CN116841647A - Configuration file modification method and device based on postgresql - Google Patents
Configuration file modification method and device based on postgresql Download PDFInfo
- Publication number
- CN116841647A CN116841647A CN202310846277.5A CN202310846277A CN116841647A CN 116841647 A CN116841647 A CN 116841647A CN 202310846277 A CN202310846277 A CN 202310846277A CN 116841647 A CN116841647 A CN 116841647A
- Authority
- CN
- China
- Prior art keywords
- configuration file
- file
- temporary
- formal
- postgresql
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002715 modification method Methods 0.000 title claims abstract description 16
- 230000004048 modification Effects 0.000 claims description 18
- 238000012986 modification Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 abstract description 13
- 230000000694 effects Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a postgresql-based configuration file modification method and device, wherein the method comprises the following steps: obtaining a temporary configuration file and a formal configuration file by utilizing the encrypted backup file, and covering the formal configuration file existing at present; reading a formal configuration file, which is used for determining and modifying configuration information which corresponds to the instruction and needs to be modified; encrypting the configuration information, and updating the encrypted backup file based on the obtained encrypted configuration information; and generating an updated temporary configuration file and a formal configuration file based on the encryption configuration information, so as to realize the coverage of the formal configuration file. In the application, the formal configuration file can exist on a system disk in a plaintext form, and an operating system user can normally open and read the content, but can not directly tamper with the content of the configuration file.
Description
Technical Field
The application relates to the technical field of databases, in particular to a postgresql-based configuration file modification method and device.
Background
postgresql is a database product that is open source, and files such as postgresql.conf, pg_hba.conf are configuration files of the database. The configuration file of the database is present on the operating system disk in the form of a text file in a plain text state. When the operating system is illegally invaded and logged in, an invader can directly repair the database configuration file, close the safety related configuration of the database, and easily log in the database system to cause data leakage.
Disclosure of Invention
The technical problem to be solved by the application is how to effectively prevent the database configuration file from being easily tampered; in view of the above, the present application provides a postgresql-based configuration file modification method and device.
The technical scheme adopted by the application is that the postgresql-based configuration file modification method comprises the following steps:
step S1, generating a temporary configuration file by utilizing an encrypted backup file;
step S2, renaming the temporary configuration file to obtain a formal configuration file and covering the formal configuration file existing at present;
step S3, reading a formal configuration file for starting a server;
step S4, responding to the instruction of the server to characterize and modify the configuration file, reading the formal configuration file, and determining and modifying configuration information which corresponds to the instruction and needs modification;
s5, carrying out encryption processing on the configuration information, and generating a temporary encryption backup file based on the obtained encryption configuration information;
step S6, renaming the temporary encrypted backup file to obtain an updated encrypted backup file;
step S7, generating an updated temporary configuration file based on the encryption configuration information;
and S8, renaming the updated temporary configuration file to obtain an updated formal configuration file, and realizing the coverage of the formal configuration file.
In one embodiment, the temporary configuration file and the temporary encrypted backup file are tmp format files.
In one embodiment, the encrypted backup file is obtained by performing MD5 operation through a string postgresql.
In one embodiment, the encrypted backup file, the temporary encrypted backup file and the temporary configuration file are hidden files in a linux environment, and the formal configuration file is a plaintext file.
Another aspect of the present application also provides a postgresql-based profile modification apparatus, including:
a generation unit configured to generate a temporary configuration file using the encrypted backup file;
the first renaming unit is configured to rename the temporary configuration file to obtain a formal configuration file and cover the formal configuration file existing at present;
the starting unit is configured to read the formal configuration file and used for starting a server;
the modification unit is configured to respond to an instruction of the user side for representing and modifying the configuration file, read the formal configuration file and be used for determining and modifying configuration information which corresponds to the instruction and needs to be modified;
an encryption unit configured to encrypt the configuration information and generate a temporary encrypted backup file based on the obtained encrypted configuration information;
the second renaming unit is configured to rename the temporary encrypted backup file to obtain an updated encrypted backup file;
an updating unit configured to generate an updated temporary configuration file based on the encryption configuration information;
and the third renaming unit is configured to rename the updated temporary configuration file to obtain an updated formal configuration file, and the coverage of the formal configuration file is realized.
In one embodiment, the temporary configuration file and the temporary encrypted backup file are tmp format files.
In one embodiment, the encrypted backup file is obtained by performing MD5 operation through a string postgresql.
In one embodiment, the encrypted backup file, the temporary encrypted backup file and the temporary configuration file are hidden files in a linux environment, and the formal configuration file is a plaintext file.
Another aspect of the present application also provides an electronic device including: memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor, performs the steps of the postgresql based profile modification method as described in any of the preceding claims.
Another aspect of the application also provides a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the postgresql-based profile modification method as described in any of the above.
Compared with the prior art, the application has at least the following advantages:
1) According to the method provided by the application, the configuration file can exist on the system disk in a plaintext form, and an operating system user can normally open the read content but cannot directly tamper with the configuration file content. If the configuration file is directly modified, tampered content is automatically restored when the configuration file is read again, so that malicious tampering is disabled.
2) The method provided by the application can legally modify the configuration file, so that the configuration file can be normally effective when being read again.
Drawings
FIG. 1 is a flow chart of a postgresql-based profile modification method according to an embodiment of the present application;
FIG. 2 is a block diagram of a postgresql-based profile modification apparatus according to an embodiment of the present application;
FIG. 3 is a flow chart of an example application according to an embodiment of the present application;
fig. 4 is a schematic diagram of an electronic device according to an embodiment of the application.
Detailed Description
In order to further describe the technical means and effects adopted by the present application for achieving the intended purpose, the following detailed description of the present application is given with reference to the accompanying drawings and preferred embodiments.
In the drawings, the thickness, size and shape of the object have been slightly exaggerated for convenience of explanation. The figures are merely examples and are not drawn to scale.
It will be further understood that the terms "comprises," "comprising," "includes," "including," "having," "containing," and/or "including," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. Furthermore, when a statement such as "at least one of the following" appears after a list of features that are listed, the entire listed feature is modified instead of modifying a separate element in the list. Furthermore, when describing embodiments of the present application, the use of "may" means "one or more embodiments of the present application. Also, the term "exemplary" is intended to refer to an example or illustration.
As used herein, the terms "substantially," "about," and the like are used as terms of a table approximation, not as terms of a table level, and are intended to illustrate inherent deviations in measured or calculated values that would be recognized by one of ordinary skill in the art.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
The steps of the method flow described in the specification and the flow chart shown in the drawings of the specification are not necessarily strictly executed according to step numbers, and the execution order of the steps of the method may be changed. Moreover, some steps may be omitted, multiple steps may be combined into one step to be performed, and/or one step may be decomposed into multiple steps to be performed.
In a first embodiment of the present application, a postgresql-based configuration file modification method, as shown in fig. 1, comprises the following specific steps:
step S1, a temporary configuration file is generated by utilizing the encrypted backup file.
In this embodiment, by reading the encrypted backup file ".4b24839e3f80adf3.Bak", the file content is decrypted into the memory, and then the temporary configuration file ". Postgresql. Tmp" is generated from the decrypted content.
And S2, renaming the temporary configuration file to obtain a formal configuration file and covering the formal configuration file existing at present.
In this embodiment, the temporary configuration file ". Postgresql.tmp" is renamed to "postgresql.conf", that is, a new formal configuration file "postgresql.conf" is obtained, and the coverage of the formal configuration file is implemented.
And S3, reading a formal configuration file for starting the server.
That is, the current formal configuration file "postgresql. Conf" may be read to complete the startup.
And S4, responding to the instruction of the user side representation modification configuration file, and reading the formal configuration file for determining and modifying configuration information which corresponds to the instruction and needs modification.
Specifically, when the user executes the command ALTERSYSTEMSET, the user enters a configuration modification process, and further, the step reads the content of the current formal configuration file postgresql.conf to the memory, finds the configuration item corresponding to the configuration item to be modified, modifies the corresponding configuration item in the memory, and generates corresponding configuration information.
And S5, carrying out encryption processing on the configuration information, and generating a temporary encryption backup file based on the obtained encryption configuration information.
In this embodiment, the configuration information is encrypted, and then the encrypted data is used to generate a temporary file ".4b24839e3f80adf3.Tmp", that is, a temporary encrypted backup file.
And S6, renaming the temporary encrypted backup file to obtain an updated encrypted backup file.
In this embodiment, the temporary encrypted backup file ".4b24839e3f80adf3.tmp" is renamed to ".4b24839e3f80adf3.bak", so as to obtain the updated encrypted backup file.
Step S7, generating an updated temporary configuration file based on the encryption configuration information.
Further, based on the encryption configuration information in the memory, a temporary configuration file ". Postgresql. Tmp" is generated, that is, updating of the temporary configuration file is completed.
And S8, renaming the updated temporary configuration file to obtain an updated formal configuration file, and realizing the coverage of the formal configuration file.
That is, the overlay of the formal configuration file is achieved by renaming the temporary configuration file ". Postgresql.tmp" to "postgresql.conf", i.e., the modification of the formal configuration file is completed.
In this embodiment, the temporary configuration file and the temporary encrypted backup file are tmp format files.
In this embodiment, the encrypted backup file is obtained by performing MD5 operation through the string postgresql.
In this embodiment, the encrypted backup file, the temporary encrypted backup file, and the temporary configuration file are all hidden files in the linux environment, and the formal configuration file is a plaintext file.
In summary, compared with the prior art, the present embodiment has at least the following advantages:
1) According to the method provided by the application, the configuration file can exist on the system disk in a plaintext form, and an operating system user can normally open the read content but cannot directly tamper with the configuration file content. If the configuration file is directly modified, tampered content is automatically restored when the configuration file is read again, so that malicious tampering is disabled.
2) The method provided by the application can legally modify the configuration file, so that the configuration file can be normally effective when being read again.
In a second embodiment of the present application, corresponding to the first embodiment, the present embodiment provides a postgresql-based configuration file modification apparatus for implementing the method provided in the first embodiment, as shown in fig. 2, where the apparatus may specifically include:
a generation unit configured to generate a temporary configuration file using the encrypted backup file;
the first renaming unit is configured to rename the temporary configuration file to obtain a formal configuration file and cover the formal configuration file existing at present;
the starting unit is configured to read the formal configuration file and used for starting a server;
the modification unit is configured to respond to an instruction of the user side for representing and modifying the configuration file, read the formal configuration file and be used for determining and modifying configuration information which corresponds to the instruction and needs to be modified;
an encryption unit configured to encrypt the configuration information and generate a temporary encrypted backup file based on the obtained encrypted configuration information;
the second renaming unit is configured to rename the temporary encrypted backup file to obtain an updated encrypted backup file;
an updating unit configured to generate an updated temporary configuration file based on the encryption configuration information;
and the third renaming unit is configured to rename the updated temporary configuration file to obtain an updated formal configuration file, and the coverage of the formal configuration file is realized.
In this embodiment, the temporary configuration file and the temporary encrypted backup file are tmp format files.
In this embodiment, the encrypted backup file is obtained by performing MD5 operation through the string postgresql.
In this embodiment, the encrypted backup file, the temporary encrypted backup file, and the temporary configuration file are all hidden files in the linux environment, and the formal configuration file is a plaintext file.
In a third embodiment of the present application, the present embodiment is an application example based on the above embodiment, as shown in fig. 3, and the specific flow steps are as follows:
step S1, starting.
Step S2, generating temporary configuration by using the backup file: this step reads the file ".4b24839e3f80adf3.Bak", decrypts the file contents into the memory, and then generates a temporary configuration file ". Postgresql. Tmp" from the decrypted contents.
Step S3, using the temporary configuration coverage configuration file: this step will rename "postgresql.tmp" to "postgresql.conf" the temporary file generated in step (2) to effect the overwriting of the configuration file.
Step S4, reading a configuration file: this step reads the actual configuration file "postgresql. Conf" to complete the startup.
And S5, starting is completed.
Step S6, accepting user connection: the step can wait for the connection of the user, and after the user completes the login of the database through authentication, various SQL sentences can be executed.
Step S7, modifying the configuration items: when the user executes the "ALTERSYSTEMSET" command, a flow step of modifying the configuration is entered. The step reads the content of the postgresql. Conf file to the internal memory, finds the corresponding configuration item to be modified, and modifies the corresponding configuration item in the internal memory.
Step S8, generating a temporary backup file: the configuration information in the internal memory in the step (7) is encrypted, and then the encrypted data is used for generating a temporary file ', 4b24839e3f80adf3.tmp',
step S9, generating a new backup file: this step will rename the temporary file ".4b24839e3f80adf3.tmp" generated in step (8) to ".4b24839e3f80adf3.bak".
Step S10, generating a temporary configuration: this step generates a temporary configuration file ". Postgresql. Tmp" using the configuration information in the memory in step (7).
Step S11, using the temporary configuration overlay configuration file: this step will rename "postgresql.tmp" to "postgresql.conf" the temporary file generated in step (10) to effect the overwriting of the configuration file.
Step S12, the modification configuration is completed.
Referring again to fig. 3, it should be noted that:
(1) The dotted arrow in the figure indicates a read file, and the dotted arrow in the line segment indicates a write file.
(2) "4b24839e3f80 adf" is the 16-bit lowercase obtained by MD5 operation on the string "postgresql".
(3) The tmp is used for preventing direct writing conf and bak from program breakdown or power failure and other abnormality to damage the file.
(4) The "." is added before the file name in order to exist as a hidden file under the Linux system.
(5) As can be seen from the above flow chart, the configuration information in "postgresql.conf" is first overwritten and then read during the boot process, and thus is eventually invalidated if the operating system user directly opens "postgresql.conf" to modify. Therefore, under the condition of using the scheme, the configuration file can be indirectly prevented from being directly modified by the user of the operating system.
A fourth embodiment of the present application, as shown in fig. 4, can be understood as a physical device, including a processor and a memory storing processor-executable instructions, which when executed by the processor, perform the following operations:
step S1, generating a temporary configuration file by utilizing an encrypted backup file;
step S2, renaming the temporary configuration file to obtain a formal configuration file and covering the formal configuration file existing at present;
step S3, reading a formal configuration file for starting a server;
step S4, responding to the instruction of the user side to characterize and modify the configuration file, reading the formal configuration file, and determining and modifying configuration information which corresponds to the instruction and needs modification;
s5, carrying out encryption processing on the configuration information, and generating a temporary encryption backup file based on the obtained encryption configuration information;
step S6, renaming the temporary encrypted backup file to obtain an updated encrypted backup file;
step S7, generating an updated temporary configuration file based on the encryption configuration information;
and S8, renaming the updated temporary configuration file to obtain an updated formal configuration file, and realizing the coverage of the formal configuration file.
In the fourth embodiment of the present application, the flow of the satellite wide-narrow-band fusion access transmission method provided in the present embodiment is the same as that of the first, second or third embodiments, and the difference is that in engineering implementation, the present embodiment may be implemented by means of software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the method of the present application may be embodied in the form of a computer software product stored on a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) comprising instructions for causing an apparatus to perform the method of the embodiments of the present application.
While the application has been described in connection with specific embodiments thereof, it is to be understood that these drawings are included in the spirit and scope of the application, it is not to be limited thereto.
Claims (10)
1. A postgresql-based profile modification method, comprising:
step S1, generating a temporary configuration file by utilizing an encrypted backup file;
step S2, renaming the temporary configuration file to obtain a formal configuration file and covering the formal configuration file existing at present;
step S3, reading the formal configuration file for starting a server;
step S4, responding to an instruction of the server for representing and modifying the configuration file, reading the formal configuration file, and determining and modifying configuration information which corresponds to the instruction and needs to be modified;
s5, carrying out encryption processing on the configuration information, and generating a temporary encryption backup file based on the obtained encryption configuration information;
step S6, renaming the temporary encrypted backup file to obtain an updated encrypted backup file;
step S7, generating an updated temporary configuration file based on the encryption configuration information;
and S8, renaming the updated temporary configuration file to obtain an updated formal configuration file, and realizing the coverage of the formal configuration file.
2. The postgresql-based profile modification method of claim 1, wherein the temporary profile and the temporary encrypted backup file are tmp-format files.
3. The postgresql-based profile modification method of claim 1, wherein the encrypted backup file is obtained by MD5 operation via a string postgresql.
4. The postgresql-based profile modification method of claim 1, wherein the encrypted backup file, the temporary encrypted backup file, and the temporary profile are hidden files in a linux environment, and the formal profile is a plaintext file.
5. A postgresql-based profile modification apparatus comprising:
a generation unit configured to generate a temporary configuration file using the encrypted backup file;
the first renaming unit is configured to rename the temporary configuration file to obtain a formal configuration file and cover the formal configuration file existing at present;
the starting unit is configured to read the formal configuration file and used for starting a server;
the modification unit is configured to respond to an instruction of the server to characterize and modify the configuration file, read the formal configuration file and determine and modify configuration information which corresponds to the instruction and needs modification;
an encryption unit configured to encrypt the configuration information and generate a temporary encrypted backup file based on the obtained encrypted configuration information;
the second renaming unit is configured to rename the temporary encrypted backup file to obtain an updated encrypted backup file;
an updating unit configured to generate an updated temporary configuration file based on the encryption configuration information;
and the third renaming unit is configured to rename the updated temporary configuration file to obtain an updated formal configuration file, and the coverage of the formal configuration file is realized.
6. The postgresql-based profile modification apparatus of claim 1, wherein the temporary profile and the temporary encrypted backup file are tmp format files.
7. The postgresql-based profile modification apparatus of claim 1, wherein the encrypted backup file is obtained by MD5 operation via a string postgresql.
8. The postgresql-based profile modification apparatus of claim 1, wherein the encrypted backup file, the temporary encrypted backup file, and the temporary profile are hidden files in a linux environment, and the formal profile is a plaintext file.
9. An electronic device, the electronic device comprising: memory, a processor and a computer program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the postgresql based profile modification method of any one of claims 1 to 4.
10. A computer storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the steps of the postgresql-based profile modification method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310846277.5A CN116841647A (en) | 2023-07-11 | 2023-07-11 | Configuration file modification method and device based on postgresql |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310846277.5A CN116841647A (en) | 2023-07-11 | 2023-07-11 | Configuration file modification method and device based on postgresql |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116841647A true CN116841647A (en) | 2023-10-03 |
Family
ID=88166838
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310846277.5A Pending CN116841647A (en) | 2023-07-11 | 2023-07-11 | Configuration file modification method and device based on postgresql |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116841647A (en) |
-
2023
- 2023-07-11 CN CN202310846277.5A patent/CN116841647A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6874139B2 (en) | Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program | |
| US4930073A (en) | Method to prevent use of incorrect program version in a computer system | |
| US8392706B2 (en) | Method and system for searching for, and collecting, electronically-stored information | |
| US8055635B2 (en) | System and method for verifying the integrity and completeness of records | |
| US8452740B2 (en) | Method and system for security of file input and output of application programs | |
| CN111008034B (en) | Patch generation method and device | |
| US9432369B2 (en) | Secure data containers | |
| US11475156B2 (en) | Dynamically adjusted timeout quarantined code scanning | |
| EP0849658A2 (en) | Secure data processing method and system | |
| US20200274895A1 (en) | System and method for creating a data protection map and remediating vulnerabilities | |
| US20160301715A1 (en) | Automating the creation and maintenance of policy compliant environments | |
| US12216779B2 (en) | Methods of and systems for virtual air-gapping network storage system | |
| US20240152630A1 (en) | Security system and method for real-time encryption or decryption of data using key management server | |
| US9037620B2 (en) | File system active symbolic link | |
| CA3214199A1 (en) | Ransomware prevention | |
| US8863304B1 (en) | Method and apparatus for remediating backup data to control access to sensitive data | |
| CN116841647A (en) | Configuration file modification method and device based on postgresql | |
| JP2002229835A (en) | File management system by computer and its program and program recording medium | |
| CN116401691A (en) | File authority management method, device, system, computer equipment and medium | |
| US9519759B2 (en) | Secure access to programming data | |
| US20090183006A1 (en) | Method and apparatus for applying digital signatures to translated content | |
| US9436840B2 (en) | System and method for securely storing information | |
| JP5167795B2 (en) | Database maintenance method and system | |
| EP1116110B1 (en) | Method of creating an inseparable link between an electronic document and ole objects | |
| JP4371995B2 (en) | Shared file access control method, system, server device, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |