| SQL注入攻击全面预防办法及其应用 |
| |
| 引用本文: | 徐陋,姚国祥.SQL注入攻击全面预防办法及其应用[J].微计算机信息,2006,22(9):10-12. |
| |
| 作者姓名: | 徐陋 姚国祥 |
| |
| 作者单位: | 510632,广东广州暨南大学网络中心 |
| |
| 摘 要: | 介绍了SQL注入攻击原理,以ASP+SQLServer型网站为基础,从应用服务器、数据服务器、功能代码本身三个方面详细介绍了如何避免SQL注入攻击。尤其在功能程序本身方面,在前人提出的检测/防御/备案通用模型基础上,提出一个改良的SQL注入攻击通用检验模型。该模型只在服务器端设置一级检查,对攻击者进行备案,攻击次数过多的用户的请求服务器将不予理会,而且被抽象出来以单独函数形式存在,使用时直接调用即可,适用于所有页面。
|
| 关 键 词: | SQL注入攻击 入侵检测 |
| 文章编号: | 1008-0570(2006)03-3-0010-03 |
| 修稿时间: | 2005年8月10日 |
A Method Of Preventing SQL Injection Attack And It's Usage |
| |
| Xu,Lou,Yao,Guoxiang.A Method Of Preventing SQL Injection Attack And It''''s Usage[J].Control & Automation,2006,22(9):10-12. |
| |
| Authors: | Xu Lou Yao Guoxiang |
| |
| Abstract: | An introduction of SQL Injection Attack is given in this paper. Basing on the sites developed with ASP and SQL Server, a particular introduction of how to avoid SQL Injection Attack is proposed. It expatiates from three aspects: the application server, the database server, and the code. Especially in the aspect of code, based on the DDL(Detection- Defense- Log) Model, we proposal an improved common model. The model prevents the attack and records the attacker. And the request of person whose attack times rather than the user setting number will be discarded. All the function of the model is abstracted to the sub or the function, thus just an including, it can be expediently put into practice and suits for any page. |
| |
| Keywords: | ASP SQL Server IDS |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
