安全问题-数据库表字段暴露问题优化

增加表字段混淆开关切换

安全问题-数据库表字段暴露问题优化
增加表字段混淆开关切换
5957b30d · WeiCong · fd9f0dee · 5957b30d · 5957b30d · 5957b30d
Commit 5957b30d authored Sep 14, 2020 by WeiCong
4 changed files
--- a/src/main/java/org/sss/presentation/noui/controller/VerifyCodeCreateController.java
+++ b/src/main/java/org/sss/presentation/noui/controller/VerifyCodeCreateController.java
@@ -11,6 +11,7 @@ import org.sss.presentation.noui.api.response.ErrorCodes;
 import org.sss.presentation.noui.api.response.NoUiVersion;
 import org.sss.presentation.noui.api.response.ResultUtil;
 import org.sss.presentation.noui.common.Constants;
+import org.sss.presentation.noui.util.NoUiUtils;

 import javax.imageio.ImageIO;
 import javax.servlet.http.HttpServletRequest;
@@ -18,6 +19,8 @@ import javax.servlet.http.HttpServletResponse;
 import java.awt.*;
 import java.awt.image.BufferedImage;
 import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Random;

 @RequestMapping("/login")
@@ -34,7 +37,9 @@ public class VerifyCodeCreateController {
    @ResponseBody
    @RequestMapping(value ="/version", method = RequestMethod.GET)
    public Object version(HttpServletRequest request, HttpServletResponse response) {
-        return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, null, noUiVersion.getVersion());
+        Map<String,Object> retDatamap=new HashMap<>();
+        retDatamap.put("fieldencode", NoUiUtils.fieldencode);
+        return ResultUtil.result(ErrorCodes.SUCCESS, ErrorCodes.SUCCESS_INFO, retDatamap, noUiVersion.getVersion());
    }

    @RequestMapping("/VerifyCode")

--- a/src/main/java/org/sss/presentation/noui/util/NoUiPresentationUtil.java
+++ b/src/main/java/org/sss/presentation/noui/util/NoUiPresentationUtil.java
 package org.sss.presentation.noui.util;

-import java.io.IOException;
-import java.lang.reflect.Field;
-import java.math.BigDecimal;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
 import log.Log;
 import log.LogFactory;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
 import org.sss.common.impl.StreamImpl;
-import org.sss.common.model.EventType;
-import org.sss.common.model.IBaseObject;
-import org.sss.common.model.IContext;
-import org.sss.common.model.IDatafield;
-import org.sss.common.model.IModule;
-import org.sss.common.model.IModuleList;
-import org.sss.common.model.IParent;
+import org.sss.common.model.*;
 import org.sss.module.pojo.AbstractPOJOModuleSession;
 import org.sss.presentation.noui.api.exception.NoUiException;
 import org.sss.presentation.noui.api.model.Alias;
@@ -34,6 +15,13 @@ import org.sss.presentation.noui.common.Constants;
 import org.sss.presentation.noui.context.NoUiContext;
 import org.sss.presentation.noui.context.NoUiPresentation;

+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.math.BigDecimal;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.*;
+
 public class NoUiPresentationUtil {
 	protected static final Log log = LogFactory.getLog(NoUiPresentationUtil.class);

@@ -79,7 +67,6 @@ public class NoUiPresentationUtil {
 					}
 				}
 			} catch (Exception e) {
-				e.printStackTrace();
 				log.error("Input command error", e);
 				throw new NoUiException("Input command error", e);
 			}
@@ -329,8 +316,7 @@ public class NoUiPresentationUtil {
 			context.getSession().loadData((IParent) sysmod.get(session), simp);

 		} catch (Exception e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
+			log.error("setSysmod exception",e);
 		}
 	}

@@ -343,8 +329,7 @@ public class NoUiPresentationUtil {
 		try {
 			sysmodBytes = IOUtils.readFully(stream.getInputStream(), (int) stream.size());
 		} catch (IOException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
+			log.error("sysmodToBytes exception",e);
 		}
 		return sysmodBytes;
 	}
@@ -371,7 +356,7 @@ public class NoUiPresentationUtil {
 			return String.valueOf((char)after);
 		}
 		//A-Z
-		if(ch >=65 && ch <= 90){
+		else if(ch >=65 && ch <= 90){
 			if(before+offset <= 90){
 				after = before+offset;
 			}else{
@@ -380,7 +365,7 @@ public class NoUiPresentationUtil {
 			return String.valueOf((char)after);
 		}
 		//0-9
-		if(ch >=48 && ch <= 57){
+		else if(ch >=48 && ch <= 57){
 			if(before+offset <= 57){
 				after = before+offset;
 			}else{

--- a/src/main/java/org/sss/presentation/noui/util/NoUiUtils.java
+++ b/src/main/java/org/sss/presentation/noui/util/NoUiUtils.java
@@ -39,6 +39,7 @@ public class NoUiUtils {
 	public static boolean connectKeeped;
 	public static String serviceDbName;
 	public static int STP=50;
+	public static boolean fieldencode=false;

 	private static final ThreadGroup threadGroup = new ThreadGroup("eIBS");


--- a/src/main/resources/eIBS.xml
+++ b/src/main/resources/eIBS.xml
@@ -43,6 +43,7 @@
  </service> -->
 	<service class="org.sss.presentation.noui.util.NoUiUtils"
 			 initMethodName="init" deinitMethodName="deinit">
+		<property name="fieldencode" value="true" class="boolean" />
 		<property name="connectKeeped" value="true" class="boolean" />
 		<property name="debugMode" value="false" class="boolean" />
 		<!-- WAR包本身的目录为变量$ROOT，WAR/WEB-INF/classes目录为变量$HOME -->