CN115952475A - File processing method and device, storage medium and server - Google Patents
File processing method and device, storage medium and server Download PDFInfo
- Publication number
- CN115952475A CN115952475A CN202211074924.7A CN202211074924A CN115952475A CN 115952475 A CN115952475 A CN 115952475A CN 202211074924 A CN202211074924 A CN 202211074924A CN 115952475 A CN115952475 A CN 115952475A
- Authority
- CN
- China
- Prior art keywords
- file
- client
- key
- public key
- page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a file processing method, a file processing device, a storage medium and a server, wherein the method comprises the following steps: copying a js file requested by a client to obtain a js file backup; acquiring a real public key based on the UUID of the client; writing the real public key into the js file backup to obtain a candidate js file; performing confusion processing on the candidate js file to obtain a confusion js file; and sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain an interactive page, and running encryption logic in the obfuscated js file to call the real public key to encrypt the interactive information to obtain encrypted interactive information. The method encapsulates the rendering logic in the js file, and feeds back the obfuscated js file containing the real public key to the client when the client requests the js file, so that the difficulty of cracking the obfuscated js file by the black product is greatly improved, and the automation difficulty of the black product is obviously increased.
Description
Technical Field
The present application relates to the field of network security, and in particular, to a file processing method, apparatus, storage medium, and server.
Background
With the development of the internet, enterprises often host client activities (such as new people's offers) to attract new customers, and internet users can participate in new people's offers by registering the clients. However, the new people's preferential activities are held in the internet, and therefore, the preferential activities are easily destroyed by third parties (for example, simulating the participation of internet users in the activities by registering clients, and destroying the fairness of the activities).
Currently, in order to prevent a third party from destroying the fairness of an activity, an obfuscation processing method is usually used to encrypt an active source file (usually a js file). However, the encryption method is still easy to break for automation of black production (a kind of breaking technology).
Therefore, how to increase the difficulty of the automation of the blackproduction (i.e. the threshold of the blackproduction for automatically breaking the encrypted source file) so as to increase the cost of the third party destruction activity, thereby forcing the third party to abandon the destruction activity, is a problem that needs to be solved in the field.
Disclosure of Invention
The application provides a file processing method, a file processing device, a storage medium and a server, and aims to improve the difficulty of black product automation.
In order to achieve the above object, the present application provides the following technical solutions:
a method of file processing, comprising:
copying a js file requested by a client to obtain a js file backup; the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag;
acquiring a real public key based on the UUID of the client;
writing the real public key into the js file backup to obtain a candidate js file;
performing confusion processing on the candidate js file to obtain a confusion js file;
sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain the interactive page, and running encryption logic in the obfuscated js file to call the real public key to encrypt interactive information input by the user according to an interactive process shown by the interactive page to obtain encrypted interactive information; and the encrypted interactive information is used for requesting the service server to obtain a service execution result.
Optionally, the copying the js file requested by the client to obtain a js file backup includes:
receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user;
acquiring a js file corresponding to the page tag selected by the user from a preset database;
and copying the obtained js file to obtain a js file backup.
Optionally, the obtaining a true public key based on the UUID of the client includes:
receiving a page loading request which is sent by the client and carries the UUID of the equipment to which the client belongs;
sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the set of key pairs comprises a set of real key pairs and a plurality of sets of phishing key pairs; the real key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key;
and receiving the key pair set sent by the preset key service.
Optionally, the writing the real public key into the js file backup to obtain a candidate js file includes:
and writing the real public key and each phishing public key into the js file backup to obtain a candidate js file.
Optionally, the obfuscating the candidate js file to obtain an obfuscated js file includes:
implanting a preset phishing code into the candidate js file to obtain a target js file;
and performing confusion processing on the target js file to obtain a confused js file.
A document processing apparatus comprising:
the file copying unit is used for copying the js file requested by the client to obtain a js file backup; the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag;
the public key obtaining unit is used for obtaining a real public key based on the UUID of the client;
a public key writing unit, configured to write the real public key into the js file backup to obtain a candidate js file;
the public key confusion unit is used for carrying out confusion processing on the candidate js file to obtain a confusion js file;
the file sending unit is used for sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain the interactive page, and runs encryption logic in the obfuscated js file to call the real public key, and encrypts interactive information input by the user according to an interactive process shown by the interactive page to obtain encrypted interactive information; the encrypted interactive information is used for requesting the service server to obtain a service execution result.
Optionally, the file copying unit is specifically configured to:
receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user;
acquiring a js file corresponding to the page tag selected by the user from a preset database;
and copying the obtained js file to obtain a js file backup.
Optionally, the public key obtaining unit is specifically configured to:
receiving a page loading request which is sent by the client and carries the UUID of the equipment to which the client belongs;
sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the set of key pairs comprises a set of real key pairs and a plurality of sets of phishing key pairs; the real secret key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key;
and receiving the key pair set sent by the preset key service.
A computer-readable storage medium including a stored program, wherein the program executes the file processing method.
A server, comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing programs, and the processor is used for running the programs, wherein the programs execute the file processing method when running.
According to the technical scheme, the js file requested by the client is copied to obtain the js file backup. And obtaining the real public key based on the UUID of the client. And writing the real public key into the js file backup to obtain a candidate js file. And carrying out confusion processing on the candidate js file to obtain a confused js file. And sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain an interactive page, and running encryption logic in the obfuscated js file to call the real public key to encrypt interactive information input by a user according to an interactive flow shown by the interactive page to obtain encrypted interactive information. The rendering logic is packaged in the js file, when the client requests the js file, the real public key is written into the js file backup, the js file backup is subjected to confusion processing, the confused js file is obtained, the difficulty of cracking the confused js file by the black products is greatly improved, and the automation difficulty of the black products is remarkably increased.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1a is a schematic diagram of a document processing system according to an embodiment of the present application;
fig. 1b is a schematic flowchart of a document processing method according to an embodiment of the present application;
fig. 1c is a schematic flowchart of a document processing method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart diagram illustrating another document processing method according to an embodiment of the present application;
fig. 3 is a schematic diagram of an architecture of a document processing apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
The terminology used in the examples of the present application is as follows.
A js file: the js is also called as javascript for short, and is a script language, a common webpage source file is composed of html and javascript, the js script can control the display, change and the like of html markup language, and all icons and components on a page can be placed in the js file for rendering.
Automating black production: the black products analyze html source codes of a webpage end (web) end (the source codes of the web end cannot be hidden), the encryption modes of interfaces for logging, ordering and the like are decoded, the black products compile an automatic program to simulate a normal user to log in and order, common electronic commerce has a preferential policy for a new user, the black products borrow mobile phone numbers and automatically simulate actions of logging, ordering and the like of the new user, and finally the new reward provided by marketing activities is obtained.
Number mountain: a black-birth service that will support a very large number of mobile cards dedicated to pulling a variety of new people, such as: the company A of Heiyuan holds 20 ten thousand mobile phone cards, then sells the mobile phone cards to the outside, and after receiving the short messages, the mobile phone cards inform the Heiyuan of the contents of the short messages.
Universal Unique Identifier (UUID): refers to a number generated on one machine that is guaranteed to be unique to all machines in the same space-time.
As shown in fig. 1a, a schematic architecture diagram of a file processing system provided in the embodiment of the present application includes the following modules.
A client 100 and a server 200.
The flowchart of the document processing method of the document processing system, as shown in fig. 1b and 1c, includes the following steps.
S101: and the client sends a page loading request carrying the UUID of the equipment to which the client belongs to the server.
Wherein the page loading request includes a user selected page tag.
It should be noted that, when the client executes the service, it is necessary to send a page loading request carrying the UUID of the device to which the client belongs to the server, and specifically, when the client applies for the coupon getting service, it is necessary to log in the coupon page of the new person, that is, send a page loading request of the coupon page of the new person to the server. In addition, the page tag in the coupon page comprises an order button and a coupon button, and if the order button in the coupon page is selected by a user, the page loading request of the coupon page comprises the order button.
S102: and the server side acquires a js file corresponding to the page tag selected by the user from a preset database.
The preset database comprises js files corresponding to a plurality of page tags.
In an embodiment of the present application, a js file includes encryption logic and rendering logic. The encryption logic is used for encrypting the interactive information to obtain encrypted interactive information. Assuming that two page tags included in the recharge page are a mobile phone number input box and a recharge button, taking a recharge page (an interactive page corresponding to the recharge button) as an example, an interactive process of the recharge page is as follows: the user inputs the mobile phone number and selects the amount of money, the recharging is clicked, the encryption logic in the js file is operated on the recharging page, the mobile phone number and the recharging amount (namely, the interactive information) input by the user are obtained, then the mobile phone number and the recharging amount are encrypted to obtain encrypted interactive information, and the encrypted interactive information is sent to the service server to realize recharging. The js file mentioned in the prior art only comprises encryption logic (rendering logic is realized by using other interfaces), so that the automation of the black product is very easy, the encryption logic corresponding to a recharging button is only needed to be found, the mobile phone number and the amount of money to be recharged are directly transmitted, the encryption logic automatically helps the black product to perform encryption operation, and a service server is requested to recharge.
However, the js file shown in the embodiment of the present application includes not only the encryption logic but also the rendering logic. The rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag. Because the rendering logic is packaged in the js file, and the interactive page comprises an interactive flow for guiding the user to input the interactive information, for this reason, the black product only knows the encryption logic, but does not know what the interactive information is specifically, for this reason, the black product automation also needs to crack the rendering logic to obtain the interactive flow, and the cracking process of the rendering logic takes time and cost, thereby improving the difficulty of the black product automation.
S103: and the server copies the obtained js file to obtain a js file backup.
The js file is copied to obtain a js file backup, that is, to ensure that the original js file is not damaged, since the client sends a page loading request each time, the server needs to perform processing operations (such as writing a key pair, implanting a phishing code, performing obfuscation processing, and the like) shown in the following steps on the js file, and for this reason, the js file backup needs to be used for replacing the js file to perform the processing operations.
S104: and the server side sends the UUID to the preset key service so that the preset key service generates a key pair set based on the UUID.
Wherein the set of key pairs comprises a set of real key pairs and a plurality of sets of phishing key pairs. The real key pair comprises a real public key and a real private key, and the phishing key pair comprises a phishing convention and a phishing private key.
S105: after receiving the key pair set fed back by the preset key service, the server side writes the real public key and each fishing public key into the js file backup to obtain a candidate js file.
The real public key and each fishing public key are written into the js file backup to obtain the candidate js file, the real public key can be obtained only by performing trigger operation on the real user according to an interaction flow shown in the candidate js file, and if the candidate js file is automatically operated in the black product, the black product automation lacks user operation steps and the real public key is not obtained by using an interface in the prior art.
In addition, compared with an encryption mode in the prior art (namely, calling an interface to acquire a real key to encrypt information), the real key is written into the js file in the embodiment, and the automation of the black production needs to crack the js file to acquire the real key, so that the automation difficulty of the black production is improved.
S106: and the server side implants the preset phishing codes into the candidate js file to obtain the target js file.
And the preset phishing codes are implanted into the candidate js file, and the definition of each variable name in the candidate js file can be changed to obtain the target js file. The definition of each variable name of the target js file is changed every time the client sends a page loading request, namely the js files obtained by the client are different every time, so that the automation of the black production needs to be cracked aiming at the massive js files, the time cost required for cracking is greatly improved, and the difficulty of the automation of the black production is improved.
Specifically, the fishing code contained in the target js file may be as follows:
100 lines: varuis = "true public key";
501, lines: varxsa = "fishing public key 1";
xxx rows: var s1a = "fishing public key 2";
xxx rows: varx01= "public phishing key 3".
S107: and the server performs confusion processing on the target js file to obtain a confused js file.
And performing confusion processing on the target js file, and changing the variable name in the target js file to obtain the confusion js file. Each variable name of the confused js file is changed when the client sends a page loading request, namely the js file obtained by the client is different every time, so that the automation of black production needs to be cracked aiming at massive js files, the time cost required for cracking is greatly increased, and the automation difficulty of black production is further increased.
S108: and the server side sends the obfuscated js file to the client side.
S109: and loading the rendering logic in the obfuscated js file by the client to obtain an interactive page corresponding to the page tag selected by the user.
The interactive page comprises an interactive process for guiding a user to input interactive information.
It should be noted that, assuming that the client is a client simulated by the black product automation, the black product automation is unmanned, and the interactive page needs to be obtained by loading rendering logic in the obfuscated js file, for this reason, the black product automation is not aware of the interactive information, and the rendering logic needs to be cracked to obtain which interactive information is specifically needed, so that the difficulty of the black product automation is increased.
S110: and the client runs the encryption logic in the obfuscated js file to call the real public key, and encrypts the interactive information input by the user according to the interactive flow shown by the interactive page to obtain encrypted interactive information.
If the client is not the client of the real user, namely the client simulated by the black product automation, the black product automation cannot easily obtain the real public key by loading and confusing the encryption logic in the js file, and therefore the black product automation probability can obtain the phishing public key, and the black product automation difficulty is effectively improved.
S111: and the client calls a preset service interface and sends the encrypted interactive information to the service server so that the service server verifies the encrypted interactive information to obtain a verification result.
The specific implementation process of the service server for verifying the encrypted interaction information may be as follows: the method comprises the steps that a business server sends encrypted interactive information to a preset key service, the preset key service decrypts the encrypted interactive information by using a real private key, when the decryption result of the encrypted interactive information is determined to be successful, the verification result is that the encrypted interactive information passes verification, when the decryption result of the encrypted interactive information is determined to be failed, the encrypted interactive information is secondarily decrypted by using a fishing private key, when the secondary decryption result of the encrypted interactive information is determined to be successful, a client is determined to be a client counterfeit by black product automation, the business server pulls the client into a preset blacklist and prohibits receiving any request sent by the client, and when the secondary decryption result of the encrypted interactive information is determined to be failed, the verification result is determined to be that the encrypted interactive information does not pass verification.
In the embodiment of the application, if the verification result indicates that the encrypted interactive information passes the verification, the service server executes the service request indicated by the encrypted interactive information to obtain a service execution result, and feeds back the service execution result to the client. If the verification result indicates that the encrypted interactive information is not verified, the service server will not execute the service request indicated by the encrypted interactive information, and only will send a prompt of failure of the request back to the client.
It should be noted that, when it is determined that the client is a client that is counterfeited by the blackjack automation, the service server pulls the client into the preset blacklist, so as to prevent the blackjack automation from being unable to forge the client to perform wool pulling, and thus the difficulty in the blackjack automation is increased.
S112: and under the condition that the verification result indicates that the encrypted interactive information passes the verification, the client receives a service execution result fed back by the service server.
To sum up, the rendering logic is encapsulated in the js file, when the client requests the js file, the real public key is written into the js file backup, and the js file backup is subjected to obfuscation processing to obtain the obfuscated js file, so that the difficulty of cracking the obfuscated js file by the black products is greatly improved, and the automation difficulty of the black products is remarkably increased.
It should be noted that the document processing method of the document processing system mentioned in the above embodiment can be summarized as the method shown in fig. 2.
As shown in fig. 2, a schematic flowchart of another file processing method provided in the embodiment of the present application includes the following steps.
S201: and copying the js file requested by the client to obtain the js file backup.
Wherein the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag.
Optionally, the specific implementation process of S201 may be: receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user; acquiring a js file corresponding to a page tag selected by a user from a preset database; and copying the obtained js file to obtain a js file backup.
S202: and obtaining the real public key based on the UUID of the client.
Optionally, the specific implementation process of S202 may be: receiving a page loading request which is sent by a client and carries a UUID of equipment to which the client belongs; sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the key pair set comprises a group of real key pairs and a plurality of groups of phishing key pairs; the real secret key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key; and receiving a key pair set sent by a preset key service.
S203: and writing the real public key into the js file backup to obtain a candidate js file.
Optionally, the specific implementation process of S203 may be: and writing the real public key and each fishing public key into the js file backup to obtain a candidate js file.
S204: and carrying out confusion processing on the candidate js file to obtain a confused js file.
Optionally, the specific implementation process of S204 may be: implanting a preset fishing code into the candidate js file to obtain a target js file; and performing confusion processing on the target js file to obtain a confusion js file.
S205: and sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain an interactive page, and running encryption logic in the obfuscated js file to call the real public key to encrypt interactive information input by a user according to an interactive flow shown by the interactive page to obtain encrypted interactive information.
The encrypted interactive information is used for requesting the service server to obtain a service execution result.
To sum up, the rendering logic is encapsulated in the js file, when the client requests the js file, the real public key is written into the js file backup, and the js file backup is subjected to obfuscation processing to obtain the obfuscated js file, so that the difficulty of cracking the obfuscated js file by the black products is greatly improved, and the automation difficulty of the black products is remarkably increased.
Corresponding to the file processing provided by the embodiment of the present application, an embodiment of the present application further provides a file processing apparatus.
As shown in fig. 3, a schematic structural diagram of a document processing apparatus provided in an embodiment of the present application includes the following units.
The file copying unit 301 is configured to copy a js file requested by a client to obtain a js file backup; the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag.
Optionally, the file copying unit 301 is specifically configured to: receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user; acquiring a js file corresponding to a page tag selected by a user from a preset database; and copying the obtained js file to obtain a js file backup.
A public key obtaining unit 302, configured to obtain a real public key based on the UUID of the client.
Optionally, the public key obtaining unit 302 is specifically configured to: receiving a page loading request which is sent by a client and carries a UUID of equipment to which the client belongs; sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the key pair set comprises a group of real key pairs and a plurality of groups of phishing key pairs; the real secret key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key; and receiving a key pair set sent by a preset key service.
And a public key writing unit 303, configured to write the real public key into the js file backup to obtain a candidate js file.
Optionally, the public key writing unit 303 is specifically configured to: and writing the real public key and each fishing public key into the js file backup to obtain a candidate js file.
And the public key obfuscating unit 304 is configured to perform obfuscation processing on the candidate js file to obtain an obfuscated js file.
Optionally, the public key obfuscating unit 304 is specifically configured to: implanting a preset fishing code into the candidate js file to obtain a target js file; and performing confusion processing on the target js file to obtain a confused js file.
The file sending unit 305 is configured to send the obfuscated js file to the client, so that the client loads rendering logic in the obfuscated js file to obtain an interactive page, and runs encryption logic in the obfuscated js file to call a real public key, and encrypts interactive information input by a user according to an interactive flow shown by the interactive page to obtain encrypted interactive information; the encrypted mutual information is used for requesting the service server to obtain a service execution result.
To sum up, in this embodiment, the rendering logic is encapsulated in the js file, when the client requests the js file, the real public key is written into the js file backup, and the js file backup is obfuscated to obtain the obfuscated js file, so that difficulty in cracking the obfuscated js file in the black product is greatly increased, and difficulty in automating the black product is significantly increased.
The present application also provides a computer-readable storage medium including a stored program, wherein the program executes the file processing method provided by the present application.
The present application further provides a server, including: a processor, a memory, and a bus. The processor is connected with the memory through a bus, the memory is used for storing programs, and the processor is used for running the programs, wherein when the programs are run, the file processing method provided by the application is executed, and the file processing method comprises the following steps:
copying a js file requested by a client to obtain a js file backup; the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag;
acquiring a real public key based on the UUID of the client;
writing the real public key into the js file backup to obtain a candidate js file;
performing confusion processing on the candidate js file to obtain a confusion js file;
sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain the interactive page, and running encryption logic in the obfuscated js file to call the real public key to encrypt interactive information input by the user according to an interactive process shown by the interactive page to obtain encrypted interactive information; the encrypted interactive information is used for requesting the service server to obtain a service execution result.
Specifically, on the basis of the above embodiment, the copying a js file requested by a client to obtain a js file backup includes:
receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user;
acquiring a js file corresponding to the page tag selected by the user from a preset database;
and copying the obtained js file to obtain a js file backup.
Specifically, on the basis of the above embodiment, the obtaining a true public key based on the UUID of the client includes:
receiving a page loading request which is sent by the client and carries the UUID of the equipment to which the client belongs;
sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the set of key pairs comprises a set of real key pairs and a plurality of sets of phishing key pairs; the real key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key;
and receiving the key pair set sent by the preset key service.
Specifically, on the basis of the above embodiment, writing the real public key into the js file backup to obtain a candidate js file includes:
and writing the real public key and each phishing public key into the js file backup to obtain a candidate js file.
Specifically, on the basis of the foregoing embodiment, the obfuscating the candidate js file to obtain an obfuscated js file includes:
implanting a preset phishing code into the candidate js file to obtain a target js file;
and performing confusion processing on the target js file to obtain a confused js file.
The functions described in the method of the embodiment of the present application, if implemented in the form of software functional units and sold or used as independent products, may be stored in a storage medium readable by a computing device. Based on such understanding, part of the contribution to the prior art of the embodiments of the present application or part of the technical solution may be embodied in the form of a software product stored in a storage medium and including several instructions for causing a computing device (which may be a personal computer, a server, a mobile computing device or a network device) to execute all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, and the like.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A file processing method, comprising:
copying a js file requested by a client to obtain a js file backup; the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag;
acquiring a real public key based on the UUID of the client;
writing the real public key into the js file backup to obtain a candidate js file;
performing confusion processing on the candidate js file to obtain a confusion js file;
sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain the interactive page, and running encryption logic in the obfuscated js file to call the real public key to encrypt interactive information input by the user according to an interactive process shown by the interactive page to obtain encrypted interactive information; and the encrypted interactive information is used for requesting the service server to obtain a service execution result.
2. The method according to claim 1, wherein the copying the js file requested by the client to obtain a js file backup comprises:
receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user;
acquiring a js file corresponding to the page tag selected by the user from a preset database;
and copying the obtained js file to obtain a js file backup.
3. The method of claim 1, wherein obtaining the true public key based on the UUID of the client comprises:
receiving a page loading request which is sent by the client and carries the UUID of the equipment to which the client belongs;
sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the set of key pairs comprises a set of real key pairs and a plurality of sets of phishing key pairs; the real key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key;
and receiving the key pair set sent by the preset key service.
4. The method according to claim 3, wherein said writing said true public key to said js file backup to obtain a candidate js file comprises:
and writing the real public key and each phishing public key into the js file backup to obtain a candidate js file.
5. The method of claim 1, wherein obfuscating the candidate js file to obtain an obfuscated js file comprises:
implanting a preset phishing code into the candidate js file to obtain a target js file;
and performing confusion processing on the target js file to obtain a confused js file.
6. A document processing apparatus, characterized by comprising:
the file copying unit is used for copying the js file requested by the client to obtain a js file backup; the js file comprises encryption logic and rendering logic; the encryption logic is used for encrypting the interactive information input by the user to obtain encrypted interactive information; the rendering logic is used for rendering the page tag selected by the user to obtain an interactive page corresponding to the page tag;
the public key obtaining unit is used for obtaining a real public key based on the UUID of the client;
a public key writing unit, configured to write the real public key into the js file backup to obtain a candidate js file;
the public key confusion unit is used for carrying out confusion processing on the candidate js file to obtain a confusion js file;
the file sending unit is used for sending the obfuscated js file to a client so that the client loads rendering logic in the obfuscated js file to obtain the interactive page, and runs encryption logic in the obfuscated js file to call the real public key to encrypt interactive information input by the user according to an interactive process shown by the interactive page to obtain encrypted interactive information; the encrypted interactive information is used for requesting the service server to obtain a service execution result.
7. The apparatus according to claim 6, wherein the file copy unit is specifically configured to:
receiving a page loading request sent by a client; the page loading request comprises a page tag selected by a user;
acquiring a js file corresponding to the page tag selected by the user from a preset database;
and copying the obtained js file to obtain a js file backup.
8. The apparatus according to claim 6, wherein the public key obtaining unit is specifically configured to:
receiving a page loading request which is sent by the client and carries the UUID of the equipment to which the client belongs;
sending the UUID to a preset key service so that the preset key service generates a key pair set based on the UUID; the set of key pairs comprises a set of real key pairs and a plurality of sets of phishing key pairs; the real secret key pair comprises a real public key and a real private key; the fishing key pair comprises a fishing public key and a fishing private key;
and receiving the key pair set sent by the preset key service.
9. A computer-readable storage medium characterized in that the computer-readable storage medium includes a stored program, wherein the program executes the file processing method according to any one of claims 1 to 5.
10. A server, comprising: a processor, a memory, and a bus; the processor and the memory are connected through the bus;
the memory is used for storing a program, and the processor is used for running the program, wherein the program runs to execute the file processing method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211074924.7A CN115952475A (en) | 2022-09-02 | 2022-09-02 | File processing method and device, storage medium and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211074924.7A CN115952475A (en) | 2022-09-02 | 2022-09-02 | File processing method and device, storage medium and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115952475A true CN115952475A (en) | 2023-04-11 |
Family
ID=87281435
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211074924.7A Pending CN115952475A (en) | 2022-09-02 | 2022-09-02 | File processing method and device, storage medium and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115952475A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116455660A (en) * | 2023-05-04 | 2023-07-18 | 北京数美时代科技有限公司 | Page access request control method, system, storage medium and electronic equipment |
-
2022
- 2022-09-02 CN CN202211074924.7A patent/CN115952475A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116455660A (en) * | 2023-05-04 | 2023-07-18 | 北京数美时代科技有限公司 | Page access request control method, system, storage medium and electronic equipment |
| CN116455660B (en) * | 2023-05-04 | 2023-10-17 | 北京数美时代科技有限公司 | Page access request control method, system, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109190409B (en) | Method, device, equipment and readable storage medium for recording information propagation path | |
| CN105991563B (en) | Method and device for protecting security of sensitive data and three-party service system | |
| CN110083783A (en) | A kind of method, apparatus, storage medium and computer equipment for sharing link | |
| JP2019503533A5 (en) | ||
| CN109241705A (en) | A kind of software authorization method and system | |
| CN104901951B (en) | Code data processing based on mobile terminal and exchange method in a kind of Web applications | |
| CN115952475A (en) | File processing method and device, storage medium and server | |
| CN116662941A (en) | Information encryption method, device, computer equipment and storage medium | |
| CN112783847B (en) | Data sharing method and device | |
| CN111181905B (en) | File encryption method and device | |
| CN112687363A (en) | Health code public service method and platform | |
| CN111125734B (en) | Data processing method and system | |
| CN115941279A (en) | Encryption and decryption method, system and equipment for user identification in data | |
| CN111131227B (en) | Data processing method and device | |
| CN114418769A (en) | Block chain transaction charging method and device and readable storage medium | |
| CN113407931A (en) | Password management method and device and input terminal | |
| JP2018519585A (en) | Dialog record query processing method and device | |
| CN116112172B (en) | Android client gRPC interface security verification method and device | |
| JP7098065B1 (en) | Preventing data manipulation and protecting user privacy in telecommunications network measurements | |
| CN113645239B (en) | Application login method and device, user terminal and storage medium | |
| WO2021120229A1 (en) | Data processing method, apparatus and system | |
| CN106992972B (en) | A kind of cut-in method and device | |
| CN113468595A (en) | Electricity charge calculation method and system based on encrypted data set | |
| CN115296881A (en) | Information acquisition method and device, electronic equipment and computer readable medium | |
| CN116232675A (en) | Method, device, electronic equipment and storage medium for protecting developer key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |