| Web应用程序自身缺陷引起的安全性问题探讨 |
| |
| 引用本文: | 孟宪虎,沈钧毅. Web应用程序自身缺陷引起的安全性问题探讨[J]. 计算机应用与软件, 2002, 19(4): 63-64,F003 |
| |
| 作者姓名: | 孟宪虎 沈钧毅 |
| |
| 作者单位: | 1. 运城高等专科学校计算机系,运城,044000
2. 西安交通大学计算机软件所,西安,710049 |
| |
| 摘 要: | Web应用程序自身有许多缺陷,由此带来很多不安的因素,和采用安装防火墙、入侵检测及防病毒软件等御外措施没有必然的联系,为了使Web应用程序本身具有一定的坚固性,首先应该确认访问程序的用衣身份是否合法,应该对用户名和口令进行验证,其次要考虑用户的权限控制,使合法的用户在自己的合法范围内进行数据操作;再次是用户无论访问那一个页面,该页面必须和上述用户口令及权限联系起来,防止用户知道页面地址直接访问该页面,当用户进入合法页面,因Web应用程序大多数是在远程通信的环境下使用的,通信随时可能中断,所以必须考虑用户如何对数据进行安全提交。
|
| 关 键 词: | Web 应用程序 程序安全性 权限控制 页面验证 Internet |
A DISCNSSION OF SECURITY PROBLEMS BROUGHT BY WEB APPLICATION DEFECTS |
| |
| Meng Xianhu Shen Junyi. A DISCNSSION OF SECURITY PROBLEMS BROUGHT BY WEB APPLICATION DEFECTS[J]. Computer Applications and Software, 2002, 19(4): 63-64,F003 |
| |
| Authors: | Meng Xianhu Shen Junyi |
| |
| Abstract: | The defections in Web applications bring many unsafe factors which have no necessary relations with the defend measures such as firewall, intrusion check and anti - virus software.To guarantee the solidity of Web apph'cations,firstly the user identity must be validated through user-name and password checking. Secondly the user s power should be controlled to guarantee the user operate data within righteous range.Thirdly every page should be connected with user power to ward off the users who know the exact URL of the page. Lastly since most of the Web apph'cations are executed at the client side, the communication could be disconnected at any time, so secure data submission must be considered. |
| |
| Keywords: | Web application Program security Power control Page validation Secure data submission |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
