| Linux环境中基于PHP的SQL注入攻击与对策 |
| |
| 引用本文: | 张卓,薛质.Linux环境中基于PHP的SQL注入攻击与对策[J].信息安全与通信保密,2006(9):154-157. |
| |
| 作者姓名: | 张卓 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200030 |
| |
| 摘 要: | 由于PHP本身的缺陷和应用程序开发者安全防范意识不强,使得应用PHP技术的网站存在很多安全问题,而SQL注入就是利用此类漏洞来实施攻击。论文结合应用开发中的经验剖析攻击者SQL注入的方法和入侵的思路,并且提出相应的防御策略。
|
| 关 键 词: | PHP SQL注入攻击 字段扫描 数据库 网络后门 |
| 修稿时间: | 2005年12月20 |
SQL Injection Attack and Countermeasures Based on PHP in Linux |
| |
| Zhang Zhuo,Xue Zhi.SQL Injection Attack and Countermeasures Based on PHP in Linux[J].China Information Security,2006(9):154-157. |
| |
| Authors: | Zhang Zhuo Xue Zhi |
| |
| Abstract: | Due to the defects of the PHP language itself and weak awareness of network security of application programmers,there exist various security issues which are usually used by SQL injection attackers.Regarding to applica-tion programming experiences,some methods of SQL injection attackers were discussed and the intents of attackers behind such threats were looked into.Countermeasures to deal with SQL injection attack were also provided accordingly. |
| |
| Keywords: | PHP SQL injection attack segments scan database webshell |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
