| Web项目中的SQL注入问题研究与防范方法 |
| |
| 引用本文: | 王云,郭外萍,陈承欢.Web项目中的SQL注入问题研究与防范方法[J].计算机工程与设计,2010,31(5). |
| |
| 作者姓名: | 王云 郭外萍 陈承欢 |
| |
| 作者单位: | 湖南铁道职业技术学院信息系,湖南,株洲,412001 |
| |
| 基金项目: | 湖南省教育科学"十一五"规划重点课题基金项目 |
| |
| 摘 要: | 基于B/S模式的网络服务构架技术的应用被普遍采用,许多该类型的应用程序在设计与开发时没有充分考虑到数据合法性校验问题,因此使其在应用中存在安全隐患.在横向比较SQL注入攻击模式的基础之上,分析了SQL注入攻击的特点、原理,并对常用注入途径进行了总结.提出在主动式防范模型的基础上,使用输入验证,sQLserver防御以及使用存储过程替代参数化查询相结合的形式构建出一种有效防范SQL注入攻击的思路和方法.测试结果表明该防范模型具有较高的实用性和安全性.
|
| 关 键 词: | SQL注入攻击 防范模型 执行模块 防范方法 server防御 |
Research on SQL injection attacks and guard method in web project |
| |
| WANG Yun,GUO Wai-ping,CHEN Cheng-huan.Research on SQL injection attacks and guard method in web project[J].Computer Engineering and Design,2010,31(5). |
| |
| Authors: | WANG Yun GUO Wai-ping CHEN Cheng-huan |
| |
| Affiliation: | WANG Yun,GUO Wai-ping,CHEN Cheng-huan (Department of Computer Science,Hunan Railway Professional Technology College,Zhuzhou 412001,China) |
| |
| Abstract: | In recent years,with the based on B/S mode network service framework technology is widely adopted by many software applications. Many this type application procedures when designs and the development has not considered the data validity verification question fully,therefore causes it to have the safe hidden danger in the application. Based of horizontal comparison SQL injection attack mode,the characteristic and the theory of SQL injection attacks are analyzed,and the commonly used way of SQL injection atta... |
| |
| Keywords: | SQL SQL SQL SQL injection attacks guard model execution module guard method SQL server defense |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
