Shulou(Shulou.com)06/03 Report--

Workflow engine

The so-called workflow engine refers to workflow as a part of the application system, and provides a decisive role for each application system according to the role, division of labor and conditions to determine the information transmission routing, content level and other core solutions. Workflow engine includes important functions such as process node management, flow direction management, process sample management and so on.

Adaptation database: oralce,mysql,sqlserver,Informix, PostgreSQL

Demand background

Research on data encryption of workflow engine, encryption scheme and implementation process of process data.

1. The purpose of process data encryption is to prevent process data from being tampered with, resulting in unnecessary losses to the unit.

2. Process data tampering has the identity of administrator and illegal, especially to prevent business personnel from doing bad things in combination with system administrators.

For example, there was such a situation in xxx company in xx year, when the business staff colluded with the administrator, resulting in a loss of 2 million yuan, although it was finally found out and fined, but it was dealt with afterwards.

Not all process data needs to be encrypted, such as the leave process, but reimbursement or other processes with sensitive data are needed.

4. The tampered data needs to be alerted, written to the log log, and cannot be executed.

5, the data of each node is required to be encrypted, and the data of the whole process is also encrypted.

Treatment plan:

1, add an attribute to the process whether IsMD5 is encrypted or not. Default whether or not, no encryption.

2. A salt value is included in the user information, which is used for later encryption operation.

3. Any encrypted process adds a field with a MD5 length of char (36) to each node form, which is used to store the MD5 value of the node data.

4. Add the field MD5 to the NDxxRpt table to store the process data encryption.

5, generate MD 5 values: generate MD 5 values in the following two steps and store them in the relevant physical tables.

1, after the node is sent successfully.

2, when the node fails to send.

6, the method of generating MD 5 value.

1, exclude the node form field from the immediately acquired field that is the default value (for example, get the current time, the current operator.), combine it into a large text, and then encrypt it with MD5 by obtaining the salt value of the approved user.

2, plus approval of the meaning of user salt value is to prevent violent cracking through the rainbow table.

7, the step to check whether it has been tampered with.

1, get the data of node and process data table, and exclude the key fields.

2, perform MD5 encryption.

3, compare the two strings.

8, check whether the MD 5 value is correct in the following cases.

There are places that involve opening the node form:

1. When opening the to-do work.

2, when opening the node form through the process log.

3, when opening the CC work.

4, when opening the way to work.

There are places that involve opening process data.

1, when opening the process data of the work track.

If there is anything wrong with the above, it is forbidden to open it and write it to the log text log.

Corresponding process Demo:

\\ process tree\\ form solution\\ leave process (track mode)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.