| 基于参数查询防止SQL注入攻击的方法 |
| |
| 引用本文: | 隋励丽,张恒博.基于参数查询防止SQL注入攻击的方法[J].大连民族学院学报,2012,14(5):495-497. |
| |
| 作者姓名: | 隋励丽 张恒博 |
| |
| 作者单位: | 大连民族学院 |
| |
| 摘 要: | 本文分析了SQL注入攻击的原理和攻击步骤的方法,针对ASP网站重点分析了SQL注入攻击的实现原理、实现过程,并且针对性地提出了利用参数查询有效预防SQL注入攻击的策略实现。该策略包括检查用户输入、使用类型安全的SQL参数、使用存储过程、进行数据加密以及进行安全部署等,能很好地加强ASP网站应用程序的安全性,可有效防范绝大多数针对网站本身SQL注入式攻击。
|
| 关 键 词: | SQL SQL注入攻击 参数查询 ADO SQL SIA Parameter Query ADO |
A Method to Defend against SQL Injection Attack Based on Parameter Query |
| |
| SUI Li-li,ZHANG Heng-bo.A Method to Defend against SQL Injection Attack Based on Parameter Query[J].Journal of Dalian Nationalities University,2012,14(5):495-497. |
| |
| Authors: | SUI Li-li ZHANG Heng-bo |
| |
| Affiliation: | (School of Computer Science & Engineering,Dalian Nationalities University,Dalian Liaoning 116605,China) |
| |
| Abstract: | This paper describes the principle and the methods of SQL injection attacks.And the paper puts the emphasis on the implementation methods and procedures of SQL injection attacks to the ASP website.The strategies are proposed to defend SQL injection attacks effectively by using the parameter query methods,which include checking user input,using type-safe SQL parameters,using stored procedures and so on.And the data encrypting and security deployment are used as well.The methods proposed in this paper can reinforce the security of the ASP web application,and can effectively prevent the website from the most of SQL injection attacks. |
| |
| Keywords: | SQL SIA parameter query ADO |
| 本文献已被 CNKI 维普 等数据库收录! |
| 点击此处可从《大连民族学院学报》浏览原始摘要信息 |
|
点击此处可从《大连民族学院学报》下载全文 |
