| Web应用中SQL注入攻击研究 |
| |
| 引用本文: | 余志高,周国祥.Web应用中SQL注入攻击研究[J].信息安全与通信保密,2010(4):81-83. |
| |
| 作者姓名: | 余志高 周国祥 |
| |
| 作者单位: | 合肥工业大学计算机与信息学院,安徽合肥,230009 |
| |
| 摘 要: | SQL注入攻击是一种利用客户端用户提交数据构成查询语句而没有对潜在有害字符进行处理就在Web应用后台数据库中执行,从而产生与应用预期不同结果的一种攻击手段。在Internet或企业内部网络中,对Web应用中进行SQL注入攻击大量存在。这种攻击手段很容易被攻击者利用,但是只要对Web应用采取合理的安全防护措施就可以阻止SQL注入的发生或减少攻击造成的损失。
|
| 关 键 词: | SQL注入攻击 预防措施 Web应用 盲注攻击 预处理语句 |
SQL Injection Attacks in Web Application |
| |
| YU Zhi-gao,ZHOU Guo-xiang.SQL Injection Attacks in Web Application[J].China Information Security,2010(4):81-83. |
| |
| Authors: | YU Zhi-gao ZHOU Guo-xiang |
| |
| Institution: | YU Zhi-gao,ZHOU Guo-xiang (School of Computer , Information,Hefei University of Technology,Hefei Anhui 230009,China) |
| |
| Abstract: | SQL injection is a technique for exploiting the Web application that use client-supplied data for SQL queries and, without stripping potentially harmful characters, execute SQL queries in back-end database, thus producing an attack different from the expectation. In the Internet or intranet, remarkable numbers of SQL injections exist the Web application, which is easily exploited by attackers. However, proper countermeasures adopted in Web application could prevent SQL injections or reduce the loss resulted... |
| |
| Keywords: | SQL injection attack countermeasure Web application blind SQLIAS prepared statements |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
