CN-122019671-A - Distributed database auditing method, device, storage medium and program product

Abstract

The embodiment of the application provides a distributed database auditing method, equipment, a storage medium and a program product, and relates to the field of distribution. The method comprises the steps of receiving an SQL request from a distributed database computing node, wherein the SQL request is used for executing a first operation or a second operation, the first operation is an operation for modifying user data, the second operation is an operation for not modifying the user data, executing the following operation based on meta information synchronous with the distributed database, analyzing the semantic influence range of the first operation without actually executing data change if the SQL request is the first operation, and generating an audit record based on analysis results, and processing the second operation to obtain operation context information and generating the audit record based on the operation context information if the SQL request is the second operation. The method increases the full-coverage audit mechanism based on the audit twin library and improves the system processing efficiency of distributed database audit.

Inventors

• CHE XIAOYAO
• WANG HONGXIANG

Assignees

• 中电科金仓(北京)科技股份有限公司

Dates

Publication Date

20260512

Application Date

20260210

Claims (10)

1. 1. A distributed database auditing method, applied to an audit twin library that maintains meta-information synchronization with the distributed database but does not store user data of the distributed database, wherein the meta-information includes a table structure, an index definition, and a fragmentation rule of the distributed database, the method comprising: receiving an SQL request from the distributed database computing node, wherein the SQL request is used for executing a first operation or a second operation, the first operation is an operation for modifying user data, and the second operation is an operation for not modifying user data; Based on meta information synchronized with the distributed database, performing the following operations: if the SQL request is a first operation, analyzing the semantic influence range of the first operation without actually executing data change, and generating an audit record based on an analysis result; And if the SQL request is a second operation, processing the second operation to obtain operation context information, and generating an audit record based on the operation context information.
2. 2. The method of claim 1, wherein the audit twin library is synchronized with the distributed database by: Acquiring meta information from the distributed database when initializing the audit twin library; And synchronously updating the meta information of the audit twin library when the meta information of the distributed database changes.
3. 3. The method of claim 1, wherein said parsing the semantic impact range of the first operation comprises: determining a data table and a field related to the first operation; resolving a conditional constraint of the first operation; a logical estimation of the range of influence is made based on the conditional constraints.
4. 4. A method according to any of claims 1-3, wherein the second operation comprises at least one of a data query language DQL operation, a data definition language DDL operation, and a data control language DCL operation.
5. 5. The method according to claim 1, wherein the method further comprises: determining whether the SQL request is a cross-fragment operation based on the fragment rule in the process of analyzing the first operation or processing the second operation; and in response to the SQL request being a cross-fragment operation, identifying cross-fragment operation information in the generated audit record.
6. 6. The method of claim 5, wherein the audit record includes at least one of an operation type, an operation time, an operation user, and a data object involved.
7. 7. The method as recited in claim 1, wherein the method further comprises: maintaining a processing result cache; For a received SQL request, checking whether a cached processing result exists in the cache; if so, generating an audit record based on the cached processing result; If the new processing result does not exist, executing corresponding processing operation to obtain the new processing result, generating an audit record, and storing the new processing result into the cache; Wherein the processing result includes the parsing result or the operation context information.
8. 8. An electronic device comprising a processor and a memory communicatively coupled to the processor; The memory stores computer-executable instructions; the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1 to 7.
9. 9. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1 to 7.
10. 10. A computer program product comprising a computer program which, when executed by a processor, implements the method of any one of claims 1 to 7.

Description

Distributed database auditing method, device, storage medium and program product Technical Field The present application relates to the field of distributed computing, and in particular, to a distributed database auditing method, apparatus, storage medium, and program product. Background In a distributed database, computing nodes are responsible for processing user requests, and storage nodes scatter storage data through data slicing. Against increasingly stringent data security compliance requirements, implementing comprehensive database auditing has become a critical requirement. The auditing function in the current distributed database is mainly realized by deploying an auditing module on a computing node or a storage node. At the computing node level, an audit module generally records SQL operation, access object, execution time and other information passing through the node, and at the storage node level, audit captures log of operations related to data slicing of the node based on actual storage positions of the data. However, the above-described solution has difficulty in compromising audit integrity and system performance efficiency. Disclosure of Invention The application provides a distributed database auditing method, equipment, a storage medium and a program product, which are used for solving the technical problems of auditing integrity and system performance efficiency. In a first aspect, an embodiment of the present application provides a distributed database auditing method, applied to an audit twin database, where the audit twin database and the distributed database keep meta-information synchronous but do not store user data of the distributed database, where the meta-information includes a table structure, an index definition, and a fragmentation rule of the distributed database, and the method includes: receiving an SQL request from a distributed database computing node, wherein the SQL request is used for executing a first operation or a second operation, the first operation is an operation for modifying user data, and the second operation is an operation for not modifying the user data; the following is performed based on meta information synchronized with the distributed database: If the SQL request is the first operation, analyzing the semantic influence range of the first operation without actually executing data change, and generating an audit record based on the analysis result; If the SQL request is a second operation, processing the second operation to obtain the operation context information, and generating an audit record based on the operation context information. In the embodiment, by introducing the component of the audit twin library, the technical effects of full audit coverage, low performance influence and high-efficiency utilization of resources are realized. Specifically, whether the SQL request relates to the cross-fragment operation or not can generate a corresponding audit record in the audit twin library, so that the problem that the cross-fragment operation can be missed in the existing storage node audit is solved. Meanwhile, the auditing process is completed in an independent auditing twin library, so that the computing resources of the computing nodes are not occupied, the data operation performance of the storage nodes is not influenced, and particularly for the operation of modifying data, the auditing twin library only analyzes the semantics and is not actually executed, and the processing speed is higher. In addition, compared with resource waste caused by the arrangement of audit functions of all storage nodes in the distributed database, the method centrally processes all audit requests through a single audit twin library, and therefore calculation and storage resources are saved. In one possible implementation, the audit twin library maintains meta-information synchronization with the distributed database by: Acquiring meta information from the distributed database when the audit twin library is initialized; And synchronously updating the meta-information of the audit twin library when the meta-information of the distributed database changes. In the implementation mode, through a meta-information synchronization mechanism, the audit twin library can accurately obtain the structural definition consistent with the production database in real time, a reliable basis is provided for the accurate analysis of SQL semantics, and meanwhile, the monitoring-response and incremental updating strategy adopted by the mechanism reduces the performance interference and the resource consumption of a production system on the premise of ensuring the synchronization instantaneity. In one possible implementation, parsing the semantic impact range of the first operation includes: determining a data table and a field related to a first operation; resolving a conditional constraint of the first operation; a logical estimation of the impact range is made based on the conditiona