文章摘要
一种轻量级的服务端防SQL注入攻击方法
A Lightweight Server Side Method to Prevent SQL Injection
投稿时间:2018-10-08  
DOI:10.16018/j.cnki.cn32-1650/n.201902006
中文关键词: SQL注入  最不频繁字符串  信息安全  文本挖掘
英文关键词: SQL injection  least frequent string  information security  text mining
基金项目:
作者单位
付熙徐 上海海洋大学 现代信息与教育技术中心, 上海 201306 
龚希章 上海海洋大学 现代信息与教育技术中心, 上海 201306 
摘要点击次数: 256
全文下载次数: 187
中文摘要:
      SQL注入攻击是针对基于数据库的网站和信息系统的一种常见攻击。通过非法的输入,攻击者可以绕开验证、非法获取内容甚至篡改系统数据。通常在客户端的验证可以被攻击者用跳过输入界面直接提交非法数据的方法攻击;而服务端的验证又会严重消耗服务器的资源。为了克服上述缺陷,通过对注入语句的分析,提出了一种轻量级的服务端验证方法,用文本挖掘的方法取得最不常见的字符串替换掉输入中的少数字符以阻止SQL注入攻击,同时最小化服务器用于验证输入合法性的资源。
英文摘要:
      SQL injection attack is a common attack against database-based websites and information systems. Through illegal input, attackers can bypass authentication, illegally acquire content and even tamper with system data. In general, client-side validation can be attacked by attackers by directly submitting illegal data by skipping the input interface, while server-side validation can seriously consume server resources. In order to overcome the above defects, a lightweight server-side validation method is proposed by analyzing the injected statements. The method of text mining is used to get the least common strings and replace a few characters in the input to prevent SQL injection attacks, while minimizing the resources that servers use to validate input legitimacy.
查看全文   查看/发表评论  下载PDF阅读器
关闭