计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2010年
5期
976-978,1016
,共4页
SQL%SQL注入攻击%防范模型%执行模块%防范方法%SQL%server防御
SQL%SQL註入攻擊%防範模型%執行模塊%防範方法%SQL%server防禦
SQL%SQL주입공격%방범모형%집행모괴%방범방법%SQL%server방어
SQL%SQL injection attacks%guard model%execution module%guard method%SQL server defense
基于B/S模式的网络服务构架技术的应用被普遍采用,许多该类型的应用程序在设计与开发时没有充分考虑到数据合法性校验问题,因此使其在应用中存在安全隐患.在横向比较SQL注入攻击模式的基础之上,分析了SQL注入攻击的特点、原理,并对常用注入途径进行了总结.提出在主动式防范模型的基础上,使用输入验证,sQLserver防御以及使用存储过程替代参数化查询相结合的形式构建出一种有效防范SQL注入攻击的思路和方法.测试结果表明该防范模型具有较高的实用性和安全性.
基于B/S模式的網絡服務構架技術的應用被普遍採用,許多該類型的應用程序在設計與開髮時沒有充分攷慮到數據閤法性校驗問題,因此使其在應用中存在安全隱患.在橫嚮比較SQL註入攻擊模式的基礎之上,分析瞭SQL註入攻擊的特點、原理,併對常用註入途徑進行瞭總結.提齣在主動式防範模型的基礎上,使用輸入驗證,sQLserver防禦以及使用存儲過程替代參數化查詢相結閤的形式構建齣一種有效防範SQL註入攻擊的思路和方法.測試結果錶明該防範模型具有較高的實用性和安全性.
기우B/S모식적망락복무구가기술적응용피보편채용,허다해류형적응용정서재설계여개발시몰유충분고필도수거합법성교험문제,인차사기재응용중존재안전은환.재횡향비교SQL주입공격모식적기출지상,분석료SQL주입공격적특점、원리,병대상용주입도경진행료총결.제출재주동식방범모형적기출상,사용수입험증,sQLserver방어이급사용존저과정체대삼수화사순상결합적형식구건출일충유효방범SQL주입공격적사로화방법.측시결과표명해방범모형구유교고적실용성화안전성.
In recent years, with the based on B/S mode network service framework technology is widely adopted by many software applications. Many this type application procedures when designs and the development has not considered the data validity verification question fully, therefore causes it to have the safe hidden danger in the application. Based of horizontal comparison SQL injection attack mode, the characteristic and the theory of SQL injection attacks are analyzed, and the commonly used way of SQL injection attacks is summarized. Based on proactive prevention model combined input validation, SQL server defense with using stored procedure instead of parameterized queries to build up an effective guard against SQL injection attacks ideas and methods. The test shows that the preventive model has a high availability and security.
