Security | strategy with Asp,javascript and Oracle to develop a tax system of the background management software, we successfully implemented based on user groups and users of the security policy, and in the flexibility, security has achieved good results. We will be divided into storage structure, menu management, permissions allocation, security checks four aspects will be based on the user's safety strategy in B/s implementation introduced to everyone.
1 Storage structure
Storage structure for this system is the database table structure mainly by the following tables:
A Menu Table (CDB)
Field name
Field description
Type
Note
Cdbh
Menu number
Number (3)
Non-null primary key
Fcdbh
Parent Menu
Number (3)
Cdmc
Menu Name
VARCHAR2 (40)
Qxws
Number of permission digits
Number (2)
Rklj
Entry Path
VARCHAR2 (50)
Xgwj
Related documents
VARCHAR (200)
Sfqy
is enabled
CHAR (1)
DEFAULT 1
B User Group table (YHZB)
Field name
Field description
Type
Note
Ssdw
Owning unit
CHAR (4)
Non-null primary key
Yhzbh
User group number
CHAR (4)
Non-null primary key
Yhzmc
Name
VARCHAR2 (40)
Yhzqx
Permissions
CHAR (100)
Yhgs
Number of users
Number (3)
DEFAULT 0
Sfqy
is enabled
CHAR (1)
DEFAULT 1
C User table (YHB)
Field name
Field description
Type
Note
Ssdw
Owning unit
CHAR (4)
Non-null primary key
Yhbh
User number
CHAR (4)
Non-null primary key
Ssyhz
User Group
CHAR (4)
DLM
Login Name
VARCHAR2 (25)
Dlmm
Login Password
VARCHAR2 (40)
Yhxm
User name
VARCHAR (20)
Yhqx
User Rights
CHAR (100)
Sfqy
is enabled
CHAR (1)
DEFAULT 1
The storage of the permission takes the "bit" the way, according to the system scale, we estimate the System menu item not to exceed 100, then defines the 100 bits as the privilege storage. For example, the User rights field in the user table, if the user does not have the permission on the 1th bit, the first digit is "0", whereas the first digit is "1" if the user has that permission on the 1th bit.
The menu table is used to store all the menu items in the system, and by providing the editing method, you can add and modify the menu items in the menus table, thus laying the groundwork for flexibility. According to the corresponding relationship between the menu number and the parent menu number, according to the recursive principle, it is easy to implement the multilevel menu, the parent menu number of the top-level menu is 0. The number of permission digits is a more critical field in the menu table, indicating where the menu is stored on the permission, for example, if the menu item Number 10 has a permission digit of 10, when a user's permission 10th is "1", it indicates that the user has the right to use menu item Number 10, and vice versa.
The User group table is used to store all the user groups in the system, and it can be flexibly edited by providing an editing method. The key field is a string of 100-bit permissions for the user group, which stores the permissions for the user group.
The user table is used to store all users in the system and can be edited by providing an editing method. The key field is a 100-bit string of user permissions that stores the user's permissions. This permission is inherited from the user group to which the user belongs when the user is established, and the user's permissions can be modified individually when the user is established.
The other fields will be mentioned in the later introduction, not to be explained in detail here.
