|
| 一种轻量级的服务端防SQL注入攻击方法 |
| A Lightweight Server Side Method to Prevent SQL Injection |
| 投稿时间:2018-10-08 |
| DOI:10.16018/j.cnki.cn32-1650/n.201902006 |
| 中文关键词: SQL注入 最不频繁字符串 信息安全 文本挖掘 |
| 英文关键词: SQL injection least frequent string information security text mining |
| 基金项目: |
|
| 摘要点击次数: 4649 |
| 全文下载次数: 3650 |
| 中文摘要: |
| SQL注入攻击是针对基于数据库的网站和信息系统的一种常见攻击。通过非法的输入,攻击者可以绕开验证、非法获取内容甚至篡改系统数据。通常在客户端的验证可以被攻击者用跳过输入界面直接提交非法数据的方法攻击;而服务端的验证又会严重消耗服务器的资源。为了克服上述缺陷,通过对注入语句的分析,提出了一种轻量级的服务端验证方法,用文本挖掘的方法取得最不常见的字符串替换掉输入中的少数字符以阻止SQL注入攻击,同时最小化服务器用于验证输入合法性的资源。 |
| 英文摘要: |
| SQL injection attack is a common attack against database-based websites and information systems. Through illegal input, attackers can bypass authentication, illegally acquire content and even tamper with system data. In general, client-side validation can be attacked by attackers by directly submitting illegal data by skipping the input interface, while server-side validation can seriously consume server resources. In order to overcome the above defects, a lightweight server-side validation method is proposed by analyzing the injected statements. The method of text mining is used to get the least common strings and replace a few characters in the input to prevent SQL injection attacks, while minimizing the resources that servers use to validate input legitimacy. |
|
查看全文
查看/发表评论 下载PDF阅读器 |
| 关闭 |