CN112615879A - Network request processing method and device - Google Patents

Network request processing method and device Download PDF

Info

Publication number
CN112615879A
CN112615879A CN202011569110.1A CN202011569110A CN112615879A CN 112615879 A CN112615879 A CN 112615879A CN 202011569110 A CN202011569110 A CN 202011569110A CN 112615879 A CN112615879 A CN 112615879A
Authority
CN
China
Prior art keywords
request
information
verification
request information
uniqueness
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011569110.1A
Other languages
Chinese (zh)
Inventor
李俸希
王熹佳
程呈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202011569110.1A priority Critical patent/CN112615879A/en
Publication of CN112615879A publication Critical patent/CN112615879A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the application discloses a method and a device for processing a network request. When the validity check is passed, the uniqueness and validity of the request information are judged, and the server can respond to the network request under the condition that the request information has the uniqueness and validity. That is, in the embodiment of the present application, under the condition of performing front/back end verification on a network request, dual authentication of uniqueness and timeliness is performed on sensitive data in the request, so that network security risks are effectively prevented and controlled.

Description

Network request processing method and device
Technical Field
The present application relates to the field of security technologies, and in particular, to a method and an apparatus for processing a network request.
Background
With the rapid development of internet technology, the security of Web applications plays an increasingly important role in many fields, such as finance, medical treatment, national defense, and the like. At present, common security risks mainly include vulnerability injection, invalid identity authentication and session management, invalid access control and the like, and the risks can cause an attacker to perform some illegal operations, such as obtaining user data, modifying the user data and the like.
For different network risks, the current common security protection technology includes using a secure Application Programming Interface (API) or white list to avoid injecting vulnerabilities; a single authentication and session management is used to protect against failed authentication and session management. However, the current security technologies cannot satisfy diversified attack means.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for processing a network request, so as to achieve more reasonable and effective processing of the network request.
In order to solve the above problem, the technical solution provided by the embodiment of the present application is as follows:
in a first aspect of an embodiment of the present application, a method for processing a network request is provided, where the method includes:
acquiring a network request, wherein the network request comprises request information;
carrying out validity check on the request information according to a unified check rule;
when the verification is passed, judging whether the request information has uniqueness and timeliness;
and responding to the network request when the request information has uniqueness and validity.
In a specific embodiment, the determining whether the requested information has uniqueness and timeliness when the check is passed includes:
judging whether the request information has a silent buffer period or not;
when the request information does not have a silent buffer period, determining that the request information has timeliness;
extracting functional information to be authenticated from the request information;
acquiring state information corresponding to the functional information to be identified from the local;
and when the state information is valid, determining that the request information has uniqueness.
In a specific embodiment, before determining that the request information has uniqueness when the status information is valid, the method further includes:
judging whether a function label corresponding to the function information to be identified is consistent with a locally stored function label, wherein the function label is used for expressing the purpose of the network request;
and when the function label corresponding to the function information to be identified is consistent with the locally stored function label, determining that the request information has uniqueness.
In a specific implementation manner, the performing validity check on the request information according to a check rule includes:
performing front-end verification on the request information according to the unified verification rule;
and performing back-end verification on the request information according to the unified verification rule.
In a specific embodiment, the check rule at least includes must input check, regular check, encryption and decryption configuration, chinese and english configuration, length configuration and character set conversion.
In a specific embodiment, the method further comprises:
and when the request information is not verified to be passed, and has no uniqueness or no timeliness, increasing the request times, and storing the information of the requesting party and the information of the requested party.
In a specific embodiment, the method further comprises:
determining whether the number of times of requests corresponding to the requester is greater than a preset threshold;
and when the request times corresponding to the requester are greater than a preset threshold value, rejecting the requester to initiate the network request within a preset time.
In a second aspect of the embodiments of the present application, there is provided an apparatus for processing a network request, the apparatus including:
an obtaining unit, configured to obtain a network request, where the network request includes request information;
the verification unit is used for verifying the legality of the request information according to the same verification rule;
the judging unit is used for judging whether the request information has uniqueness and timeliness when the verification is passed;
and the response unit is used for responding to the network request when the request information has uniqueness and validity.
In a specific embodiment, the determining unit is specifically configured to determine whether a silent buffer period exists in the request message; when the request information does not have a silent buffer period, determining that the request information has timeliness; extracting functional information to be authenticated from the request information; acquiring state information corresponding to the functional information to be identified from the local; and when the state information is valid, determining that the request information has uniqueness.
In a specific embodiment, when the status information is valid, the determining unit is further configured to determine whether a function tag corresponding to the function information to be authenticated is consistent with a locally stored function tag, where the function tag is used to indicate a purpose of the network request; and when the function label corresponding to the function information to be identified is consistent with the locally stored function label, determining that the request information has uniqueness.
In a specific embodiment, the verification unit is specifically configured to perform front-end verification on the request information according to the unified verification rule; and performing back-end verification on the request information according to the unified verification rule.
In a specific embodiment, the check rule at least includes must input check, regular check, encryption and decryption configuration, chinese and english configuration, length configuration and character set conversion.
In a specific embodiment, the apparatus further comprises:
and the processing unit is used for increasing the number of times of requests and storing the information of the requesting party and the information of the requested party when the request information is not verified to pass, and has no uniqueness or time effectiveness.
In a specific embodiment, the determining unit is further configured to determine whether a number of requests corresponding to the requester is greater than a preset threshold;
and the processing unit is used for refusing the requester to initiate the network request within a preset time when the request times corresponding to the requester are greater than a preset threshold value.
In a third aspect of embodiments of the present application, an apparatus for processing a network request is provided, including: a processor, a memory;
the memory for storing computer readable instructions or a computer program;
the processor is configured to read the computer readable instructions or the computer program to enable the apparatus to implement the method for processing a network request according to the first aspect.
In a fourth aspect of embodiments of the present application, there is provided a computer-readable storage medium including instructions or a computer program, which when run on a computer, cause the computer to perform the method for processing a network request according to the first aspect.
Therefore, the embodiment of the application has the following beneficial effects:
the method includes the steps of firstly obtaining a network request, and carrying out validity check on request information in the network request, wherein the validity check comprises front end check and back end check. When the validity check is passed, the uniqueness and validity of the request information are judged, and the server can respond to the network request under the condition that the request information has the uniqueness and validity. That is, in the embodiment of the present application, under the condition of performing front/back end verification on a network request, dual authentication of uniqueness and timeliness is performed on sensitive data in the request, so that network security risks are effectively prevented and controlled.
Drawings
Fig. 1 is a schematic view illustrating an application security risk according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a method for processing a network request according to an embodiment of the present application;
FIG. 3a is a schematic diagram of a unified configuration according to an embodiment of the present application;
FIG. 3b is a schematic diagram of a front/back end verification provided by an embodiment of the present application;
fig. 4 is a block diagram of a network request processing framework according to an embodiment of the present application;
fig. 5 is a block diagram of a device for processing a network request according to an embodiment of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanying the drawings are described in detail below.
In order to facilitate understanding of technical solutions provided by the embodiments of the present application, technical terms related to the present application will be described below.
Front-end verification, which is only data verification, that is, data validity verification, such as: character string length, mailbox format, mobile phone number and the like, password strength detection, and reminding a user of some wrong formats. The front-end verification is to enhance the user experience, that is, to reduce the error rate as much as possible and to improve the success rate of one-time submission. Front-end verification facilitates user correction (fast feedback), reduces server stress, saves traffic (reduces meaningless requests), and is primarily user-friendly. For example, the mobile phone number, the mailbox number are illegal, or the password intensity is too weak, the password can be returned at the front end without waiting for the back end to check, the user is directly reminded of the illegal, the user can know and change the password in time, unnecessary submission is avoided, and the server is waited to return error information.
Under normal conditions, front-end verification is necessary, and if front-end verification is skipped, data security is hidden. The back-end verification is indispensable, data can be further verified, the front-end verified objects also need to be verified at the back end (such as login user name and password), some objects can be verified at the front end and do not need to be submitted to the back end, the pressure of the server is increased, and under normal conditions, the front-end verified objects are preferably verified at the back end once.
And back-end verification, including uniqueness verification, verification codes and sensitive words, is required to be performed with high error probability. The back-end check can prevent the interface from being privately called to cause damage to the database structure; the situation that someone simulates the behavior of the browser to directly send a request to the server is avoided. And the front page generates a verification code number and submits the number to the background to request a verification code picture. And generating the picture verification code by the background, taking the text content of the verification code as a value, and storing the serial number of the verification code as a key in the redis. And the background returns the verification code picture as a response to the front end, and the verification code number in the step 1 and the verification code content input by the user are taken when the front end applies for sending the short message verification code. And the background takes out the verification code content corresponding to the verification code number and compares the verification code content with the verification code content transmitted from the front end. If the verification codes are the same, the verification codes are sent to the appointed mobile phones, and if the verification codes are not the same, the verification code errors are returned.
The application security risks of the current scenario mainly include security risks such as injection vulnerabilities, failed identity authentication and session management, sensitive information leakage, failed access control and the like. At present, for injecting vulnerabilities, the protection technology adopted is to use a secure API, use an interpreter or an API providing a parameterized interface to avoid injecting vulnerabilities, or use a "white list" manner for security protection. But using a parameterized interface to avoid injecting vulnerabilities is difficult to implement for business-complex projects. For failed identity authentication and session management, a single authentication and session management control system is used, however, in the micro-service architecture, the single authentication and session management cannot satisfy all services. For failed access control, the primary uses user or session based indirect object referencing, automated validation, etc. Although the protection mode can well discriminate whether the accessed device is effective, the security within the access validity period is not controlled.
And (4) vulnerability injection, which is caused by the fact that character filtering is not strict, and related data such as account numbers and passwords of administrators can be obtained.
Failed authentication and session management refers to the ability of an attacker to decipher passwords, keys, or session tokens, or exploit other developmental flaws to temporarily or permanently impersonate the identity of other users by misusing the authentication and session management functions of the application.
Failed access controls, and improper access controls to authenticated users, can be exploited by attackers to access unauthorized functions or data. The technical impact is that an attacker can impersonate a user, administrator, or privileged user, create, access, update, or delete any records.
In practical application, an attacker finds out a security weakness in an application program through an attack vector, and attacks corresponding service functions by bypassing security control. As shown in fig. 1, for attack 1 and attack 2, subsequent technologies and traffic are not affected due to security-controlled interception. For attack 3, the security control is bypassed, so that the attack has an impact on both technology and traffic.
Based on this, the embodiment of the present application provides a method for processing a network request, where for any network request, validity verification is performed on request information in the network request, including front-end verification and back-end verification. And after the verification is passed, the uniqueness and the effectiveness of the request information are determined so as to avoid invalid identity authentication and invalid access, ensure that one request information only requests one network access, and improve the safety of the web application.
In order to facilitate understanding of the technical solutions provided by the embodiments of the present application, specific implementations of the solutions will be described below with reference to the accompanying drawings.
Referring to fig. 2, the figure is a flowchart of a method for processing a network request according to an embodiment of the present application, and as shown in fig. 2, the method includes:
s201: and acquiring a network request, wherein the network request comprises request information.
In this embodiment, when a user accesses a certain web page through a client, the client generates a network request according to information input by the user, where the network request includes request information. The content included in the request information is related to the type of the network request, for example, when the network request is a user registration request, the request information may include a user name, a password, a mailbox address, a mobile phone number, a bank card account, and the like. When the network request is a login request, the request information may include a user name, a password, an authentication code, and the like.
S202: and carrying out validity check on the request information according to the unified check rule.
And after the client acquires the request information, carrying out validity check on the request information according to the unified check rule so as to check whether the information input by the user in the request information meets the check rule. Specifically, the request information is subjected to front-end verification and back-end verification according to a verification rule.
It should be noted that, in practical application, the front-end and back-end verification rules are separately developed, and the front-end verification rule and the back-end verification rule are not consistent, so that a vulnerability is easily left for an attacker, and the attacker can bypass the front-end verification to initiate an attack. Therefore, when the front-end verification and the back-end verification are performed, the unified verification rule is generated by using the same configuration file, and vulnerability injection is effectively avoided. Moreover, by configuring the unified check rule, redundant codes can be reduced, and the later maintenance efficiency is improved. Such as the configuration diagram of the unified checking rule shown in fig. 3 a.
The front-end check and the back-end check can both comprise necessary input check, regular check, encryption and decryption configuration, Chinese and English configuration, length configuration, character set conversion and the like. Namely unified front/back end check and richened check indexes, such as automatic configuration encryption and decryption and character set conversion. The regular check is used to check whether the user name or password input by the user meets a preset rule, for example, the password format should include upper/lower case letters and numbers, and 8 bits or more. The encryption and decryption configuration means that the front end encrypts user information input by a user when transmitting the user information, and the back end decrypts and verifies the user information after receiving the user information. The Chinese-English configuration means that a user must input Chinese when configuring Chinese, and must input English when configuring English. The length configuration means that the information input by the user needs to conform to a preset length. The character set conversion refers to half angle/full angle conversion. Such as the front/back end check diagram shown in fig. 3b, the term check and the regular check must be performed.
S203: when the check is passed, judging whether the request information has uniqueness and validity, if so, executing S204; if not, S205 is performed.
And when the front-end check and the back-end check both pass, judging whether the request information has uniqueness and validity. For example, it is determined whether the authentication code in the request message is uniquely owned by the user and whether the authentication code is within a validity period.
When the verification fails, the request times can be added by 1, so that the times of the user initiating the network request in a period of time can be counted.
Specifically, the determining whether the request information has uniqueness and validity includes:
1) and judging whether the request message has a silent buffer period or not.
In order to prevent an attacker from initiating a request through an abnormal way, such as a tool fake request like postman, and skipping front-end control, multiple requests, such as financing requests, need to check and archive information such as financing basis, financing information, contracts and the like of responses, and the next request can be made after the request is finished. In this embodiment, a silent buffer period may be set for the same type of request, and the silent buffer period is started after the first request arrives. Requests of the same type sent in the silent buffer period are consistently determined as invalid requests. Therefore, after the request information is acquired, whether the request information has a silent buffering period is determined, that is, whether the silent buffering period corresponding to the request information is started is determined.
2) And when the request information does not have the silent buffer period, determining that the request information is time-efficient.
If the network request does not exist, the network request corresponding to the request information is shown as a first request, and the timeliness of the request information is determined. If the network request corresponding to the request information exists, the network request corresponding to the request information is determined to be an invalid request, which indicates that the network request corresponding to the request information is not the first request.
Further, when it is determined that the network request corresponding to the request information is an invalid request, the number of requests may be increased by 1, so that the number of times that the user initiates the network request in a period of time may be counted.
3) Function information to be authenticated is extracted from the request information.
When a user accesses a page through a client, the client can acquire a corresponding user identifier and information of a function to be identified through input operation of the user, and sends the user identifier and the information of the function to be identified to a back-end server through request information. The user identifier is used for uniquely representing a user accessing the page, such as a user name, a mobile phone number, an identity card number and the like. The information of the function to be authenticated represents other information besides the user name and the password required when the user accesses the web page, such as auxiliary information like a picture verification code, a short message verification code, a human face, etc.
4) And acquiring the state information corresponding to the function information to be identified from the local.
After acquiring the user identifier, the back-end server searches the function information corresponding to the user identifier and the state information corresponding to the function information from the local according to the user identifier. That is, the back-end server may store, in the local storage, the function information corresponding to each user and the state information corresponding to the function information, so that when the user accesses the page through the client, the function information to be authenticated input by the user may be authenticated according to the stored function information and the state corresponding to the function information.
5) And when the state information is valid, determining that the request information has uniqueness.
When the back-end server determines that the status message corresponding to the function message to be authenticated in the request message is valid, the back-end server indicates that the function message to be authenticated is not used, that is, the situation that the function message to be authenticated is not used by others exists, and then the request message is determined to have uniqueness. If the status information is invalid, indicating that the function information to be authenticated has been used, determining that the request information has no uniqueness. That is, in the actual authentication, after the server authenticates the function information to be authenticated for the first time, the state information corresponding to the function information to be authenticated is updated from valid to invalid to indicate that the function information to be authenticated is used.
Specifically, in order to further ensure the uniqueness of the function information, under the condition that the function information to be identified is determined to be consistent with the function information, whether the function label of the function information to be identified is consistent with the function label of the function information can be judged; and when the function label corresponding to the function information to be identified is consistent with the function label corresponding to the function information, determining that the request information has uniqueness. Wherein the function tag is used to indicate the request purpose of the network request. For example, if the network request is a request for logging in a web page, the function tag corresponding to the function information to be identified is a log-in; if the network request is a request for registering a web page, the function identifier corresponding to the function information to be identified is registration. By judging the function label, one piece of function information to be identified is prevented from being used for multiple operations. For example, the authentication code assigned by the back-end server to the user during registration is prevented from being used for the authentication code required to be input during login.
Further, when it is determined that the state information corresponding to the request information is wireless, 1 may be added to the number of requests, so that the number of times that the user initiates the network request in a period of time may be counted.
S204: responding to the network request.
When the request message has uniqueness and timeliness, which indicates that the network request corresponding to the request message is a legal request, the server can respond to the network request.
S205: and storing the information of the requesting party and the information of the requested party.
In this embodiment, when the requested information is not verified, does not have uniqueness, or does not have timeliness, the number of requests may be increased, and the information of the requesting party and the information of the requested party may be stored, so that the number of times of requests that the user initiates an illegal request may be counted. The information of the requesting party comprises one or more of an IP address, an operation log and user identity information of the requesting party, and the information of the requested party comprises a website address.
In a specific implementation manner, after the back-end server receives a network request, it may be determined that the same request mode corresponds to the number of request times for the network request, and when the number of illegal request times reaches a preset threshold, the client may enter a request sleep state to reject the requester to initiate the network request again within a preset time period, so that the requester initiates the same request differently within a period of time, or requests a resource of the box, thereby implementing access control of the request.
For ease of understanding, reference is made to a network request processing framework diagram shown in fig. 4, in which a conventional processing flow is compared with a processing flow provided by an embodiment of the present application. As can be seen from fig. 4, in the network request processing process provided in the embodiment of the present application, the front-end verification and the back-end verification are unified, and after both the front-end verification and the back-end verification pass, the request information is doubly identified (uniqueness and timeliness). And after the double authentication is passed, responding to the network request and carrying out IP address verification. After the IP address check passes, the system resource can be accessed.
The network request processing provided by the embodiment of the application has the following advantages:
1) and (3) preventing injection of a leak: the existing mechanism for preventing vulnerability injection uses a parameterized interface for vulnerability injection protection, which is unrealistic for projects with complex business, and the white list mode brings the risk of insufficient white list. According to the embodiment of the application, the data verification rules are uniformly configured, the requests which are not legal are intercepted, and the requests are uniformly intercepted aiming at the data which are not legal, so that the problem of injection loopholes is well solved.
2) Perfect identity authentication: at present, a single set of authentication and session management is used for invalid identity authentication and session management, and in a micro-service architecture, one set of management may not be satisfied for all services. The invention provides that the current user id and the required operation are stored as session attributes, and the condition that the same identifying code requires more requests or more requests is avoided under the condition of time effectiveness guarantee, so that the condition of identifying code multiplexing is avoided, and the safety requirement that one identifying code can only do one thing is realized. Through the silent buffer period, the timeliness and the safety of the request are realized.
Based on the above method embodiment, the present application embodiment further provides a device for processing a network request, which will be described below with reference to the accompanying drawings.
Referring to fig. 5, which is a block diagram of a device for processing a network request according to an embodiment of the present application, the device may include:
an obtaining unit 501, configured to obtain a network request, where the network request includes request information;
a verification unit 502, configured to perform validity verification on the request information according to a unified verification rule;
a determining unit 503, configured to determine whether the request information has uniqueness and timeliness when the check passes;
a response unit 504, configured to respond to the network request when the request information has uniqueness and validity.
In a specific embodiment, the determining unit is specifically configured to determine whether a silent buffer period exists in the request message; when the request information does not have a silent buffer period, determining that the request information has timeliness; extracting functional information to be authenticated from the request information; acquiring state information corresponding to the functional information to be identified from the local; and when the state information is valid, determining that the request information has uniqueness.
In a specific embodiment, when the status information is valid, the determining unit is further configured to determine whether a function tag corresponding to the function information to be authenticated is consistent with a locally stored function tag, where the function tag is used to indicate a purpose of the network request; and when the function label corresponding to the function information to be identified is consistent with the locally stored function label, determining that the request information has uniqueness.
In a specific embodiment, the verification unit is specifically configured to perform front-end verification on the request information according to the unified verification rule; and performing back-end verification on the request information according to the unified verification rule.
In a specific embodiment, the check rule at least includes must input check, regular check, encryption and decryption configuration, chinese and english configuration, length configuration and character set conversion.
In a specific embodiment, the apparatus further comprises:
and the processing unit is used for increasing the number of times of requests and storing the information of the requesting party and the information of the requested party when the request information is not verified to pass, and has no uniqueness or time effectiveness.
In a specific embodiment, the determining unit is further configured to determine whether a number of requests corresponding to the requester is greater than a preset threshold;
and the processing unit is used for refusing the requester to initiate the network request within a preset time when the request times corresponding to the requester are greater than a preset threshold value.
It should be noted that, implementation of each unit in this embodiment may refer to the above method embodiment, and this embodiment is not described herein again.
In addition, an embodiment of the present application further provides an apparatus, including: a processor, a memory;
the memory for storing computer readable instructions or a computer program;
the processor is configured to read the computer readable instructions or the computer program to enable the device to implement the network request processing method.
Embodiments of the present application provide a computer-readable storage medium, which includes instructions or a computer program, when the computer-readable storage medium runs on a computer, so that the computer executes the above-mentioned processing method for network requests.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the system or the device disclosed by the embodiment, the description is simple because the system or the device corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for processing a network request, the method comprising:
acquiring a network request, wherein the network request comprises request information;
carrying out validity check on the request information according to a unified check rule;
when the verification is passed, judging whether the request information has uniqueness and timeliness;
and responding to the network request when the request information has uniqueness and validity.
2. The method of claim 1, wherein said determining whether said requested information is unique and time-efficient when said checking is passed comprises:
judging whether the request information has a silent buffer period or not;
when the request information does not have a silent buffer period, determining that the request information has timeliness;
extracting functional information to be authenticated from the request information;
acquiring state information corresponding to the functional information to be identified from the local;
and when the state information is valid, determining that the request information has uniqueness.
3. The method of claim 2, wherein before determining that the request information is unique when the status information is valid, the method further comprises:
judging whether a function label corresponding to the function information to be identified is consistent with a locally stored function label, wherein the function label is used for expressing the purpose of the network request;
and when the function label corresponding to the function information to be identified is consistent with the locally stored function label, determining that the request information has uniqueness.
4. The method according to any one of claims 1-3, wherein said checking the validity of the requested information according to the checking rule comprises:
performing front-end verification on the request information according to the unified verification rule;
and performing back-end verification on the request information according to the unified verification rule.
5. The method of claim 4, wherein the verification rules include at least one of a must-lose verification, a regular verification, an encryption/decryption configuration, a Chinese/English configuration, a length configuration, and a character set conversion.
6. The method according to any one of claims 1-5, further comprising:
and when the request information is not verified to be passed, and has no uniqueness or no timeliness, increasing the request times, and storing the information of the requesting party and the information of the requested party.
7. The method of claim 6, further comprising:
determining whether the number of times of requests corresponding to the requester is greater than a preset threshold;
and when the request times corresponding to the requester are greater than a preset threshold value, rejecting the requester to initiate the network request within a preset time.
8. An apparatus for processing network requests, the apparatus comprising:
an obtaining unit, configured to obtain a network request, where the network request includes request information;
the verification unit is used for verifying the legality of the request information according to the same verification rule;
the judging unit is used for judging whether the request information has uniqueness and timeliness when the verification is passed;
and the response unit is used for responding to the network request when the request information has uniqueness and validity.
9. An apparatus, comprising: a processor, a memory;
the memory for storing computer readable instructions or a computer program;
the processor, configured to read the computer readable instructions or the computer program to enable the device to implement the method for processing the network request according to any one of claims 1 to 7.
10. A computer-readable storage medium comprising instructions or a computer program which, when run on a computer, cause the computer to perform the method of processing a network request of any one of claims 1 to 7 above.
CN202011569110.1A 2020-12-26 2020-12-26 Network request processing method and device Pending CN112615879A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011569110.1A CN112615879A (en) 2020-12-26 2020-12-26 Network request processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011569110.1A CN112615879A (en) 2020-12-26 2020-12-26 Network request processing method and device

Publications (1)

Publication Number Publication Date
CN112615879A true CN112615879A (en) 2021-04-06

Family

ID=75248145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011569110.1A Pending CN112615879A (en) 2020-12-26 2020-12-26 Network request processing method and device

Country Status (1)

Country Link
CN (1) CN112615879A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1510899A (en) * 2002-12-23 2004-07-07 郝敏燕 Mobile communication platform based on dynamic random mobile telephone pin identifying system
CN101788950A (en) * 2010-01-27 2010-07-28 浪潮(山东)电子信息有限公司 Data item calibration method based on JSP page
CN102799690A (en) * 2012-08-13 2012-11-28 南京莱斯信息技术股份有限公司 Method for verifying page input by using database technology
US20150220912A1 (en) * 2002-09-09 2015-08-06 U.S. Encode Corporation Systems and methods for enrolling a token in an online authentication program
CN105786861A (en) * 2014-12-23 2016-07-20 深圳市腾讯计算机***有限公司 Information prompting method, server, mobile terminal and system
CN107864118A (en) * 2017-08-14 2018-03-30 上海壹账通金融科技有限公司 Login validation method, system and computer-readable recording medium
US20180295137A1 (en) * 2017-04-06 2018-10-11 Iconix, Inc. Techniques for dynamic authentication in connection within applications and sessions

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150220912A1 (en) * 2002-09-09 2015-08-06 U.S. Encode Corporation Systems and methods for enrolling a token in an online authentication program
CN1510899A (en) * 2002-12-23 2004-07-07 郝敏燕 Mobile communication platform based on dynamic random mobile telephone pin identifying system
CN101788950A (en) * 2010-01-27 2010-07-28 浪潮(山东)电子信息有限公司 Data item calibration method based on JSP page
CN102799690A (en) * 2012-08-13 2012-11-28 南京莱斯信息技术股份有限公司 Method for verifying page input by using database technology
CN105786861A (en) * 2014-12-23 2016-07-20 深圳市腾讯计算机***有限公司 Information prompting method, server, mobile terminal and system
US20180295137A1 (en) * 2017-04-06 2018-10-11 Iconix, Inc. Techniques for dynamic authentication in connection within applications and sessions
CN107864118A (en) * 2017-08-14 2018-03-30 上海壹账通金融科技有限公司 Login validation method, system and computer-readable recording medium

Similar Documents

Publication Publication Date Title
US10425405B2 (en) Secure authentication systems and methods
US10567385B2 (en) System and method for provisioning a security token
Bojinov et al. Kamouflage: Loss-resistant password management
US9246897B2 (en) Method and system of login authentication
US8813181B2 (en) Electronic verification systems
US20120254935A1 (en) Authentication collaboration system and authentication collaboration method
CN102685110B (en) Universal method and system for user registration authentication based on fingerprint characteristics
CN101495956A (en) Extended one-time password method and apparatus
US9660981B2 (en) Strong authentication method
US20210399897A1 (en) Protection of online applications and webpages using a blockchain
US20110022841A1 (en) Authentication systems and methods using a packet telephony device
Manjula et al. Pre-authorization and post-authorization techniques for detecting and preventing the session hijacking
Li et al. Authenticator rebinding attack of the UAF protocol on mobile devices
Genç et al. A critical security analysis of the password-based authentication honeywords system under code-corruption attack
CN112615879A (en) Network request processing method and device
EP4078373A1 (en) System and method for protection against malicious program code injection
CA2904646A1 (en) Secure authentication using dynamic passcode
Gautam Enhancing security and usability in password-based web systems through standardized authentication interactions
Aljoaey et al. ISeCure
Mogensen et al. User-centric security analysis of MitID: the Danish passwordless digital identity solution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210406