| 基于SQL注入攻击的三种防御技术 |
| |
| 引用本文: | 李晓龙.基于SQL注入攻击的三种防御技术[J].襄樊学院学报,2013(5):18-21. |
| |
| 作者姓名: | 李晓龙 |
| |
| 作者单位: | 襄阳职业技术学院外国语学院,湖北襄阳441050 |
| |
| 摘 要: | SQL注入攻击是基于ASP/ASP.NET+ACCESS/SQL Server架构的Web应用程序和数据库系统,将非法的SQL命令语句通过正常的数据传递渠道提交至数据库内部执行,从而达到篡改、破坏数据的目的.针对此,三种基于SQL注入攻击的防御技术:参数化查询、存储过程和URL重写,通过实例来验证和比较它们的防御效果,为合理选择使用、提高Web应用程序的安全性提供一定的参考和借鉴.
|
| 关 键 词: | SQL注入攻击 参数化查询 存储过程 URL重写 防御技术 |
Three Defense Technologies Based on SQL Injection |
| |
| LI Xiao-long.Three Defense Technologies Based on SQL Injection[J].Journal of Xiangfan University,2013(5):18-21. |
| |
| Authors: | LI Xiao-long |
| |
| Institution: | LI Xiao-long (College of Foreign Languages, Xiangyang Vocational and Technical College, Xiangyang 441050, China) |
| |
| Abstract: | SQL injection attack refers to Web application programs and database system, based on ASP/ASENET+ACCESS/SQL Server structure, submits illegal SQL command to database via normal data transference chanel, which aims at tampering with data. The paper carries out research on several defense technologies against SQL injection attacks currently from parameter query, storage process and URL rewriting to make comparison through case study, which is helpful to improve safety of Web application programs. |
| |
| Keywords: | SQL injection Parameterized query Stored procedure URL rewriting Defense technology |
| 本文献已被 CNKI 维普 等数据库收录! |
|
