CAJ | 학술논문

绝大多数的数据库和Web应用安全问题是由于用户的错误输入导致的.分析了当今广泛采用的众多技术,如过滤技术和静态分析技术,在SQLIA防范中存在弱点和缺陷,指出必须解决由Web系统动态构造SQL语句的非结构化所带来的语义鸿沟问题,才能根除SQLIA的结论.
절대다수적수거고화Web응용안전문제시유우용호적착오수입도치적.분석료당금엄범채용적음다기술,여과려기술화정태분석기술,재SQLIA방범중존재약점화결함,지출필수해결유Web계통동태구조SQL어구적비결구화소대래적어의홍구문제,재능근제SQLIA적결론.
Improper input validation accounts for most security problems in database and Web application. This paper analyzes several suggested techniques, such as the filtering techniques and the static analysis, and points out their drawbacks in the SOLIA prevention, which leads to the conclusion that the key problem for the eradication of SQLIA is to solve the semantic gap problem causing by the unstructured SQL statement in the process of constructing a Web system dynamically.