阅读说明：本技术 SQL Server数据库密码托管方法 (SQL Server database password hosting method ) 是由 丁锦成 闻建霞 柳遵梁 于 2019-07-25 设计创作，主要内容包括：本发明公开了一种SQL Server数据库密码托管方法，本发明使数据库用户名、密码与医疗系统终端用户名、密码隔离，且医疗系统终端密码与IP地址和应用程序名绑定，即使黑客利用社工方式得到医疗系统终端密码也无法远程连接到数据库；可以通过增加数据库密码的复杂度，防止黑客的弱密码破解，不需要更改医疗系统终端的登录密码；处理逻辑只运行在登录过程，在SQL执行过程时将数据包纯转发，不会降低数据处理性能。(The invention discloses a method for escrowing a password of an SQL Server database, which isolates a user name and a password of the database from a user name and a password of a medical system terminal, binds the password of the medical system terminal with an IP address and an application program name, and even a hacker can not remotely connect to the database by obtaining the password of the medical system terminal in a social work mode; the complexity of the database password can be increased, the weak password of a hacker is prevented from being cracked, and the login password of the medical system terminal does not need to be changed; the processing logic only operates in the login process, and the data packet is purely forwarded in the SQL execution process, so that the data processing performance is not reduced.)

1. A SQL Server database password hosting method is characterized by comprising a medical system terminal and the following steps:

step one, the medical system terminal sends a handshake request CLIENT _ HELL01 of the medical system terminal to the password hosting server, the password hosting server generates a handshake request CLIENT _ HELL02 of the password hosting server and sends the handshake request CLIENT _ HELL02 to the database server, and the password hosting server remembers CLIENT _ HELL 01;

step two, the database SERVER generates a reply SERVER _ HELL01 of the handshake request of the password hosting SERVER to the password hosting SERVER, and the password hosting SERVER analyzes the SERVER _ HELL01, generates a KEY exchange request CLIENT _ KEY _ CHANGE1 of the password hosting SERVER and sends the KEY exchange request CLIENT _ KEY _ CHANGE1 to the database SERVER;

step three, the database server generates a reply NEW _ SESSION _ TICKET1 of a KEY exchange request of the database server to the password hosting server according to CLIENT _ KEY _ CHANGE1, and completes a TLS handshake process from the password hosting server to the database server;

step four, the key escrow SERVER generates a reply SERVER _ HELL02 of the handshake request of the medical system terminal according to CLIENT _ HELL01 of the medical system terminal and sends the reply SERVER _ HELL02 to the medical system terminal;

step five, the medical system terminal generates a KEY exchange request CLIENT _ KEY _ CHANGE2 of the medical system terminal to the password hosting SERVER according to SERVER _ HELL02, the password hosting SERVER generates a reply NEW _ SESSION _ tick 2 of the KEY exchange request of the password hosting SERVER to the medical system terminal, and the TLS handshake process from the medical system terminal to the password hosting SERVER is completed;

step six, the medical system terminal sends a LOGIN request LOGIN71 of the medical system terminal and sends the LOGIN request LOGIN71 to the password escrow server through TLS encryption; the password escrow server decrypts the LOGIN71 through TLS to obtain the user name, the password and the application program name of the current request, and retrieves the password corresponding to the medical system terminal according to the user name, the application program name and the IP address of the medical system terminal.

2. The SQL Server database password hosting method according to claim 1, wherein if the password sent by the medical system terminal is different from a preset password, an error packet is generated, and the current login request is rejected.

3. The SQL Server database password hosting method of claim 1, wherein if the password sent by the medical system terminal is the same as the preset password, the corresponding database user and password are retrieved, a new LOGIN request log 72 is regenerated, the log 72 is encrypted and sent to the database Server, and the password hosting process is completed.

Technical Field

The invention relates to the field of database security, in particular to a password hosting method for an SQL Server database.

Background

With the rapid development of information technology, more and more hospitals in China are accelerating to implement the overall construction based on an information platform and a medical system terminal HIS so as to improve the service level and the core competitiveness of the hospitals. The information-based construction brings convenience to the medical system, and meanwhile, the password of the database is leaked manually or due to database bugs.

Once the password of the database is revealed, a hacker remotely connects the database by a special means, bypasses the limitation of the original application, and directly exports the medical data, so that the medical data is lost. At present, the SQL Server is used as a main stream database of an HIS system, and how to ensure that the database password of the SQL Server is not revealed is an urgent problem to be solved.

Disclosure of Invention

The invention aims to overcome the defect that the password of the SQL Server database is easy to leak in the prior art, and provides a safe SQL Server database password hosting method without influence on usability.

In order to achieve the purpose, the invention adopts the following technical scheme:

a SQL Server database password hosting method comprises a medical system terminal and comprises the following steps:

step one, the medical system terminal sends a handshake request CLIENT _ HELLO1 of the medical system terminal to the password hosting server, the password hosting server generates a handshake request CLIENT _ HELLO2 of the password hosting server and sends the handshake request CLIENT _ HELLO2 to the database server, and the password hosting server memorizes CLIENT _ HELLO 1;

step two, the database SERVER generates a reply SERVER _ HELLO1 of the handshake request of the password hosting SERVER to the password hosting SERVER, and the password hosting SERVER analyzes SERVER _ HELLO1, generates a KEY exchange request CLIENT _ KEY _ CHANGE1 of the password hosting SERVER and sends the KEY exchange request CLIENT _ KEY _ CHANGE1 to the database SERVER;

step three, the database server generates a reply NEW _ SESSION _ TICKET1 of a KEY exchange request of the database server to the password hosting server according to CLIENT _ KEY _ CHANGE1, and completes a TLS handshake process from the password hosting server to the database server;

step four, the key escrow SERVER generates a reply SERVER _ HELLO2 of the handshake request of the medical system terminal according to CLIENT _ HELLO1 of the medical system terminal and sends the reply SERVER _ HELLO2 to the medical system terminal;

step five, the medical system terminal generates a KEY exchange request CLIENT _ KEY _ CHANGE2 of the medical system terminal to the password hosting SERVER according to the SERVER _ HELLO2, the password hosting SERVER generates a reply NEW _ SESSION _ tick 2 of the KEY exchange request of the password hosting SERVER to the medical system terminal, and the TLS handshake process from the medical system terminal to the password hosting SERVER is completed;

step six, the medical system terminal sends a LOGIN request LOGIN71 of the medical system terminal and sends the LOGIN request LOGIN71 to the password escrow server through TLS encryption; the password escrow server decrypts the LOGIN71 through TLS to obtain the user name, the password and the application program name of the current request, and retrieves the password corresponding to the medical system terminal according to the user name, the application program name and the IP address of the medical system terminal.

According to the invention, the user name and the password of the database are isolated from the user name and the password of the medical system terminal, and the medical system terminal password is bound with the IP address and the application program name, so that even if a hacker obtains the medical system terminal password by using a social work mode, the hacker cannot be remotely connected to the database; by increasing the complexity of the database password, the weak password of a hacker is prevented from being cracked, and the login password of the medical system terminal does not need to be changed; the processing logic only operates in the login process, and the data packet is purely forwarded in the SQL execution process, so that the data processing performance is not reduced.

Preferably, if the password sent by the medical system terminal is different from the preset password, an error packet is generated, and the current login request is rejected.

Preferably, if the password transmitted by the medical system terminal is the same as the preset password, the corresponding database user and the password are retrieved, a new LOGIN request logic 72 is regenerated, the logic 72 is encrypted and transmitted to the database server, and the password escrow process is completed.

Therefore, the invention has the following beneficial effects: the user name and the password of the database are isolated from the user name and the password of the medical system terminal, and the medical system terminal password is bound with the IP address and the application program name, so that a hacker can not be remotely connected to the database even if the hacker obtains the medical system terminal password by using a social work mode; by increasing the complexity of the database password, the weak password of a hacker is prevented from being cracked, and the login password of the medical system terminal does not need to be changed; the processing logic only operates in the login process, and the data packet is purely forwarded in the SQL execution process, so that the data processing performance is not reduced.

Drawings

FIG. 1 is a schematic diagram of one deployment of the present invention;

FIG. 2 is a timing diagram of a prior art medical system terminal login;

fig. 3 is a timing diagram of a process of the present invention.

In the figure: the system comprises a medical system terminal 1, a password hosting server 2 and a database server 3.

Detailed Description

The invention is further described with reference to the following figures and detailed description.

As shown in fig. 1 and fig. 3, the embodiment is a SQL Server database password hosting method, and first, when accessing an SQL Server database Server, the medical system terminal 1 logs in by using an account name 'sa' and a password 'test'. But in reality the login password of 'sa' in the database server 3 is not 'test' but 'hello'.

The invention captures the login request in the middle by a proxy mode, and verifies the existing login information according to the login user name, the IP address, the application program name and the password sent by the medical system terminal which are analyzed from the login packet.

If the login is not legal, directly generating a login rejection packet and sending the login rejection packet to the medical system terminal, and closing the current connection; if the current login request passes the verification, a login request packet is generated according to the existing login information and the real user name and password of the database and is sent to the database server, and the whole identity authentication process is completed.

In addition, the SQL Server password is transmitted by TLS encryption in the transmission process, and the plaintext password is not exposed in network transmission, so that the transmission safety is ensured.

Based on the principle, the invention adopts a proxy mode or a transparent proxy mode to be deployed between the terminal and the database server. The terminal password and the database server password are configured through the password escrow server 2. Even if the database password is changed by the manager, the entire batch of HIS terminals can normally log in the database server only by reconfiguring the current database password in the password escrow server. Therefore, the operation reduces the cost of the operation and maintenance personnel for maintaining the HIS terminal login password, separates the terminal password from the server password, and improves the security of the database.

As shown in fig. 2, the process of logging in the SQL Server database Server by the medical system terminal in the prior art:

1. the medical system terminal calls an Opensl library to generate a handshake request of CLIENT _ HELLO, encapsulates the request into a PRELOGIN packet of TDS protocol and sends the PRELOGIN packet to the database server.

2. The medical system terminal receives a PRELOGIN packet sent by the SERVER, unlocks the PRELOGIN packet, sends SERVER _ HELLO to an Openssl library, generates a handshake request of CLIENT _ KEY _ CHANGE, encapsulates the handshake request into a PRELOGIN packet of a TDS protocol and sends the PRELOGIN packet to the database SERVER.

3. And the medical system terminal receives the PRELOGIN packet of the server and sends the NEW _ SESSION _ TICKET in the PRELOGIN packet to the Openssl library to complete the whole TLS handshaking process.

4. The medical system terminal generates a logic 7 request containing a database user name, a database password and an application program name, and sends the request to the database through a TLS Session encrypted logic 7 request completed by the handshake of the previous stage.

5. The database verifies the current password and completes the login process.

The invention is different from the login process, and the core of the invention is that in the password transmission engineering, the login identity information of the medical system terminal is replaced by the corresponding database real user name and password, so that the database password is ensured not to leak in the password escrow service.

It should be understood that this example is for illustrative purposes only and is not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and such equivalents may fall within the scope of the present invention as defined in the appended claims.