| SQL注入攻击检测与防御研究 |
| |
| 引用本文: | 齐 林,王静云,蔡凌云,陈宁波.SQL注入攻击检测与防御研究[J].河北科技大学学报,2012,33(6):530-533. |
| |
| 作者姓名: | 齐 林 王静云 蔡凌云 陈宁波 |
| |
| 作者单位: | 1. 河北科技大学信息科学与工程学院,河北石家庄,050018
2. 河北省纺织纤维玖仟质量认证咨询中心,河北石家庄,050018 |
| |
| 基金项目: | 河北省科技支撑计划资助项目 |
| |
| 摘 要: | 简要介绍了SQL注入攻击的原理,对SQL注入攻击方式进行了分析,总结了SQL注入攻击的流程。根据SQL注入攻击的基本原理以及入侵前和入侵后的检测方法不同,提出了SQL注入攻击检测的方法,并在此基础上给出了一种基于客户端和服务器端的SQL注入攻击的防御模型,经过测试表明该模型的计算时间复杂度低,具有安全性和通用性,解决了网络中存在的SQL注入攻击问题。
|
| 关 键 词: | SQL注入 攻击检测 参数传递 防御模型 |
| 收稿时间: | 2012/9/24 0:00:00 |
| 修稿时间: | 2012/11/6 0:00:00 |
Detection of SQL injection attacks and the defense |
| |
| QI Lin,WANG Jing-yun,CAI Ling-yun and CHEN Ning-bo.Detection of SQL injection attacks and the defense[J].Journal of Hebei University of Science and Technology,2012,33(6):530-533. |
| |
| Authors: | QI Lin WANG Jing-yun CAI Ling-yun and CHEN Ning-bo |
| |
| Affiliation: | 1(1.College of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang Hebei 050018,China;2.Textile Fiber Jiuqian Quality Certification Consulting Center of Hebei Province,Shijiazhuang Hebei 050018,China) |
| |
| Abstract: | This paper briefly introduced the principle of SQL injection attack,analyzed the SQL injection attack mode,and summarized the process of SQL injection attack.According to the basic principle of SQL injection attack and the different detection methods before the invasion and after the invasion,the SQL injection attack detection method was proposed,and SQL injection attack defense model based on the client and the server was given.The test shows that the models calculation time complexity is low,and it meets the safety and generality requirements.The method can be used to solve SQL injection attack problem in the network. |
| |
| Keywords: | SQL injection attack detection parameter passing defense model |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《河北科技大学学报》浏览原始摘要信息 |
|
点击此处可从《河北科技大学学报》下载全文 |
|
