CAJ | 학술논문

针对不断出现的Web数据库安全问题和企业用户灵活多变的安全需求，对影响Web数据库安全的主要因素进行分析，构建一种基于XML的Web数据库安全中间件。从微管理和面向服务理念对身份鉴别、访问控制、漏洞检测和操作审计四个方面进行深入探讨。用监听器和过滤器实现用户访问控制、漏洞扫描器进行漏洞检查、日志记录器进行审计跟踪。为了更准确的预防SQL注入等攻击行为，使用了正则表达式定义过滤规则。实验和仿真证明，该中间件能够动态地适应环境变化，可以有效防止内外部用户对Web数据库的攻击和数据泄露。
침대불단출현적Web수거고안전문제화기업용호령활다변적안전수구，대영향Web수거고안전적주요인소진행분석，구건일충기우XML적Web수거고안전중간건。종미관리화면향복무이념대신빈감별、방문공제、루동검측화조작심계사개방면진행심입탐토。용감은기화과려기실현용호방문공제、루동소묘기진행루동검사、일지기록기진행심계근종。위료경준학적예방SQL주입등공격행위，사용료정칙표체식정의과려규칙。실험화방진증명，해중간건능구동태지괄응배경변화，가이유효방지내외부용호대Web수거고적공격화수거설로。
In view of the Web database security problems and the flexible and changeable security demand of enterprises, we analysed the main factors that affect the security of Web database, and constructed an XML-based Web database security middleware.Thorough discussion are focused on four aspects, including the identity authentication, access control, leak detection and security auditing, based on the micro management and service-oriented philosophy.The middleware uses monitor and filter to implement user access control, uses vulnerability scanner for loopholes inspection, and uses log recorder for auditing tracking.In order to more accurately prevent SQL injection attacks and so on, it uses regular expression to define filtering rules.It is proved by the experiment and simulation that the middleware can dynamically adapt to the environmental changes and effectively prevent the attacks on the Web database by internal and external user's and the data leak-age.