CN115085973B - White list processing method, white list processing device, storage medium and computer terminal - Google Patents
White list processing method, white list processing device, storage medium and computer terminal Download PDFInfo
- Publication number
- CN115085973B CN115085973B CN202210535831.3A CN202210535831A CN115085973B CN 115085973 B CN115085973 B CN 115085973B CN 202210535831 A CN202210535831 A CN 202210535831A CN 115085973 B CN115085973 B CN 115085973B
- Authority
- CN
- China
- Prior art keywords
- white list
- updating
- list
- target
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title claims abstract description 29
- 238000003672 processing method Methods 0.000 title abstract description 9
- 238000004458 analytical method Methods 0.000 claims abstract description 97
- 238000000034 method Methods 0.000 claims abstract description 91
- 230000008569 process Effects 0.000 claims abstract description 53
- 238000010586 diagram Methods 0.000 description 7
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 4
- 230000001960 triggered effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000593 degrading effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000012958 reprocessing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a white list processing method, a white list processing device, a storage medium and a computer terminal. Wherein the method comprises the following steps: responding to an updating instruction of a target white list, acquiring a first white list, wherein the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list; analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not; and updating the target white list based on the target analysis result and the history analysis result to obtain an updating result. The invention solves the technical problem of lower list performance caused by complicated configuration when the list processing is carried out in the prior art.
Description
Technical Field
The present invention relates to the field of computers, and in particular, to a whitelist processing method, a whitelist processing device, a storage medium, and a computer terminal.
Background
In the prior art, two authentication modes are adopted based on etcd clusters, one authentication mode is access control of authentication, and the links generally relate to users, roles, authorization, user binding roles and the like; another way is to authenticate the TLS certificate. However, for the etcd cluster accessed by the internal user, either of the above schemes is relatively cumbersome to configure. For example, using TLS, may involve the dimensionality or update complexity of the certificate, while also degrading the performance of the etcd cluster, such as throughput, etc. Therefore, an authentication scheme with more flexibility, convenient configuration and less performance cost needs to be introduced.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the invention provides a white list processing method, a white list processing device, a storage medium and a computer terminal, which are used for at least solving the technical problem of lower list performance caused by complicated configuration.
According to an aspect of the embodiment of the present invention, there is provided a method for processing a white list, including: responding to an updating instruction of a target white list, acquiring a first white list, wherein the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list; analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not; updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is the analysis result of the second white list, and the second white list is the history white list in the second cooperative process.
Optionally, updating the target white list based on the target analysis result and the history analysis result to obtain an updated result, including: determining a first checksum based on the target analysis result, wherein the first checksum is used for representing list information in a first white list; determining a second checksum based on the historical parsing result, wherein the second checksum is used for representing list information in a second white list; and updating the target white list based on the first checksum and the second checksum to obtain an updating result.
Optionally, the method further comprises: determining the first list number based on the target analysis result, wherein the first list number is the list number contained in the first white list; determining the second list quantity based on the historical analysis result, wherein the second list quantity is the list quantity contained in the second white list; and under the condition that the number of the first lists is the same as that of the second lists, updating the target white lists based on the first checksum and the second checksum to obtain an updating result.
Optionally, the method further comprises: under the condition that the first checksum is different from the second checksum or the first list number is different from the second list number, combining the first white list and the second white list to obtain a third white list; and updating the target white list based on the third white list to obtain an updating result.
Optionally, merging the first white list and the second white list to obtain a third white list, including: combining the first white list and the second white list to obtain a fourth white list; and carrying out de-duplication treatment on the fourth white list to obtain a third white list.
Optionally, updating based on the third white list and the second white list target white list to obtain an updating result, including: obtaining a third list number of a third white list, wherein the third list number is the list number contained in the third white list; comparing the third list quantity with the second list quantity to obtain a comparison result, wherein the comparison result is used for indicating whether the third list quantity is the same as the second list quantity; and under the condition that the comparison result is that the number of the third lists is different from that of the second lists, updating the target white lists based on the third white lists to obtain an updating result.
Optionally, the method further comprises: and under the condition that the comparison result is that the number of the third lists is the same as the number of the second lists, updating the target white list based on preset updating times to obtain an updating result, wherein the preset updating times are preset times for updating the target white list.
Optionally, updating the target white list based on the preset updating times to obtain an updating result, including: under the condition that the current updating times are smaller than the preset updating times, the target white list is forbidden to be updated; and under the condition that the current updating times are greater than or equal to the preset updating times, updating the target white list based on the third white list to obtain an updating result.
According to another aspect of the embodiment of the present invention, there is also provided a processing apparatus for a white list, including: the system comprises an acquisition module, a first judgment module and a second judgment module, wherein the acquisition module is used for responding to an update instruction of a target white list to acquire a first white list, the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list; the analysis module is used for analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not; the updating module is used for updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is the analysis result of a second white list, and the second white list is the history white list in the second cooperative process.
According to another aspect of the embodiment of the present invention, there is further provided a storage medium, where the storage medium includes a stored program, and when the program runs, the device where the storage medium is controlled to execute the processing method of any one of the whitelists.
According to another aspect of the embodiment of the present invention, there is also provided a computer terminal including: the processor is used for running the program stored in the memory, wherein the processing method of any one of the whitelists is executed when the program runs.
In the embodiment of the invention, a first white list is obtained by responding to an updating instruction of a target white list, wherein the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list; analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not; updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is the analysis result of the second white list, and the second white list is the history white list in the second cooperative process, so that the updating of the target white list is realized. It is easy to think that updating the target white list based on the target analysis result and the history analysis result can simplify the white list updating flow, further improve the updating efficiency and accuracy of the white list, and solve the technical problem of lower list performance caused by complicated configuration in the prior art when the list processing is performed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flow chart of a method of processing a white list according to an embodiment of the invention;
FIG. 2a is a basic schematic 1 in accordance with an embodiment of the present invention;
FIG. 2b is a basic schematic 2 in accordance with an embodiment of the present invention;
FIG. 2c is a basic schematic 3 in accordance with an embodiment of the invention;
FIG. 3 is a schematic diagram of a system according to an embodiment of the invention;
fig. 4 is a schematic diagram of a processing apparatus for a white list according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, technical terms or technical terms appearing in the embodiments of the present invention are explained as follows:
etcd is an open source item whose goal is to build a highly available distributed key value database. The method adopts a raft protocol as a consistency algorithm and can be realized based on a go language.
The Raft protocol: is a distributed strong consistency protocol.
Go language: the Golang language is a compiled system programming language which is open in source, supports concurrency and garbage collection.
etcd cluster: i.e. a cluster built by a plurality of etcd nodes in common. Typically, one etcd cluster has an odd number of nodes.
White list: the application refers to a white list function customized and developed at the etcd level, and only the IP authorization scheme in the white list range is allowed.
MNS: a name service. Similar to the domain name service, an address list (IP list) of the actual back-end mapping can be obtained by MNS resolution. The white list in this application supports two formats, one is address (IP) based and one is MNS based.
clientV3: the Software Development Kit (SDK) provided by etcd is used for accessing/operating the etcd cluster after encapsulation.
Example 1
According to an embodiment of the present invention, there is provided an embodiment of a method for processing a white list, it should be noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different from that herein.
Fig. 1 is a flowchart of a method for processing a white list according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, a first white list is obtained in response to an update instruction for a target white list, wherein the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list.
The update instruction may be a computer instruction, and the system may update the target white list after receiving the instruction.
The target white list may be a white list to be updated in the first cooperative process, where the first cooperative process may be used to authenticate through the target white list, where the authentication may be to verify whether the user has the right to access the system.
The first whitelist may be a current whitelist in a second cooperative process, where the second cooperative process may be used to update the target whitelist through the first whitelist.
In an alternative embodiment, the user may input the target white list by himself, the system may obtain the current white list in the second protocol, that is, the first white list, in response to the update instruction, and further, the target white list may be updated based on the first list. Optionally, the white list is read and written in a lock-free manner in a double-cooperative manner, that is, the read and write can be performed together, so that the performance of the cluster is prevented from being influenced.
Step S104, analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not.
The target analysis result can be expressed in the forms of words, files, indicator light colors, numbers and the like.
In an alternative embodiment, the whitelist may be parsed by a related procedure, and a double buffer design, namely a serverswhitelist, whitelist mapbuffer1 (whitelist buffer 1) and whitelist mapbuffer2 (whitelist buffer 2), respectively, is introduced into the core data structure of the procedure. The purpose is to realize that the core logic processing of the main cooperative program does not conflict with the white list analysis of the sub cooperative program. When the main protocol Cheng Douqu WhitelistMapBuffer1 content, the child protocol may use WhitelistMapBuffer2 for whitelist resolution. The buffer is switched by a static file (which may be referred to as a tag), and the tag bottom layer actually corresponds to a 32-bit integer (32 bienteger is abbreviated as int32 number), which is either 0 or 1, when the number is 0, the tag bottom layer points to WhitelistMapBuffer1, and when the number is 1, the tag bottom layer points to WhitelistMapBuffer2.
If the concurrent reading and writing of the int32 does not conflict in an operating system with open source code (which can be a Linux system), the condition that the update is half read by another coroutine does not exist. In addition, bufferCnt represents the number of whitelists in the present block buffer, and BufferCksum represents the checksum of the whitelists in the present block buffer.
In another alternative embodiment, the first whitelist may be parsed based on the second cooperative procedure, and the target parsing result may be obtained, optionally, list information in the first whitelist may be determined based on the target parsing result, and corresponding list information may be determined based on the historical parsing result, where the historical parsing result may be a parsing result of a whitelist updated last time.
Further, the list information in the first white list is compared with the list information determined by the historical analysis result to determine whether the update occurs, if the list information in the first white list is updated, the target white list can be updated, and if the list information is not updated, the target white list can be temporarily not updated. Optionally, updating the target white list based on the target analysis result and the history analysis result can simplify the white list updating process, thereby improving the efficiency and accuracy of updating the white list.
And step S106, updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is the analysis result of a second white list, and the second white list is the history white list in the second cooperative process.
The second whitelist may be a history whitelist in the second cooperative process, where the history whitelist may be a whitelist updated last time.
In an alternative embodiment, for the order of white list resolution, the following mechanism is mainly adopted:
1) If only the IP white list exists, only the IP white list is analyzed. When the analysis is triggered every round, the last modification time of the file is judged, and if the last modification time is unchanged, the file is not analyzed.
2) If the IP white list and the MNS white list both exist, judging the last updating time of the two white lists firstly: a) If the last updating time of the IP white list is changed, the IP white list is analyzed preferentially, and then the MNS white list is analyzed. b) If the last update time of the IP whitelist and the MNS whitelist is unchanged, it is necessary to determine whether a time interval threshold for forcibly resolving the MNS is reached, if so, resolving the MNS whitelist first, and then resolving the IP whitelist, where the time interval threshold may be set according to specific situations. c) If the last update time of the IP white list is unchanged and the last update time of the MNS is changed, the MNS white list is analyzed preferentially, and then the IP white list is analyzed forcedly.
Fig. 2a is a basic schematic diagram 1, as shown in fig. 2a, according to an embodiment of the present invention, and it is assumed that there are two whitelists, white list 1 and white list 2, respectively, at the time of whitelist initialization record.
The white list 1 is configured with a white list in an IP format, the corresponding authority can be set to be rw/r/w, and the corresponding authority can respectively represent read-write, read-only and write-only authorities, wherein the white list 1 comprises 10.1.1.1rw, 10.1.3.4r and 10.5.7.7.100w. White list 2 is an MNS white list, each row in the MNS white list is configured with name service names, each name service is provided by MNS with a parsing function in SDK, and is inversely resolved into a corresponding IP list, for example trace. Onlinerw in the figure is parsed into 10.0.0.11rw, 10.0.0.12rw, and 10.1.1.1rw. In the figure, the mark-analysis. Onliner is analyzed to be 10.1.0.11r, 10.1.0.12r and 10.1.1.13r.
When the IP white list and MNS are successfully resolved, the combination operation is carried out in the memory and stored in the same memory address, and in the combination process, repeated IP is filtered and kept for 1 time. And the checksum operation is performed on the white list to obtain a unique identifier, i.e. 123456 in the figure, and a counter is maintained to store the actual number of the current white list.
When the contents included in the white list 1 and the white list 2 are the above, the final result includes 10.1.1.1rw, 10.1.3.4r, 10.5.7.7.100w, 10.0.0.11rw, 10.1.1.1rw, 10.1.0.11r, 10.1.0.12r, and 10.1.0.13r.
Fig. 2b is a basic schematic diagram 2 according to an embodiment of the present invention, as shown in fig. 2b, the white list 1 includes 10.1.1.1rw, 10.1.3.4r, 10.5.7.7.100w. Trace. Online rw in white list 2 will resolve to 10.0.0.11rw, 10.0.0.12rw, 10.1.1.1rw. Market-analysis. Online r will resolve to 10.1.0.11r, 10.1.0.12r, 10.1.1.13r, 10.1.0.14r (New addition). Thus, the combined results, namely 456789 in the figure, will be 10.1.1.1rw, 10.1.3.4r, 10.5.7.7.100 rw, 10.0.0.11rw, 10.1.1.1rw, 10.1.0.11r, 10.1.0.12r, 10.1.0.13r, 10.1.0.14r (new). That is, if the number of analyzed IP increases, the current result and the last result are merged.
Fig. 2c is a basic schematic diagram 2 according to an embodiment of the present invention, as shown in fig. 2c, the white list 1 includes 10.1.1.1rw, 10.1.3.4r, 10.5.7.7.100w. Trace. Online rw in white list 2 will resolve to 10.0.0.11rw, 10.0.0.12rw, 10.1.1.1rw. Market-analysis. Online r will resolve to 10.1.0.11r, 10.1.0.12r, 10.1.1.13 (delete). The combined result, i.e., 123456 in the figure, will be 10.1.1.1rw, 10.1.3.4r, 10.5.7.7.100w, 10.0.0.11rw, 10.1.1.1rw, 10.1.0.11r, 10.1.0.12r, 10.1.0.13r (reserved). That is, if the result of a certain IP analysis is less than the last time, the delay deletion mechanism is triggered, that is, the actual white list deletion operation is performed after a plurality of periods are continued.
The white list is analyzed by adopting the operation steps, and whether the target white list is updated or not is further determined by comparing the number of the lists, so that the updating efficiency of the white list can be improved.
In the embodiment of the invention, a first white list is obtained by responding to an updating instruction of a target white list, wherein the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list; analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not; updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is the analysis result of the second white list, and the second white list is the history white list in the second cooperative process, so that the updating of the target white list is realized. It is easy to think that updating the target white list based on the target analysis result and the history analysis result can simplify the white list updating flow, further improve the updating efficiency and accuracy of the white list, and solve the technical problem of lower list performance caused by complicated configuration in the prior art when the list processing is performed.
Optionally, updating the target white list based on the target analysis result and the history analysis result to obtain an updated result, including: determining a first checksum based on the target analysis result, wherein the first checksum is used for representing list information in a first white list; determining a second checksum based on the historical parsing result, wherein the second checksum is used for representing list information in a second white list; and updating the target white list based on the first checksum and the second checksum to obtain an updating result.
The first checksum may be determined from the target parsing result, and optionally, the first checksum may be used to represent list information in the first whitelist.
The second checksum may be determined from the historical parsing result, and optionally, the second checksum may be used to represent list information in the second whitelist.
In an alternative embodiment, the first number of lists may be determined based on the target parsing result, where the first number of lists may be the number of lists included in the first white list, and then the second number of lists may be the number of lists included in the second white list based on the history parsing result, where the first number of lists and the second number of lists may be the same, and the target white list may be updated based on the first checksum and the second checksum to obtain the update result.
Further, by comparing the checksum between the current first white list and the historical second white list, it can be determined whether the current first white list is updated, if the first white list is updated, the target white list can be updated, and if the first white list is not updated, the target white list can be temporarily not updated first.
Optionally, the method further comprises: determining the first list number based on the target analysis result, wherein the first list number is the list number contained in the first white list; determining the second list quantity based on the historical analysis result, wherein the second list quantity is the list quantity contained in the second white list; and under the condition that the number of the first lists is the same as that of the second lists, updating the target white lists based on the first checksum and the second checksum to obtain an updating result.
The number of the first lists may be the number of lists included in the first white list, and optionally, the number of the first lists may be determined by a target parsing result.
The number of the second lists may be the number of lists included in the second white list, and optionally, the number of the second lists may be determined by a history parsing result.
In an alternative embodiment, in the case that the number of the first lists is the same as the number of the second lists, the target white list may be directly updated based on the first checksum and the second checksum, so as to obtain an update result.
By adopting the technical scheme, before updating the target white list, the first list number and the second list number can be compared, if the list number is different, the updated list can be determined, so that the comparison can be directly carried out, wherein the comparison can be that the first list number and the second list number are compared. If the number of the lists is the same, it can be determined that the lists are not updated, so that comparison can be performed later. Therefore, the operation flow of the white list processing is further standardized, and the accuracy of updating the target white list is further improved.
Optionally, the method further comprises: under the condition that the first checksum is different from the second checksum or the first list number is different from the second list number, combining the first white list and the second white list to obtain a third white list; and updating the target white list based on the third white list to obtain an updating result.
In an alternative embodiment, in the case that the first checksum is different from the second checksum, or in the case that the number of the first lists is different from the number of the second lists, the first whitelist and the second whitelist may be combined to obtain a fourth whitelist, and the fourth whitelist is subjected to a deduplication process, that is, duplicate information is removed, so as to obtain a third whitelist.
The fourth white list may be obtained by combining the first white list and the second white list, and the third white list may be obtained by reprocessing based on the fourth white list, where the third white list may be used to update the target white list.
In another alternative embodiment, in the case that the first checksum is different from the second checksum, or in the case that the number of the first lists is different from the number of the second lists, it may be determined that the first whitelist is updated, and at this time, the target whitelist may be updated.
Optionally, merging the first white list and the second white list to obtain a third white list, including: combining the first white list and the second white list to obtain a fourth white list; and carrying out de-duplication treatment on the fourth white list to obtain a third white list.
The de-duplication process may be a data processing manner by which duplicate information may be removed. Optionally, in consideration of the possible occurrence of duplicate elements in the list merging result, the fourth list may be subjected to a deduplication process based on the temporal complexity and the spatial complexity, so that a third list may be obtained.
In an alternative embodiment, the first white list and the second white list may be combined to obtain a fourth white list, and further, the fourth white list may be subjected to deduplication processing to obtain a third white list, and optionally, the third white list may be used to update the target white list.
Optionally, updating based on the third white list and the second white list target white list to obtain an updating result, including: obtaining a third list number of a third white list, wherein the third list number is the list number contained in the third white list; comparing the third list quantity with the second list quantity to obtain a comparison result, wherein the comparison result is used for indicating whether the third list quantity is the same as the second list quantity; and under the condition that the comparison result is that the number of the third lists is different from that of the second lists, updating the target white lists based on the third white lists to obtain an updating result.
The third list number may be a list number included in the third list.
The comparison may be performed by comparing the third number of lists with the second number of lists, so as to obtain a comparison result, where the comparison result may be the same or different between the third number of lists and the second number of lists.
In an alternative embodiment, two sequentially incremented arrays in the double buffer (also referred to as buffer) of the white list, which are to remain sequentially incremented after merging, can be compared from back to front, and if the first M elements of array 1 are set, array 2 remains, then the elements of array 2 can be directly copied into array 1.
Further, if the total number of results of the target analysis and the history analysis is the same, the checksums of the target analysis and the history analysis are further compared, and if the checksums are consistent, the address list and the history analysis which indicate the target analysis are consistent. If the total numbers are consistent, but the checksums are inconsistent, and the two results are different, the result merging operation is needed, the result of the historical analysis and the target analysis result are merged, and the checksums are updated at the same time. If the number of target resolutions is less or more than the number of history resolutions, then it is necessary to directly merge and update the checksum. If the combined result is still a subset of the historical analysis, the address is not newly increased but reduced in the current time, namely the delayed deletion protection mechanism is triggered, and the real deletion is triggered again until a plurality of continuous periods are continued. If the combined result is not a subset of the historical analysis, the effective combination is indicated, the counter is deleted correspondingly at the moment, and the data is cleared at the same time.
Optionally, the method further comprises: and under the condition that the comparison result is that the number of the third lists is the same as the number of the second lists, updating the target white list based on preset updating times to obtain an updating result, wherein the preset updating times are preset times for updating the target white list.
The preset update times can be the times of updating the preset target white list, and optionally, the preset update times can be set by oneself.
In an alternative embodiment, a preset number of updates may be set, and in the case that the number of the third lists is the same as the number of the second lists, the target list may be updated according to the preset number of updates, so as to obtain an update result. Furthermore, a protection mechanism for delaying deletion is added through the operation, so that the efficiency of updating the white list is improved.
Optionally, updating the target white list based on the preset updating times to obtain an updating result, including: under the condition that the current updating times are smaller than the preset updating times, the target white list is forbidden to be updated; and under the condition that the current updating times are greater than or equal to the preset updating times, updating the target white list based on the third white list to obtain an updating result.
In an alternative embodiment, if the current update times are smaller than the preset update times, the updating of the target white list may be suspended, and if the current update times are greater than or equal to the preset update times, the updating of the target white list may be performed based on the third white list, so as to obtain an updating result.
FIG. 3 is a schematic diagram of a system according to an embodiment of the present invention, as shown in FIG. 3, when resolving etcd, the main cooperative program is still kept as it is for processing with the main process, when resolving the IP/MNS white list, a sub-cooperative program which is independently derived from the main cooperative program is used for performing some initialization actions in the sub-cooperative program, including creating branches, that is, creating a white name sub-cooperative program, performing parameter verification after creating a white name sub-cooperative program, then performing a unary interceptor call, and entering into the white list processing main process. The unary interceptor call may be to intercept the address of the client end by continuously using the unary serverinterseptitor in Google Remote Procedure Call (which refers to a high-performance general open source framework, abbreviated as grpc) used by etcd v3, so as to perform authentication preprocessing.
After entering the main flow of white list processing, the white list is analyzed by polling first, whether the current analysis result and the last result are newly increased or not is compared, if yes, the current analysis result and the last result are combined, the white list is updated, if no, whether the current analysis result and the last result are reduced or not is compared, if no reduction is carried out, the current analysis result is determined to be unchanged, the white list can be analyzed by polling next round, if reduction is carried out, whether the update times reach the preset update times or not and whether the old address needs to be deleted or not is judged, if yes, the old address is deleted, and if not, the new round of white list establishment is started again.
Example 2
According to another aspect of the embodiments of the present invention, a device for processing a white list is provided, where the device may execute the method for processing a white list in the foregoing embodiments, and a specific implementation manner and a preferred application scenario are the same as those of the foregoing embodiments, which are not described herein.
Fig. 4 is a schematic diagram of a processing apparatus for a whitelist according to an embodiment of the present invention, as shown in fig. 4, the apparatus includes:
an obtaining module 402, configured to obtain a first white list in response to an update instruction for a target white list, where the target white list is a white list to be updated in a first cooperative procedure, the first white list is a current white list in a second cooperative procedure, the first cooperative procedure is used for authenticating through the target white list, and the second cooperative procedure is used for updating the target white list through the first white list; the parsing module 404 is configured to parse the first white list by using the second cooperative procedure to obtain a target parsing result, where the target parsing result is used to indicate whether the first white list is updated; the updating module 406 is configured to update the target white list based on the target analysis result and the history analysis result, and obtain an update result, where the history analysis result is an analysis result of a second white list, and the second white list is a history white list in the second cooperative journey.
Optionally, the updating module 406 includes: a determining unit, configured to determine a first checksum based on the target resolution result, where the first checksum is used to represent list information in the first whitelist; determining a second checksum based on the historical parsing result, wherein the second checksum is used for representing list information in a second white list; and updating the target white list based on the first checksum and the second checksum to obtain an updating result.
Optionally, the determining unit includes a determining subunit, configured to determine a first number of lists based on the target resolution result, where the first number of lists is a number of lists included in the first white list; determining the second list quantity based on the historical analysis result, wherein the second list quantity is the list quantity contained in the second white list; and under the condition that the number of the first lists is the same as that of the second lists, updating the target white lists based on the first checksum and the second checksum to obtain an updating result.
Optionally, the determining subunit is further configured to, in a case where the first checksum is different from the second checksum, or in a case where the number of the first lists is different from the number of the second lists, combine the first whitelist and the second whitelist to obtain a third whitelist; and updating the target white list based on the third white list to obtain an updating result.
Optionally, the determining subunit is further configured to combine the first white list and the second white list to obtain a fourth white list; and carrying out de-duplication treatment on the fourth white list to obtain a third white list.
Optionally, the determining subunit is further configured to obtain a third list number of a third white list, where the third list number is a list number included in the third white list; comparing the third list quantity with the second list quantity to obtain a comparison result, wherein the comparison result is used for indicating whether the third list quantity is the same as the second list quantity; and under the condition that the comparison result is that the number of the third lists is different from that of the second lists, updating the target white lists based on the third white lists to obtain an updating result.
Optionally, the determining subunit is further configured to update the target white list based on a preset update number of times to obtain an update result when the comparison result indicates that the third list number is the same as the second list number, where the preset update number of times is a preset number of times to update the target white list.
Optionally, the determining subunit is further configured to prohibit updating the target white list when the current update number is less than the preset update number; and under the condition that the current updating times are greater than or equal to the preset updating times, updating the target white list based on the third white list to obtain an updating result.
Example 3
According to another aspect of the embodiment of the present invention, there is further provided a storage medium, where the storage medium includes a stored program, and when the program runs, the device where the storage medium is controlled to execute the processing method of any one of the whitelists.
Example 4
According to another aspect of the embodiment of the present invention, there is also provided a computer terminal including: the processor is used for running the program stored in the memory, wherein the processing method of any one of the whitelists is executed when the program runs.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present invention, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology content may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.
Claims (10)
1. A method for processing a white list, comprising:
responding to an updating instruction of a target white list, acquiring a first white list, wherein the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for authenticating through the target white list, and the second cooperative process is used for updating the target white list through the first white list;
analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not;
updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is an analysis result of a second white list, and the second white list is a history white list in the second cooperative process;
The updating the target white list based on the target analysis result and the history analysis result to obtain an updated result comprises the following steps: determining a first checksum based on the target analysis result, wherein the first checksum is used for representing list information in the first white list; determining a second checksum based on the historical parsing result, wherein the second checksum is used for representing list information in the second white list; and updating the target white list based on the first checksum and the second checksum to obtain the updating result.
2. The method according to claim 1, wherein the method further comprises:
determining a first list number based on the target analysis result, wherein the first list number is the list number contained in the first white list;
determining a second list number based on the history analysis result, wherein the second list number is the list number contained in the second white list;
and under the condition that the number of the first lists is the same as the number of the second lists, updating the target white list based on the first checksum and the second checksum to obtain the updating result.
3. The method according to claim 2, wherein the method further comprises:
combining the first white list and the second white list to obtain a third white list under the condition that the first checksum is different from the second checksum or the first list number is different from the second list number;
and updating the target white list based on the third white list to obtain the updating result.
4. A method according to claim 3, wherein combining the first whitelist and the second whitelist to obtain a third whitelist comprises:
combining the first white list and the second white list to obtain a fourth white list;
and carrying out de-duplication treatment on the fourth white list to obtain the third white list.
5. The method of claim 3, wherein updating the target whitelist based on the third whitelist results in the updated result comprising:
obtaining a third list number of the third white list, wherein the third list number is a list number contained in the third white list;
comparing the third list number with the second list number to obtain a comparison result, wherein the comparison result is used for indicating whether the third list number is the same as the second list number;
And updating the target white list based on the third white list to obtain the updating result when the comparison result is that the third list number is different from the second list number.
6. The method of claim 5, wherein the method further comprises:
and under the condition that the comparison result is that the number of the third lists is the same as the number of the second lists, updating the target white list based on preset updating times to obtain the updating result, wherein the preset updating times are preset times for updating the target white list.
7. The method of claim 6, wherein updating the target whitelist based on a preset number of updates to obtain the updated result comprises:
under the condition that the current updating times are smaller than the preset updating times, the target white list is forbidden to be updated;
and updating the target white list based on the third white list to obtain the updating result when the current updating times are greater than or equal to the preset updating times.
8. A white list processing apparatus, comprising:
The system comprises an acquisition module, a first judgment module and a second judgment module, wherein the acquisition module is used for responding to an updating instruction of a target white list, the target white list is a white list to be updated in a first cooperative process, the first white list is a current white list in a second cooperative process, the first cooperative process is used for carrying out authentication through the target white list, and the second cooperative process is used for updating the target white list through the first white list;
the analysis module is used for analyzing the first white list by utilizing the second cooperative distance to obtain a target analysis result, wherein the target analysis result is used for indicating whether the first white list is updated or not;
the updating module is used for updating the target white list based on the target analysis result and the history analysis result to obtain an updating result, wherein the history analysis result is an analysis result of a second white list, and the second white list is a history white list in the second cooperative process;
wherein the update module comprises:
a first determining unit, configured to determine a first checksum based on the target parsing result, where the first checksum is used to represent list information in the first whitelist;
A first determining unit configured to determine a second checksum based on the history analysis result, wherein the second checksum is used to represent list information in the second whitelist;
and the updating unit is used for updating the target white list based on the first checksum and the second checksum to obtain the updating result.
9. A storage medium comprising a stored program, wherein the program, when run, controls a device in which the storage medium is located to perform the method of processing a whitelist according to any one of claims 1 to 8.
10. A computer terminal, comprising: a processor and a memory, the processor being configured to execute a program stored in the memory, wherein the program, when executed, performs the method of processing a whitelist according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210535831.3A CN115085973B (en) | 2022-05-17 | 2022-05-17 | White list processing method, white list processing device, storage medium and computer terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210535831.3A CN115085973B (en) | 2022-05-17 | 2022-05-17 | White list processing method, white list processing device, storage medium and computer terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115085973A CN115085973A (en) | 2022-09-20 |
| CN115085973B true CN115085973B (en) | 2024-03-12 |
Family
ID=83247605
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210535831.3A Active CN115085973B (en) | 2022-05-17 | 2022-05-17 | White list processing method, white list processing device, storage medium and computer terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115085973B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110222485A (en) * | 2019-05-14 | 2019-09-10 | 浙江大学 | Industry control white list management system and method based on SGX software protecting extended instruction |
| CN111865987A (en) * | 2020-07-21 | 2020-10-30 | 百度在线网络技术(北京)有限公司 | Cheating flow processing method, device, equipment and storage medium |
| CN112311097A (en) * | 2020-11-03 | 2021-02-02 | 国网智能科技股份有限公司 | On-line intelligent patrol centralized monitoring system and method for transformer substation |
| CN113051279A (en) * | 2021-03-05 | 2021-06-29 | 北京顺达同行科技有限公司 | Data message storage method, storage device, electronic equipment and storage medium |
| CN113504932A (en) * | 2021-08-06 | 2021-10-15 | 恒为科技(上海)股份有限公司 | Firmware data updating method and device |
| CN113709129A (en) * | 2021-08-20 | 2021-11-26 | 绿盟科技集团股份有限公司 | White list generation method, device and system based on traffic learning |
| CN113935035A (en) * | 2021-10-09 | 2022-01-14 | 北京天地和兴科技有限公司 | Virus scanning method and USB flash disk scanning method thereof |
| CN114257445A (en) * | 2021-12-20 | 2022-03-29 | 中电福富信息科技有限公司 | Signal control method for preventing instant multi-dialing authentication access of user |
| CN114417326A (en) * | 2021-12-31 | 2022-04-29 | 深信服科技股份有限公司 | Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8646089B2 (en) * | 2011-10-18 | 2014-02-04 | Mcafee, Inc. | System and method for transitioning to a whitelist mode during a malware attack in a network environment |
| US10540405B2 (en) * | 2014-05-07 | 2020-01-21 | International Business Machines Corporation | Management of parallel user inputs in electronic communications |
| KR101899589B1 (en) * | 2017-03-29 | 2018-09-17 | 최승환 | System and method for authentication about safety software |
-
2022
- 2022-05-17 CN CN202210535831.3A patent/CN115085973B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110222485A (en) * | 2019-05-14 | 2019-09-10 | 浙江大学 | Industry control white list management system and method based on SGX software protecting extended instruction |
| CN111865987A (en) * | 2020-07-21 | 2020-10-30 | 百度在线网络技术(北京)有限公司 | Cheating flow processing method, device, equipment and storage medium |
| CN112311097A (en) * | 2020-11-03 | 2021-02-02 | 国网智能科技股份有限公司 | On-line intelligent patrol centralized monitoring system and method for transformer substation |
| CN113051279A (en) * | 2021-03-05 | 2021-06-29 | 北京顺达同行科技有限公司 | Data message storage method, storage device, electronic equipment and storage medium |
| CN113504932A (en) * | 2021-08-06 | 2021-10-15 | 恒为科技(上海)股份有限公司 | Firmware data updating method and device |
| CN113709129A (en) * | 2021-08-20 | 2021-11-26 | 绿盟科技集团股份有限公司 | White list generation method, device and system based on traffic learning |
| CN113935035A (en) * | 2021-10-09 | 2022-01-14 | 北京天地和兴科技有限公司 | Virus scanning method and USB flash disk scanning method thereof |
| CN114257445A (en) * | 2021-12-20 | 2022-03-29 | 中电福富信息科技有限公司 | Signal control method for preventing instant multi-dialing authentication access of user |
| CN114417326A (en) * | 2021-12-31 | 2022-04-29 | 深信服科技股份有限公司 | Abnormality detection method, abnormality detection device, electronic apparatus, and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| Ali Jokar ; Navid Farrokhi ; Masoud Sabaei 2013 21st Iranian Conference on Electrical Engineering (ICEE)》.2013,全文. * |
| Hootan Zhian ; Ali Jokar ; Navid Farrokhi ; Masoud Sabaei ; .A multi-thread based approach for IP address lookup.《Hootan Zhian * |
| 工业控制***信息安全测试与防护技术趋势;万明;;《自动化博览》(第09期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115085973A (en) | 2022-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110489382B (en) | Processing method, system and storage medium for cloud mobile phone game progress data | |
| EP2453370B1 (en) | Method and system for specifying, preparing and using parameterized database queries | |
| US20070156432A1 (en) | Method and system using parameterized configurations | |
| CN112560100A (en) | Data desensitization method and device, computer readable storage medium and electronic equipment | |
| CN109582315A (en) | Service privatization method, apparatus, computer equipment and storage medium | |
| US7529750B2 (en) | Accessing information on a network | |
| CN110381101A (en) | API gateway control system, control method, equipment and medium | |
| CN105549996B (en) | Application program updating method of mobile terminal and mobile terminal | |
| JP5603843B2 (en) | Database load balancer | |
| CN106202220A (en) | The method of data and device in a kind of reading object storage system | |
| CN115085973B (en) | White list processing method, white list processing device, storage medium and computer terminal | |
| CN113590144B (en) | Dependency processing method and device | |
| US11769143B1 (en) | System and method for high performance providing fresh NFT metadata | |
| CN110417579A (en) | A kind of method, equipment and readable medium managing 10,000,000,000 networks using Gigabit Ethernet | |
| CN113722348B (en) | Structured query language SQL statement processing method and device and electronic equipment | |
| CN109697072A (en) | Information processing method, device and equipment | |
| CN115129275A (en) | Digital file printing method and device, electronic equipment and storage medium | |
| US20160196331A1 (en) | Reconstitution order of entity evaluations | |
| CN114064477A (en) | Recommendation strategy testing method and device, computer equipment and storage medium | |
| CN102833249B (en) | The method and system of the applications client logging in network server of mobile terminal | |
| CN112668659A (en) | Model training method, platform and electronic equipment | |
| US20240177245A1 (en) | Data processing method, computer device and storage medium | |
| CN117648113A (en) | Rights and interests data processing method, device, equipment and storage medium | |
| CN109933573B (en) | Database service updating method, device and system | |
| CN112612977B (en) | Page display method, system, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |