|
| 一种通用的彻底解决 SQL注入漏洞的编码方法 |
| An Encoding Method to Solve the SQL Injecting Problem Thoroughly |
| |
| DOI: |
| 中文关键词: 信息安全 SQL注入 ASCII编码 16进制 |
| 英文关键词: information security SQL injection ASCII encoding hexadecimal number system |
| 基金项目: |
|
| 摘要点击次数: 8403 |
| 全文下载次数: 7135 |
| 中文摘要: |
| SQL注入攻击的本质是在字符数据中插入可执行的代码。对字符串进行16进制ASCII编码即可彻底防止在数据中插入任何可执行的代码,从而达到彻底阻止SQL注入攻击的目的。而这种编码能保留字符数据的所有性质,不影响基于该字段的连接、比较、排序等操作。 |
| 英文摘要: |
| The essence of SQL injection attack is inserting executable codes in character fields .Encoding the characters into hexa-decimal ASCII codes can prohibit the insertion of executable codes so as to prevent SQL injection thoroughly .On the other hand , all properties of stings are remained in this encoding method .Encoded string can be used as foreign keys as well as used in com-paring and ordering . |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |