| ASP.NET的SQL注入攻击及防御 |
| |
| 引用本文: | 张学义,钟志宏.ASP.NET的SQL注入攻击及防御[J].华侨大学学报(自然科学版),2016,0(5):633-636. |
| |
| 作者姓名: | 张学义 钟志宏 |
| |
| 作者单位: | 黔南民族师范学院 计算机与信息学院, 贵州 都匀 558000 |
| |
| 摘 要: | 研究ASP.NET网站的SQL注入攻击的成因、攻击距离,通过实例说明ASP.NET程序中的SQL注入攻击方式.研究表明:要防范SQL注入,最重要的就是要做好危险字符验证的程序、异常编码的处理,屏敝错误信息,并从代码安全上进行阻止,如设置可靠的SQL参数、给数据进行加密处理、查验用户信息、设置存储路径和设置安全措施等,从而加强ASP.NET网站的性能和安全,避免SQL注入攻击的实现.
|
| 关 键 词: | ASP.NET SQL注入攻击 防御技术 异常编码 代码安全 |
SQL Injection Attacks and Defense Based on ASP.NET |
| |
| ZHANG Xueyi,ZHONG Zhihong.SQL Injection Attacks and Defense Based on ASP.NET[J].Journal of Huaqiao University(Natural Science),2016,0(5):633-636. |
| |
| Authors: | ZHANG Xueyi ZHONG Zhihong |
| |
| Affiliation: | School of Computer and Information, Qiannan Normal University for Nationalities, Duyun 558000, China |
| |
| Abstract: | This paper research the causes and attack distance of SQL injection attacks, and illustrates through examples the SQL injection attack methods in on the ASP.NET program. The research shows that hazard character verification and abnormalites codes handling are the most important to prevent SQL injection. By using keywords shield, SQL parameter optimization, data encryption, user information check, storage path setting, and implement safety measures can improve the security of ASP.NET website and effectively prevent SQL injection attacks. |
| |
| Keywords: | ASP NET SQL injection attack defense technology extraordinary code code security |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《华侨大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《华侨大学学报(自然科学版)》下载全文 |
