SQL注入攻击及防御方法研究
首发时间:2016-09-21
摘要:SQL注入是WEB安全的重要组成部分,SQL注入的攻击手段层出不穷,而如何防御SQL注入攻击是目前的研究热点之一。本文首先介绍了SQL注入,然后结合实际应用场景详细介绍了不同种类SQL注入的实现及效果,之后简要介绍了SQL注入的常用检测和防御方法,并给出了两种SQL注入防御方法,一是,在现有对称加密算法基础上给出了一种基于整型参数的对称加解密算法,此算法能够有效抵御针对整型参数的任何种类的注入攻击;二是,在前人SQL注入防御模型的基础上,给出了一种优化后的SQL注入攻击防范方法。最后,通过实验证明了方法的有效性。
For information in English, please click here
Research on SQL injection attacks and defense methods
Abstract: SQL injection is an important part of WEB security, SQL injection attacks are emerging, and how to defend against SQL injection attacks is currently one of the hot research.In this paper, we first introduce the SQL injection, and then combining with practical application scenarios,a detailed introduction is made on the implementation and results of different types of SQL injection, and then briefly introduces the SQL injection of commonly used detection and prevention methods, and give two SQL injection defense method. First,a symmetric encryption and decryption algorithm based on integer parameters is given in the existing symmetric encryption algorithm which can prevent the integer as an argument of any kinds of injection attacks; Second, a kind of optimized SQL injection attacks prevention method is given based on the SQL injection defense model which has been researched. Finally, the effectiveness of the method is proved by experiments.
Keywords: Computer application,SQL injection defense,Implementation of SQL injection
基金:
论文图表:
引用
No.4704292116180914****
同行评议
共计0人参与
勘误表
SQL注入攻击及防御方法研究
评论
全部评论0/1000