the node between the i-1 th time point and the i-th time point, keeping the last login time of the third account not updated.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the account connection second determining module 807 is specifically configured to: responding that the connection times of the historical accumulated connection information collected at the ith time point are greater than the connection times of the historical accumulated connection information collected at the ith-1 time point, and connecting the third account between the ith-1 time point and the ith time point; the account connection second determining module 807 is specifically configured to: and in response to that the connection times of the historical cumulative connection information collected at the ith time point are the same as the connection times of the historical cumulative connection information collected at the ith-1 time point, the third account is not connected between the ith-1 time point and the ith time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the account connection first determining module 806 is specifically configured to: and determining that the third account establishes connection with the node at the ith time point in response to that the connection times of the current connection information acquired at the ith time point are greater than zero.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the account connection first determining module 806 is specifically configured to: and determining that the third account is not connected with the node at the ith time point in response to that the connection times of the current connection information acquired at the ith time point are equal to zero.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node restart determining module 802 is specifically configured to: and determining that the node is not restarted between the ith-1 time point and the ith time point in response to the fact that the connection frequency of the historical accumulated connection information collected at the ith time point is not less than the connection frequency of the historical accumulated connection information collected at the ith-1 time point.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node restart determining module 802 is specifically configured to: and determining that the node is restarted from the ith-1 time point to the ith time point in response to the fact that the connection frequency of the historical accumulated connection information collected at the ith time point is less than the connection frequency of the historical accumulated connection information collected at the ith-1 time point.
In an exemplary embodiment of the present disclosure, based on the foregoing solution, the cleaning module 804 is specifically configured to: determining a target node which is connected with the first account in a database cluster; acquiring the last login time of the first account in each target node, and taking the last login time with the largest timestamp as cleaning reference time; and responding to the condition that the time length from the cleaning reference time to the current time point is greater than the preset time length, and cleaning the first account.
In an exemplary embodiment of the disclosure, based on the foregoing scheme, in response to that a duration from the cleaning reference time to a current time point is not greater than the preset duration, the first account is reserved, and the update module 803 is further configured to: and respectively updating the last login time of the first account at each target node based on the current connection information and the historical accumulated connection information acquired at the (i + 1) th time point in each target node.
In an exemplary embodiment of the present disclosure, based on the foregoing scheme, the node is a MySQL node; the acquisition module 801 is specifically configured to: acquiring a performance _ schema.accounts table stored in a memory in a MySQL node once a day; determining the CURRENT connection information according to a CURRENT _ CONNECTIONS field in the performance _ schema.
The specific details of each unit in the database account cleaning apparatus have been described in detail in the database account cleaning method, and therefore are not described herein again.
FIG. 9 illustrates a schematic structural diagram of a computer system suitable for use with the electronic device to implement embodiments of the present disclosure.
It should be noted that the computer system 900 of the electronic device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of the application of the embodiments of the present disclosure.
As shown in fig. 9, computer system 900 includes a processor 901 (including a Graphics Processing Unit (GPU), a Central Processing Unit (CPU)), which can perform various appropriate actions and processes according to a program stored in a Read-Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903, and in the RAM 903, various programs and data necessary for system operation.
The following components are connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output portion 907 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage portion 908 including a hard disk and the like; and a communication section 909 including a Network interface card such as a Local Area Network (LAN) card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
In particular, the processes described below with reference to the flowcharts may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program containing program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 909, and/or installed from the removable medium 911. The computer program, when executed by the processor (CPU or GPU)901, performs various functions defined in the system of the present application.
It should be noted that the computer readable medium shown in the embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing.
More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures.
For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately and not be incorporated into the electronic device. The computer readable medium carries one or more programs which, when executed by an electronic device, cause the electronic device to implement the method described in the above embodiments.
For example, the electronic device may implement the following as shown in fig. 4: step S410, collecting current connection information and historical accumulated connection information of the account at the node at each time point; step S420, determining whether the node is restarted from the ith-1 time point to the ith time point according to the historical accumulated connection information acquired at the ith time point and the historical accumulated connection information acquired at the ith-1 time point, wherein i is an integer greater than 1; step S430, in response to that the node is restarted between the ith-1 time point and the ith time point, updating the last login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point; and step S440, cleaning the first account based on the last login time of the first account at the node.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by a combination of software and necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims. It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof.

Claims (15)

1. A method for cleaning database accounts is characterized by comprising the following steps:
collecting current connection information and historical accumulated connection information of the account at the node at each time point;
determining whether the node is restarted from the ith-1 time point to the ith time point according to historical accumulated connection information acquired at the ith time point and historical accumulated connection information acquired at the ith-1 time point, wherein i is an integer greater than 1;
in response to the node being restarted from the ith-1 time point to the ith time point, updating the last login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point;
and cleaning the first account number based on the last login time of the first account number in the node.
2. The method for cleaning up the database account according to claim 1, further comprising:
responding to the fact that the node is restarted from the ith-1 time point to the ith time point, and acquiring an account set which is connected with the node at the ith-1 time point;
for a second account number in the account number set except the first account number, updating the last login time of the second account number to the i-1 time point;
and cleaning the second account according to the last login time of the second account at the node.
3. The method for cleaning up the database account according to claim 1, further comprising:
in response to that the node is not restarted from the ith-1 time point to the ith time point, determining whether a third account corresponding to the current connection information acquired at the ith time point is connected with the node at the ith time point according to the current connection information acquired at the ith time point;
responding to the third account establishing connection with the node at the ith time point, and updating the last login time of the third account to the ith time point;
and cleaning the third account based on the last login time of the third account at the node.
4. The method for cleaning up the database account according to claim 3, further comprising:
in response to that the third account is not connected with the node at the ith time point, determining whether the third account is connected with the node between the ith-1 time point and the ith time point according to historical accumulated connection information collected at the ith time point and historical accumulated connection information collected at the ith-1 time point;
in response to the third account being connected with the node between the ith-1 time point and the ith time point, updating the last login time of the third account to the ith time point;
and cleaning the third account based on the last login time of the third account at the node.
5. The method for cleaning up the database account according to claim 4, further comprising:
and in response to the third account not being connected with the node between the ith-1 time point and the ith time point, keeping the last login time of the third account not updated.
6. The method for cleaning up database accounts according to claim 4 or 5, wherein the determining whether the third account is connected to the node between the i-1 th time point and the i-1 th time point according to the historical cumulative connection information collected at the i-1 th time point and the historical cumulative connection information collected at the i-1 th time point includes:
responding that the connection times of the historical accumulated connection information collected at the ith time point are greater than the connection times of the historical accumulated connection information collected at the ith-1 time point, and connecting the third account between the ith-1 time point and the ith time point;
and responding to the fact that the connection times of the historical accumulated connection information collected at the ith time point are the same as the connection times of the historical accumulated connection information collected at the ith-1 time point, and the third account is not connected between the ith-1 time point and the ith time point.
7. The method for cleaning up database accounts according to any one of claims 3 to 5, wherein the determining, according to the current connection information acquired at the ith time point, whether a third account corresponding to the current connection information acquired at the ith time point establishes a connection with the node at the ith time point includes:
and in response to that the connection times of the current connection information acquired at the ith time point are greater than zero, determining that the third account establishes connection with the node at the ith time point.
8. The method for cleaning up database accounts according to any one of claims 3 to 5, wherein the determining, according to the current connection information acquired at the ith time point, whether a third account corresponding to the current connection information acquired at the ith time point establishes a connection with the node at the ith time point includes:
and determining that the third account is not connected with the node at the ith time point in response to that the connection times of the current connection information acquired at the ith time point are equal to zero.
9. The method for cleaning up database accounts according to any one of claims 1 to 5, wherein the determining whether the node has been restarted between the i-1 th time point and the i-1 th time point according to the historical cumulative connection information collected at the i-1 th time point and the historical cumulative connection information collected at the i-1 th time point includes:
and in response to that the connection times of the historical accumulated connection information collected at the ith time point are not less than the connection times of the historical accumulated connection information collected at the ith-1 time point, determining that the node is not restarted from the ith-1 time point to the ith time point.
10. The method for cleaning up database accounts according to any one of claims 1 to 5, wherein the determining whether the node has been restarted between the i-1 th time point and the i-1 th time point according to the historical cumulative connection information collected at the i-1 th time point and the historical cumulative connection information collected at the i-1 th time point includes:
and determining that the node is restarted between the ith-1 time point and the ith time point in response to the fact that the connection times of the historical accumulated connection information collected at the ith time point are less than the connection times of the historical accumulated connection information collected at the ith-1 time point.
11. The method for cleaning up database accounts according to any one of claims 1 to 5, wherein the cleaning up the first account based on the last login time of the first account at the node includes:
determining a target node which is connected with the first account in a database cluster;
acquiring the last login time of the first account in each target node, and taking the last login time with the maximum timestamp as cleaning reference time;
and responding to the condition that the time length from the cleaning reference time to the current time point is greater than the preset time length, and cleaning the first account.
12. The method for cleaning up the database account according to claim 11, further comprising:
and in response to the fact that the time from the cleaning reference time to the current time point is not longer than the preset time, reserving the first account, and respectively updating the last login time of the first account in each target node based on the current connection information and the historical accumulated connection information acquired at the (i + 1) th time point.
13. The method for cleaning up database accounts according to any one of claims 1 to 5, wherein the node is a MySQL node; the collecting current connection information and historical accumulated connection information of the account at the node at each time point comprises the following steps:
acquiring a performance _ schema.accounts table stored in a memory in a MySQL node once a day; determining the CURRENT connection information according to a Current _ CONNECTIONS field in the performance _ schema.
14. An apparatus for cleaning database accounts, the apparatus comprising:
an acquisition module configured to: collecting current connection information and historical accumulated connection information of the account at the node at each time point;
a determination module configured to: determining whether the node is restarted between the ith-1 time point and the ith time point according to historical accumulated connection information acquired at the ith time point and historical accumulated connection information acquired at the ith-1 time point;
an update module configured to: in response to the node being restarted from the ith-1 time point to the ith time point, updating the last login time of the first account corresponding to the current connection information acquired at the ith time point to the ith time point;
a cleaning module configured to: and cleaning the first account number based on the last login time of the first account number in the node.
15. An electronic device, characterized in that the electronic device comprises:
one or more processors;
a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method of cleaning database accounts of any one of claims 1 to 13.
CN202011356806.6A 2020-11-26 2020-11-26 Database account cleaning method and device and electronic equipment Active CN112434020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011356806.6A CN112434020B (en) 2020-11-26 2020-11-26 Database account cleaning method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011356806.6A CN112434020B (en) 2020-11-26 2020-11-26 Database account cleaning method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN112434020A true CN112434020A (en) 2021-03-02
CN112434020B CN112434020B (en) 2021-09-24

Family

ID=74699265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011356806.6A Active CN112434020B (en) 2020-11-26 2020-11-26 Database account cleaning method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN112434020B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010037299A1 (en) * 1996-12-31 2001-11-01 Nichols Henry R. Check writing point of sale system
CN102577525A (en) * 2009-09-30 2012-07-11 苹果公司 Methods and apparatus for solicited activation for protected wireless networking
CN105975359A (en) * 2015-08-04 2016-09-28 乐视致新电子科技(天津)有限公司 Method and device for data cleaning of server and server
CN106302327A (en) * 2015-05-20 2017-01-04 阿里巴巴集团控股有限公司 The detection method of hacker's account and device
CN106357644A (en) * 2016-09-21 2017-01-25 江苏通付盾科技有限公司 Method, system and server for authenticating identities on basis of block chain networks
CN108492183A (en) * 2018-03-29 2018-09-04 深圳前海微众银行股份有限公司 Account trading method, system and the computer readable storage medium of block chain
CN108596767A (en) * 2018-05-09 2018-09-28 中国工商银行股份有限公司 Block chain data purge method and device
CN108712395A (en) * 2018-04-27 2018-10-26 腾讯科技(深圳)有限公司 Account management method, device, server based on block chain and storage medium
CN109146583A (en) * 2018-07-24 2019-01-04 腾讯科技(深圳)有限公司 bill processing method and device, storage medium and electronic device
CN110519236A (en) * 2019-08-07 2019-11-29 武汉金百瑞科技股份有限公司 A kind of method of safe account and permission control under website cluster

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010037299A1 (en) * 1996-12-31 2001-11-01 Nichols Henry R. Check writing point of sale system
CN102577525A (en) * 2009-09-30 2012-07-11 苹果公司 Methods and apparatus for solicited activation for protected wireless networking
CN106302327A (en) * 2015-05-20 2017-01-04 阿里巴巴集团控股有限公司 The detection method of hacker's account and device
CN105975359A (en) * 2015-08-04 2016-09-28 乐视致新电子科技(天津)有限公司 Method and device for data cleaning of server and server
CN106357644A (en) * 2016-09-21 2017-01-25 江苏通付盾科技有限公司 Method, system and server for authenticating identities on basis of block chain networks
CN108492183A (en) * 2018-03-29 2018-09-04 深圳前海微众银行股份有限公司 Account trading method, system and the computer readable storage medium of block chain
CN108712395A (en) * 2018-04-27 2018-10-26 腾讯科技(深圳)有限公司 Account management method, device, server based on block chain and storage medium
CN108596767A (en) * 2018-05-09 2018-09-28 中国工商银行股份有限公司 Block chain data purge method and device
CN109146583A (en) * 2018-07-24 2019-01-04 腾讯科技(深圳)有限公司 bill processing method and device, storage medium and electronic device
CN110519236A (en) * 2019-08-07 2019-11-29 武汉金百瑞科技股份有限公司 A kind of method of safe account and permission control under website cluster

Also Published As

Publication number Publication date
CN112434020B (en) 2021-09-24

Similar Documents

Publication Publication Date Title
EP4024812B1 (en) Smart contract-based data processing method, and device and storage medium
CN112650762B (en) Data quality monitoring method and device, electronic equipment and storage medium
CN111291060B (en) Method, device and computer readable medium for managing blockchain nodes
CN112102111A (en) Intelligent processing system for power plant data
CN111898148A (en) Information supervision method and device based on block chain
CN111598574A (en) Intelligent service transaction oriented supervision method and supervision interface
CN105868914A (en) Cloud management system and management method of automobile electronic health archive
EA007089B1 (en) System and method for the transmission, storage and retrieval of authenticated documents
US20060095958A1 (en) Distributed data consolidation network
KR20090097176A (en) Strategies for investigating and mitigating vulnerabilities caused by the acquisition of credentials
CN110704531A (en) Block chain-based electricity consumption client credit management method and system
CN114398669A (en) Joint credit scoring method and device based on privacy protection calculation and cross-organization
CN112291305A (en) Code chain construction method and device based on unified identification
Islam et al. Distributed ledger technology based integrated healthcare solution for Bangladesh
CN110189440A (en) A kind of smart lock monitoring equipment and its method based on block chain
CN115168828A (en) Account security login method and device and electronic equipment
CN111599422B (en) Electronic medical record evidence obtaining method based on block chain technology
CN112434020B (en) Database account cleaning method and device and electronic equipment
CN113159936A (en) Block chain-based personal credit investigation method and device
CN113011960A (en) Block chain-based data access method, device, medium and electronic equipment
Sultanov et al. Development of a centralized system for data storage and processing on operation modes and reliability indicators of power equipment
JP2021086604A (en) Method and apparatus for processing service of abnormal server
CN114372293A (en) Block chain based data approval method, device, equipment and storage medium
Tse et al. Risks facing smart city information security in Hangzhou
CN115134378A (en) Block chain intelligent medical system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40041050

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant