摘要
B/S结构软件体系能够有效弥补主流C/S结构学生收费系统“难以适应学校各部门自动化协同办公”的缺陷,但B/S结构的“开放性”特征亦导致收费系统面临“病毒入侵、黑客攻击、非法用户侵权和合法用户越权使用”等安全问题.本文设计了一种基于RBAC的权限控制安全机制,根据用户类型和扮演角色,通过“角色权限控制”和“模块分配控制”,实现业务数据和功能模块的授权访问,有效地克服B/S结构的安全性缺陷,同时具备“授权管理灵活、数据访问安全、业务流程适应性强”的优点.
The B/S structure software system can effectively make up the defects of the mainstream C/S structure student charge system,which is difficult to adapt to the automation and co-operation of every department of the school.The openness of B/S structure can easily lead to security problems such as“virus invasion,hacker attack,illegal user infringement and legal user exceeding the right to use”and so on.A RBAC-based privilege control security mechanism is designed.According to the user type and role,the security mechanism overcomes the shortcomings of B/S structure by“privilege access control”and“module assignment control”.At the same time,it has the advantages of flexible authorization management,secure data access and strong adaptability of business process.
作者
彭思喜
彭鹏
PENG Sixi;PENG Peng(College of Economics&Management,South China Agricultural University,Guangzhou 510642,Guangdong,China;School of Automotive and Transportation Engineering,Shenzhen Polytechnic,Shenzhen 518055,Guangdong,China)
出处
《汕头大学学报(自然科学版)》
2021年第1期12-20,共9页
Journal of Shantou University:Natural Science Edition
基金
2020年粤港澳大湾区国际教育示范区建设研究项目(2020WQYB002)
国家自然科学基金资助项目(71633002)
深圳市科创委基础研究项目(JCYJ20180305163701198)。
关键词
RBAC
B/S结构
学生收费系统
安全机制
授权管理
RBAC
B/S structure
student charge system
security mechanism
authorization management
