CN113343312B - Page tamper-proof method and system based on front-end embedded point technology - Google Patents

Page tamper-proof method and system based on front-end embedded point technology Download PDF

Info

Publication number
CN113343312B
CN113343312B CN202110708380.4A CN202110708380A CN113343312B CN 113343312 B CN113343312 B CN 113343312B CN 202110708380 A CN202110708380 A CN 202110708380A CN 113343312 B CN113343312 B CN 113343312B
Authority
CN
China
Prior art keywords
file
target file
target
hash values
tamper
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110708380.4A
Other languages
Chinese (zh)
Other versions
CN113343312A (en
Inventor
周通
张曙晟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
ICBC Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC, ICBC Technology Co Ltd filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110708380.4A priority Critical patent/CN113343312B/en
Publication of CN113343312A publication Critical patent/CN113343312A/en
Application granted granted Critical
Publication of CN113343312B publication Critical patent/CN113343312B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/178Techniques for file synchronisation in file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a page tamper-proof method based on a front-end embedded point technology, which can be applied to the technical field of information security. The method comprises the following steps: acquiring first target file information; performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to a tamper-proof server; acquiring second target file information through the front-end embedded point; performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server; tamper identification is carried out on the first target file according to the m first hash values and the m second hash values; and if the first target file is tampered, recovering the first target file according to the file name and the file path of the first target file. The present disclosure also provides a front-end embedded point technology based page tamper resistant system, apparatus, storage medium, and program product.

Description

Page tamper-proof method and system based on front-end embedded point technology
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a method, system, device, medium, and program product for tamper-proofing a page based on a front-end embedded point technology.
Background
With the development of the internet, the performance requirements on websites are higher and higher. Page statics techniques are often used to improve access efficiency to optimize web site performance. Page staticization refers to changing a dynamically generated JSP (Java SERVER PAGES, JSP) page into a static HTML (Hyper Text Markup Language, HTML) page for direct access by a user.
In one example, user access to resources is pre-generated by a timed task and synchronized to a WEB server in the form of a file. When the user accesses the page, the user accesses the resource in the WEB server preferentially. The file generated by page stationing is a source file and is stored in an intranet area. And the files synchronized to the WEB server are target files and are stored in an external network area. Files stored in the external network area are easy to attack and tamper, and resources accessed by users after tampering are distorted to cause adverse effects.
The existing page tamper-proof technology has the defects of long time consumption, high cost, poor reliability and the like, can not better identify whether the page is tampered, and is difficult to recover after the page is tampered.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a method, system, device, medium, and program product for tamper-proofing pages based on front-end embedded technology.
According to a first aspect of the present disclosure, there is provided a method for tamper-proofing a page based on a front-end buried point technology, including: acquiring first target file information, wherein the first target file information comprises a first target file, a file name of the first target file and a file path;
Performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to a tamper-proof server;
acquiring second target file information through a front-end embedded point, wherein the second target file information comprises a second target file, a file name of the second target file and a file path;
Performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server;
Tamper identification is carried out on the first target file according to the m first hash values and the m second hash values;
If the first target file is tampered, recovering the first target file according to the file name and the file path of the first target file;
the first target file is a static source file, and the second target file is a file when a user accesses a page.
According to an embodiment of the disclosure, the tamper identifying the first target file according to the m first hash values and the m second hash values includes:
Performing de-duplication on the second hash value according to the second target file information and the WEB server IP information;
generating m groups of hash values according to m first hash values and m second hash values subjected to de-duplication;
comparing the first hash value with the second hash value in the m groups of hash values;
and determining a tamper identification result of the first target file according to the comparison result.
According to an embodiment of the disclosure, the deduplicating the second hash value according to the second target file information and WEB server IP information includes:
acquiring IP information of a WEB server where the second target file is located;
Determining a second target file name and a file path according to the second target file information;
And de-duplicating the second hash value according to the second target file name, the file path and the IP information.
According to an embodiment of the disclosure, the determining, according to the comparison result, a tamper identification result of the first target file includes:
If any one of the hash values is different from the first hash value and the second hash value, the first target file is determined to be tampered.
According to an embodiment of the disclosure, the recovering the first target file according to the file name and the file path of the first target file includes:
determining an application service interface according to the file name and the file path of the first target file;
Calling the application service interface to generate a static file;
Performing hash calculation on the static file for m times to determine m third hash values, and uploading the m third hash values to the tamper-proof server;
And synchronizing the static file to a WEB server, and replacing the first target file by coverage.
According to an embodiment of the disclosure, the recovering the first target file according to the file name and the file path of the first target file further includes:
acquiring a source file in a file storage system according to the file name and the file path of the first target file;
And synchronizing the source file to a WEB server, and overlaying and replacing the first target file.
According to an embodiment of the present disclosure, the obtaining the first target file information includes:
Calling a back-end application service interface to generate a first target file;
Storing the first target file in a file storage system, and synchronizing the first target file to a WEB server through a file synchronization server;
the file name and file path of the first target file are recorded.
According to an embodiment of the present disclosure, the obtaining, by the front-end embedded point, the second target file information includes:
a JS code is preset in a page;
When a user accesses a page, a second target file corresponding to the page and a file path and a file name of the second target file are acquired through a JS code preset in the page.
A second aspect of the present disclosure provides a front-end embedded point technology based page tamper resistant system, comprising:
The first acquisition module is used for acquiring first target file information, wherein the first target file information comprises a first target file, a file name of the first target file and a file path;
The first calculation module is used for carrying out hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server;
the second acquisition module is used for acquiring second target file information through the front-end embedded point, wherein the second target file information comprises a second target file, a file name of the second target file and a file path;
The second calculation module is used for carrying out hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server;
the identification module is used for carrying out tamper identification on the first target file according to the m first hash values and the m second hash values;
And
The recovery module is used for recovering the first target file according to the file name and the file path of the first target file if the first target file is tampered;
the first target file is a static source file, and the second target file is a file when a user accesses a page.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described front-end-embedded-technology-based page tamper resistant method.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described method of page tamper resistance based on a front-end buried point technique.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described method of tamper-proofing a page based on a front-end buried point technique.
According to the embodiment of the disclosure, m hash values are obtained by obtaining first target file information and performing hash calculation on the first target file for m times, and the m first hash values are uploaded to the tamper-resistant server; acquiring second target file information through the front-end embedded point; performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server; tamper identification is carried out on the first target file according to the m first hash values and the m second hash values; if the first target file is tampered, recovering the first target file according to the file name and the file path of the first target file; the hash values of the page files are compared through the tamper-proof server through the page staticizing technology and the front-end embedded point technology, so that whether the page is tampered or not is further identified, and quick recovery of the tampered page is realized.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
Fig. 1 schematically illustrates an application scenario diagram of a front-end buried point technology-based page tamper-proof method according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a system architecture diagram that may be used for a front-end buried point technology based page tamper resistant method in accordance with an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a method of page tamper resistance based on front-end buried point technology in accordance with an embodiment of the present disclosure;
FIG. 4 schematically illustrates another method flow diagram for tamper resistance of a page based on a front-end buried point technique, in accordance with an embodiment of the present disclosure;
FIG. 5 schematically illustrates a block diagram of a front-end buried point technology based page tamper resistant system in accordance with an embodiment of the present disclosure; and
Fig. 6 schematically illustrates a block diagram of an electronic device adapted to implement a method of tamper resistance of a page based on front-end buried point technology, according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The terms presented in this disclosure are explained first.
Page staticization: the user access resource is pre-generated through the timing task and is synchronized to the WEB server in the form of a file. When the user accesses the page, the user accesses the resource in the WEB server preferentially.
Burying: buried point analysis is a common data acquisition method for website analysis. The front-end embedded point in the embodiment of the disclosure is to collect data on a front-end webpage through a JS technology mode.
Tamper-proof: the file generated by page stationing is a source file and is stored in an intranet area. And the files synchronized to the WEB server are target files and are stored in an external network area. Files stored in the external network area are easy to attack and tamper, and resources accessed by users after tampering are distorted to cause adverse effects. Tamper-proofing is to identify a tampered file in a WEB server and synchronously recover the file from a source file.
The embodiment of the disclosure provides a page tamper-proof method based on a front-end embedded point technology, which comprises the following steps:
Acquiring first target file information, wherein the first target file information comprises a first target file, a file name of the first target file and a file path; performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server; acquiring second target file information through the front-end embedded point, wherein the second target file information comprises a second target file, a file name of the second target file and a file path; performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server; tamper identification is carried out on the first target file according to the m first hash values and the m second hash values; if the first target file is tampered, recovering the first target file according to the file name and the file path of the first target file; the first target file is a static source file, and the second target file is a file when a user accesses a page.
Fig. 1 schematically illustrates an application scenario diagram of a page tamper-proof method based on a front-end buried point technology according to an embodiment of the present disclosure. Fig. 2 schematically illustrates a system architecture diagram that may be used for a front-end buried point technology based page tamper resistant method in accordance with an embodiment of the present disclosure. It should be noted that the application scenario illustrated in fig. 1 and the system architecture illustrated in fig. 2 are merely examples of application scenarios and system architectures that may be used with embodiments of the present disclosure to help those skilled in the art understand the technical content of the present disclosure, but do not mean that embodiments of the present disclosure may not be used with other devices, systems, environments, or scenarios. It should be noted that, the method and system for preventing page tampering based on the front-end embedded point technology provided by the embodiments of the present disclosure may be used in the related aspects of the information security technical field and the financial field, and may also be used in any field other than the financial field, and the application field of the method and system for preventing page tampering based on the front-end embedded point technology provided by the embodiments of the present disclosure is not limited.
As shown in fig. 1, an application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the page data being accessed by the user, identify whether the page currently accessed by the user has been tampered, and recover the tampered page (e.g. a web page, information, or data obtained or generated according to the identification result is fed back to the terminal device).
It should be noted that, the method for preventing page tampering based on the front-end embedded point technology provided in the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the front-end point-buried technology based page tamper resistant system provided by embodiments of the present disclosure may be generally disposed in the server 105. The method for tamper resistance of pages based on the front-end buried point technology provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the page tamper resistant system based on the front-end embedded technology provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
As shown in fig. 2, the system architecture 110 according to the embodiment may be used to perform a method for preventing tampering of a page based on a front-end embedded technology, and the system architecture 110 may include a terminal device 111, a WEB server 112, a tamper-resistant server 113, a bloom filter 114, a stationarization server 115, a file storage system 116, a WEB application server 117, and a file synchronization server 118.
Terminal device 111 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The static server 115 calls an interface of the WEB application server 117 to generate a static file, stores the static file in the file storage system 116, and simultaneously performs hash calculation on the static file to upload the static file to the tamper-proof server 113, and synchronizes the static file to the WEB server 112 through the file synchronization server 118.
When a user accesses a website page by using the terminal device 111, accessing a corresponding file from a WEB server, at this time, acquiring the file accessed from the WEB server through a JS embedded point set in a front-end page, performing hash calculation on the file, uploading calculated parameters to the tamper-proof server 113, filtering the parameters by the tamper-proof server 113 according to the WEB server IP, the file name and the file path due to repeated parameter calculation caused by simultaneous access of multiple users at the same time, comparing the filtered hash values by the bloom filter 114, realizing page tamper identification, and if the page is determined to be tampered, recalling a statisticization service to generate a statisticized file to be synchronized to the WEB server 112, thereby completing recovery of the tampered file.
The page tamper-proof method based on the front-end buried point technology of the disclosed embodiment will be described in detail below with reference to the scenario described in fig. 1 through fig. 3 to 4.
Fig. 3 schematically illustrates a flow chart of a method of page tamper resistance based on a front-end buried point technique according to an embodiment of the present disclosure.
As shown in fig. 3, the front-end embedded technology-based page tamper-proof method of this embodiment includes operations S210 to S230, and the page tamper-proof processing method may be performed by a server.
In operation S210, first target file information is acquired.
According to an embodiment of the disclosure, the first target file information includes a first target file, a file name of the first target file, and a file path, wherein the first target file is a static source file.
Operation S210 is a process of creating a static source file by the static server, and in one example, the static server calls a background application service interface, and stores the returned data in a file storage system in a file form, that is, a first target file, and obtains a file name and a file path of the file.
In operation S220, m hash computations are performed on the first target file to obtain m first hash values, and the m first hash values are uploaded to the tamper-resistant server.
In one example, after generating a static source file, hash calculation is performed on the file using a set of salt values (random calculation factors), a set of m salt values is calculated to obtain m first hash values, and the first target file information and the m first hash values are uploaded to a tamper-proof server and recorded in a bloom filter. Each of the static source files corresponds to m different hash values. In the embodiment of the disclosure, m takes a value of 3.
Operations S210 and S220 are one-time operations, and when the contents of the web page are not updated, the first target file does not need to be updated.
In operation S230, second target file information is acquired through the front-end buried point.
According to the embodiment of the disclosure, the second target file information includes a second target file, a file name of the second target file, and a file path, wherein the second target file is a file when the user is performing page access.
When a user accesses a page, accessing files in a WEB server through a browser, and acquiring the files currently accessed by the user through a front-end embedded point technology, wherein the files are the second target files, if the page is not tampered, the first target files are the same as the second target files, and if the page is tampered, the first target files are different from the second target files.
In operation S240, the second target file is subjected to m hash computations to obtain m second hash values, and the m second hash values are uploaded to the tamper-resistant server.
And the same as operation S220, performing m hash calculations on the second target file using the same set of salt values (random calculation factors) to obtain m second hash values, and uploading the second target file information and the m second hash values to the tamper-resistant server.
In operation S250, tamper identification is performed on the first target file according to the m first hash values and the m second hash values.
In one example, a bloom filter in the tamper-resistant server compares m first hash values and m second hash values according to file names of a first target file and a second target file, and if the first hash values and the second hash values are different, the first target file and the second target file are different, and the first target file is determined to be tampered; if the first hash value and the second hash value are the same in one group, the first target file is determined to be not tampered.
In operation S260, if it is determined that the first target file is tampered, the first target file is restored according to the file name and the file path of the first target file.
In one example, when it is determined that the first target file is tampered, recovery needs to be performed on the first target file, specifically, a background application service interface called when the first target file is generated may be obtained through a file name and a file path of the first target file, operation S210 and operation S220 are re-executed to generate a static source file, and the static source file is synchronized to a WEB server through a file synchronization server, so that recovery after tampering is completed.
According to the embodiment of the disclosure, the front-end embedded point technology and the bloom filter technology are combined, the front-end embedded point is used for acquiring the page information which is accessed by the user, the bloom filter is used for comparing the hash values of the first target file and the second target file, whether the page is tampered or not is identified, recovery after tampering is completed, the identification time of page tampering is shortened, and automatic and rapid positioning and recovery of tampered pages are realized.
Fig. 4 schematically illustrates another method flow diagram for tamper resistance of a page based on a front-end buried point technique according to an embodiment of the present disclosure.
As shown in fig. 4, the front-end buried point technology-based page tamper-proof method of this embodiment includes operations S310 to S370.
In operation S310, first target file information is acquired.
According to the embodiment of the disclosure, a back-end application service interface is called to generate a first target file. Storing the first target file in a file storage system, and synchronizing the first target file to a WEB server through a file synchronization server; the file name and file path of the first target file are recorded.
In one example, the first target file is stored in a file storage system, and the file synchronization server obtains the first target file from the file storage system, synchronizes the first target file to the WEB server, and waits for an access request of a user.
In operation S320, m hash computations are performed on the first target file to obtain m first hash values, and the m first hash values are uploaded to the tamper-resistant server.
The technical schemes and technical principles of operation S320 and operation S220 are the same, and will not be described again.
In operation S330, second target file information is acquired through the front-end buried point.
According to the embodiment of the disclosure, a JS (Javascript) code is preset in a page; when a user accesses a page, a second target file corresponding to the page and a file path and a file name of the second target file are acquired through a JS code preset in the page.
In one example, when the user performs page questioning through the browser, the user accesses the file of the WEB server preferentially, and after the page is loaded, the JS in the page obtains the file path and the file name of the file.
In operation S340, m hash computations are performed on the second target file to obtain m second hash values, and the m second hash values are uploaded to the tamper-resistant server.
The technical schemes and technical principles of operation S340 and operation S240 are the same, and will not be described again.
In operation S350, the second hash value is deduplicated according to the second target file information and the WEB server IP information.
In one example, since there may be multiple users accessing the same website page at the same time, the second target file information may be the same, that is, there are a large number of the same second target file names and file paths, so in order to increase the tamper identification speed and reduce the use of computing resources, the parameters uploaded to the tamper-resistant server in operation S340 need to be deduplicated, which specifically includes the following steps.
In the first step, the IP information of the WEB server where the second target file is located is obtained.
In one example, because of the distributed deployment of WEB servers, the same file is stored on different WEB servers, there may be some tampered WEB server files, some server files are not tampered, and at this time, the IP information of the WEB server needs to be acquired as the identifier of the WEB server. And when the IP information of the WEB server where the second target file is located is the same, determining that the second target file is from the same WEB server.
In a second step, a second target file name and a file path are determined from the second target file information.
In the third step, the second hash value is deduplicated according to the second target file name, the file path and the IP information.
In one example, given 10 sets of second target file information, 10 sets of hash values are formed corresponding to 10m second hash values, and the 10 sets of hash values may be the same or different, depending on whether the 10 second target files are from the same WEB server, and whether the 10 second target file names and file paths are the same. If the tamper identification is directly performed without duplication removal, 10 comparisons are needed, so that the waste of calculation resources is caused, and the identification efficiency is reduced.
If the IP information of the WEB servers where the 8 second target files are located is the same, determining that the 8 second target files are from the same WEB server. And then comparing the file names and the file paths of the 8 second target files, if the file names and the file paths of the 6 second target files are identical, determining that 6 groups of second hash values corresponding to the 6 second target files are identical, at the moment, only one group of second hash values are needed to be taken at will to finish the de-duplication of the second hash values, at the moment, only 5 times of comparison are needed, and the comparison times are reduced through the de-duplication, so that the recognition efficiency of page tampering is improved.
Operations S350 and S360 are performed by a bloom filter in the tamper resistant server.
In operation S360, tamper identification is performed on the first target file according to the m first hash values and the m second hash values.
According to the embodiment of the disclosure, m groups of hash values are generated according to m first hash values and m second hash values; and comparing the first hash value with the second hash value in the m groups of hash values.
According to the embodiment of the disclosure, a tamper identification result of the first target file is determined according to the comparison result. If any one of the hash values is different from the first hash value and the second hash value, the first target file is determined to be tampered.
In one example, the first hash value of the same file name and file path is m, and the number of second hash values is an integer multiple of m, related to the number of WEB servers. Whether the first target file is tampered can be determined according to whether the first hash value and the second hash value are the same, and specifically, since the first hash value and the second hash value are obtained through calculation of the same group of salt values, m groups of hash values are generated by m first hash values and m second hash values according to the salt values. And comparing the first hash value and the second hash value in the m groups to obtain a comparison result. If one of the m groups of hash values is the same, the first target file and the second target file are determined to be the same, and the first target file is determined to be not tampered. Otherwise, it is determined that the first target file and the second target file are different, and it is determined that the first target file is tampered, and then operation S370 is continuously performed.
In operation S370, the first target file is restored according to the file name and the file path of the first target file.
There are two possible implementations of operation S370.
In one possible embodiment:
According to the embodiment of the disclosure, an application service interface is determined according to the file name and the file path of the first target file; calling an application service interface to generate a static file; performing hash calculation on the static file for m times to determine m third hash values, and uploading the m third hash values to the tamper-proof server; and synchronizing the static file to a WEB server, and overlaying and replacing the first target file.
In one example, the replacement recovery scheme is to recall the static server, make a static file, synchronize the static file to the WEB server, and perform overlay replacement on the tampered file.
In another possible embodiment:
According to the embodiment of the disclosure, a source file in a file storage system is acquired according to the file name and the file path of a first target file; synchronizing the source file to a WEB server, and replacing the first target file by coverage.
In one example, since the first target file is stored in the file storage system, the first target file can be located to a source file in the file storage system according to the file name and the file path of the first target file, and the source file is synchronized to the WEB server through the file synchronization server, so that the overlay replacement of the tampered file is realized.
According to the embodiment of the disclosure, the front-end embedded point technology and the bloom filter technology are combined, the page information accessed by the user is acquired through the front-end embedded point, the second hash value is deduplicated through the tamper-proof server, the bloom filter is used for comparing the first hash value of the first target file with the hash value of the second target file, whether the page is tampered or not is identified, recovery after tampering is completed, the identification time of page tampering is shortened, and automatic and rapid positioning and recovery of tampered pages are realized.
The invention further provides a page tamper-proof system based on the front-end embedded point technology. The device will be described in detail below in connection with fig. 5.
Fig. 5 schematically illustrates a block diagram of a front-end buried point technology based page tamper resistant system in accordance with an embodiment of the present disclosure.
As shown in fig. 5, the front-end-embedded technology-based page tamper-resistant system 500 of this embodiment includes a first acquisition module 510, a first calculation module 520, a second acquisition module 530, a second calculation module 540, an identification module 550, and a recovery module 560.
The first obtaining module 510 is configured to obtain first target file information, where the first target file information includes a first target file, a file name of the first target file, and a file path. In an embodiment, the first obtaining module 510 may be configured to perform the operation S210 described above, which is not described herein.
The first calculation module 520 is configured to perform hash calculation on the first target file m times to obtain m first hash values, and upload the m first hash values to the tamper-resistant server. In an embodiment, the first computing module 520 may be configured to perform the operation S220 described above, which is not described herein.
The second obtaining module 530 is configured to obtain second target file information through the front-end embedded point, where the second target file information includes a second target file, a file name of the second target file, and a file path. In an embodiment, the second obtaining module 530 may be used to perform the operation S230 described above, which is not described herein.
The second calculation module 540 is configured to perform hash calculation on the second target file m times to obtain m second hash values, and upload the m second hash values to the tamper-resistant server. In an embodiment, the second computing module 540 may be used to perform the operation S240 described above, which is not described herein.
The identification module 550 is configured to tamper-identify the first target file according to the m first hash values and the m second hash values. In an embodiment, the identification module 550 may be configured to perform the operation S250 described above, which is not described herein.
The recovery module 560 is configured to recover the first target file according to the file name and the file path of the first target file if it is determined that the first target file is tampered. In an embodiment, the recovery module 560 may be configured to perform the operation S260 described above, which is not described herein.
According to an embodiment of the present disclosure, any of the first acquisition module 510, the first calculation module 520, the second acquisition module 530, the second calculation module 540, the identification module 550, and the recovery module 560 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to embodiments of the present disclosure, at least one of the first acquisition module 510, the first calculation module 520, the second acquisition module 530, the second calculation module 540, the identification module 550, and the recovery module 560 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or in any one of or a suitable combination of any of the three. Or at least one of the first acquisition module 510, the first calculation module 520, the second acquisition module 530, the second calculation module 540, the identification module 550, and the recovery module 560 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
Fig. 6 schematically illustrates a block diagram of an electronic device adapted to implement a method of tamper resistance of a page based on front-end buried point technology, according to an embodiment of the present disclosure.
As shown in fig. 6, an electronic device 900 according to an embodiment of the present disclosure includes a processor 901 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. The processor 901 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 901 may also include on-board memory for caching purposes. Processor 901 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic device 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the program may be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 900 may also include an input/output (I/O) interface 905, the input/output (I/O) interface 905 also being connected to the bus 904. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 902 and/or RAM 903 and/or one or more memories other than ROM 902 and RAM 903 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. When the computer program product runs in a computer system, the program code is used for enabling the computer system to realize the page tamper-proof method based on the front-end embedded point technology provided by the embodiment of the disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, via communication portion 909, and/or installed from removable medium 911. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (9)

1. A page tamper-proof method based on a front-end embedded point technology comprises the following steps:
Acquiring first target file information, wherein the first target file information comprises a first target file, a file name of the first target file and a file path;
Performing hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to a tamper-proof server;
acquiring second target file information through a front-end embedded point, wherein the second target file information comprises a second target file, a file name of the second target file and a file path;
Performing hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server;
Tamper identification is carried out on the first target file according to the m first hash values and the m second hash values;
If the first target file is tampered, recovering the first target file according to the file name and the file path of the first target file;
Wherein the first target file is a static source file, the second target file is a file when a user is accessing a page,
The obtaining the first target file information includes:
Calling a back-end application service interface to generate a first target file;
Storing the first target file in a file storage system, and synchronizing the first target file to a WEB server through a file synchronization server;
Recording the file name and the file path of the first target file;
the recovering the first target file according to the file name and the file path of the first target file includes:
determining an application service interface according to the file name and the file path of the first target file;
Calling the application service interface to generate a static file;
Performing hash calculation on the static file for m times to determine m third hash values, and uploading the m third hash values to the tamper-proof server;
Synchronizing the static file to a WEB server, and replacing the first target file in a covering way;
Or (b)
Acquiring a source file in a file storage system according to the file name and the file path of the first target file; and
And synchronizing the source file to a WEB server, and overlaying and replacing the first target file.
2. The method of claim 1, wherein said tamper identifying the first target file based on the m first hash values and the m second hash values comprises:
Performing de-duplication on the second hash value according to the second target file information and the WEB server IP information;
generating m groups of hash values according to m first hash values and m second hash values subjected to de-duplication;
comparing the first hash value with the second hash value in the m groups of hash values;
and determining a tamper identification result of the first target file according to the comparison result.
3. The method of claim 2, wherein de-duplicating the second hash value based on the second object file information and WEB server IP information, comprises:
acquiring IP information of a WEB server where the second target file is located;
Determining a second target file name and a file path according to the second target file information;
And de-duplicating the second hash value according to the second target file name, the file path and the IP information.
4. The method according to claim 2, wherein the determining the tamper-evident result of the first target file according to the comparison result includes:
If any one of the hash values is different from the first hash value and the second hash value, the first target file is determined to be tampered.
5. The method of claim 4, wherein the obtaining the second object file information through the front-end embedded point includes:
a JS code is preset in a page;
When a user accesses a page, a second target file corresponding to the page and a file path and a file name of the second target file are acquired through a JS code preset in the page.
6. A front-end embedded point technology based page tamper resistant system comprising:
The first acquisition module is used for acquiring first target file information, wherein the first target file information comprises a first target file, a file name of the first target file and a file path;
The first calculation module is used for carrying out hash calculation on the first target file for m times to obtain m first hash values, and uploading the m first hash values to the tamper-resistant server;
the second acquisition module is used for acquiring second target file information through the front-end embedded point, wherein the second target file information comprises a second target file, a file name of the second target file and a file path;
The second calculation module is used for carrying out hash calculation on the second target file for m times to obtain m second hash values, and uploading the m second hash values to the tamper-resistant server;
the identification module is used for carrying out tamper identification on the first target file according to the m first hash values and the m second hash values;
And
The recovery module is used for recovering the first target file according to the file name and the file path of the first target file if the first target file is tampered;
Wherein the first target file is a static source file, the second target file is a file when a user is accessing a page,
The first acquisition module is also used for calling a back-end application service interface to generate a first target file; storing the first target file in a file storage system, and synchronizing the first target file to a WEB server through a file synchronization server; recording the file name and the file path of the first target file;
the recovery module is also used for determining an application service interface according to the file name and the file path of the first target file; calling the application service interface to generate a static file; performing hash calculation on the static file for m times to determine m third hash values, and uploading the m third hash values to the tamper-proof server; synchronizing the static file to a WEB server, and replacing the first target file in a covering way;
the recovery module is also used for acquiring a source file in the file storage system according to the file name and the file path of the first target file; and synchronizing the source file to a WEB server, and overlaying and replacing the first target file.
7. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-5.
8. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-5.
9. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-5.
CN202110708380.4A 2021-06-25 2021-06-25 Page tamper-proof method and system based on front-end embedded point technology Active CN113343312B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110708380.4A CN113343312B (en) 2021-06-25 2021-06-25 Page tamper-proof method and system based on front-end embedded point technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110708380.4A CN113343312B (en) 2021-06-25 2021-06-25 Page tamper-proof method and system based on front-end embedded point technology

Publications (2)

Publication Number Publication Date
CN113343312A CN113343312A (en) 2021-09-03
CN113343312B true CN113343312B (en) 2024-06-14

Family

ID=77478545

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110708380.4A Active CN113343312B (en) 2021-06-25 2021-06-25 Page tamper-proof method and system based on front-end embedded point technology

Country Status (1)

Country Link
CN (1) CN113343312B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242775A (en) * 2022-07-04 2022-10-25 ***股份有限公司 Resource file acquisition method, device, equipment, medium and product
CN115129677B (en) * 2022-08-30 2022-11-22 睿云奇智(青岛)科技有限公司 Operator document synchronization method and device

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105678193B (en) * 2016-01-06 2018-08-14 杭州数梦工场科技有限公司 A kind of anti-tamper treating method and apparatus
CN107423639B (en) * 2017-04-21 2021-04-23 深圳前海微众银行股份有限公司 Webpage tampering monitoring method and device
CN109257340B (en) * 2018-08-29 2021-05-04 北京中科锐链科技有限公司 Website tamper-proof system and method based on block chain
CN110177154B (en) * 2019-06-17 2021-07-02 深圳前海微众银行股份有限公司 File interaction processing method, device and system
CN112748991A (en) * 2019-10-30 2021-05-04 伊姆西Ip控股有限责任公司 Method, apparatus and computer program product for backing up data
CN111552676A (en) * 2020-04-26 2020-08-18 北京众享比特科技有限公司 Block chain based evidence storing method, device, equipment and medium
CN111967059A (en) * 2020-08-11 2020-11-20 广东堡塔安全技术有限公司 Website tamper-proofing method and system and computer readable storage medium
CN112966232B (en) * 2021-03-12 2024-03-29 恩亿科(北京)数据科技有限公司 Page watermark tamper-proof method, system, electronic device and readable storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于E-Key及Web页面监控的网站防篡改机制研究;范建华;宋云波;;成都信息工程学院学报;20090831(第04期);全文 *
浅议网页防篡改技术;方红跃;;大视野;20081231(第12期);全文 *

Also Published As

Publication number Publication date
CN113343312A (en) 2021-09-03

Similar Documents

Publication Publication Date Title
US11563674B2 (en) Content based routing method and apparatus
US10152773B2 (en) Creating a blurred area for an image to reuse for minimizing blur operations
US20160349928A1 (en) Generating summary of activity on computer gui
CN110262807B (en) Cluster creation progress log acquisition system, method and device
US10169005B2 (en) Consolidating and reusing portal information
CN113987074A (en) Distributed service full-link monitoring method and device, electronic equipment and storage medium
CN113343312B (en) Page tamper-proof method and system based on front-end embedded point technology
US9787783B2 (en) Providing supplemental content in relation to embedded media
CN103678487A (en) Method and device for generating web page snapshot
CN113505302A (en) Method, device and system for supporting dynamic acquisition of buried point data and electronic equipment
CN115357761A (en) Link tracking method and device, electronic equipment and storage medium
US10021012B2 (en) Notifying original state listeners of events in a domain model
CN110795331A (en) Software testing method and device
US9253279B2 (en) Preemptive caching of data
CN109345063B (en) Data processing method and device for wind control system and storage medium
US11216490B2 (en) Method and system for the creation and maintenance of a web presence data store built automatically for all entities with a social media presence
CN112882921B (en) Fault simulation method and device
US9304830B1 (en) Fragment-based multi-threaded data processing
CN113076254A (en) Test case set generation method and device
CN109657523B (en) Driving region detection method and device
US20150261733A1 (en) Asset collection service through capture of content
US20150248499A1 (en) Optimized read/write access to a document object model
CN111767486A (en) Method, device, electronic equipment and computer readable medium for displaying page
CN118035594B (en) Method, apparatus, electronic device and computer readable medium for accessing production document
US20230308369A1 (en) Data migration in application performance monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant