| ASP.NET应用中SQL注入攻击的分析与防范 |
| |
| 引用本文: | 褚龙现. ASP.NET应用中SQL注入攻击的分析与防范[J]. 计算机与现代化, 2014, 0(3): 151. DOI: 10.3969/j.issn.1006-2475.2014.03.035 |
| |
| 作者姓名: | 褚龙现 |
| |
| 基金项目: | 河南省教育厅科学技术研究重点项目(12B520040) |
| |
| 摘 要: | 针对ASP.NET应用程序中存在SQL注入攻击问题,通过分析注入攻击的途径和方法,从输入过滤、语句参数化和SQL关键词转义三方面进行防范,实现三层防范模型。该防范模型可以自定义关键词转义规则,能够有效阻断SQL注入攻击途径,提高Web应用程序的安全性。实验结果表明该防范模型的可行性和有效性。
|
| 关 键 词: | SQL过滤 模型 安全 攻击 |
| 收稿时间: | 2014-03-31 |
Analysis and Defense of SQL Injection Attacks in ASP.NET Application |
| |
| CHU Long-xian. Analysis and Defense of SQL Injection Attacks in ASP.NET Application[J]. Computer and Modernization, 2014, 0(3): 151. DOI: 10.3969/j.issn.1006-2475.2014.03.035 |
| |
| Authors: | CHU Long-xian |
| |
| Abstract: | Aiming at the SQL injection attack problem in ASP.NET application, after the analysis on the approach and method of injection attacks, a three-level prevention model is put forward from the aspect of input filtering, statement parameters and SQL keywords escaping. With this model, we can customize the rule of keywords escaping and block the approach of SQL injection attacks effectively. The result of experiments verifies the feasibility and effectiveness of this prevention model. |
| |
| Keywords: | SQL filter model security attack
|
|
| 点击此处可从《计算机与现代化》浏览原始摘要信息 |
|
点击此处可从《计算机与现代化》下载全文 |
