基于SQL注入技術的攻擊和防范研究
發(fā)布時間:2018-11-16 06:45
【摘要】:隨著互聯網的發(fā)展,網民數量持續(xù)增長;在需求市場的促進下,web的應用越來越普及。如今,網絡安全已經成為國家安全的重要組成部分,由于編程人員的技術水平和經驗不同。有的程序員在編寫代碼的時候沒有考慮到整個網絡安全性,特別是用戶交互時沒有對用戶提交的信息進行合法的判斷,使應用程序存在安全隱患。用戶和網頁交互時提交數據中含有數據庫代碼,進入數據庫作非法操作,對數據庫修改、刪除或者破壞數據庫的信息,這就是所謂的SQL Injection,即SQL注入。雖然網絡普及我們的生活,但是人們的安全防范意識薄弱,再加上目前的防火墻對SQL注入也不能及時做出保護措施。此外,SQL注入的方法十分靈活,在交互時構造巧妙的SQL語句,從而成功獲取數據庫中的信息。因此,研究SQL注入安全方面的問題是十分必要的。論文從SQL注入攻擊與防范對數據庫安全進行研究。其中,將先由SQL基礎知識和Web應用的架構入手進行研究,然后分析SQL注入的相關技術,再討論與此相對應的防御措施。本文主要是研究SQL注入的防范,先了解SQL注入的原理,再針對前人提出來的防范方法總結其優(yōu)缺點,提出更高效的防范方法和模型。用實例驗證SQL注入攻擊的防范方法,并對提出的模型進行防范驗證,經過多次測試證明該模型可以高效防御SQL注入。
[Abstract]:With the development of Internet, the number of Internet users continues to grow, and the application of web is becoming more and more popular under the promotion of demand market. Nowadays, network security has become an important part of national security, due to the technical level and experience of programmers. Some programmers do not take the whole network security into account when writing code, especially when users interact with each other, they do not legally judge the information submitted by users, which makes the application have security problems. When users and web pages submit data containing database code, enter the database for illegal operations, modify the database, delete or destroy the information of the database, this is the so-called SQL Injection, that is, SQL injection. Although the network popularizes our life, but people's security awareness is weak, coupled with the current firewall injection of SQL can not provide timely protection measures. In addition, the method of SQL injection is very flexible, and the clever SQL statements are constructed at the time of interaction, so that the information in the database can be obtained successfully. Therefore, it is necessary to study the problem of SQL injection security. This paper studies database security from SQL injection attack and prevention. Among them, the basic knowledge of SQL and the architecture of Web application will be studied first, then the related technologies of SQL injection will be analyzed, and then the corresponding defense measures will be discussed. This paper is mainly to study the prevention of SQL injection, first to understand the principle of SQL injection, then to summarize the advantages and disadvantages of the former methods, and to put forward a more efficient prevention method and model. The method of preventing SQL injection attack is verified by an example, and the proposed model is verified. After many tests, it is proved that the model can effectively defend against SQL injection.
【學位授予單位】:遼寧科技大學
【學位級別】:碩士
【學位授予年份】:2015
【分類號】:TP393.08
[Abstract]:With the development of Internet, the number of Internet users continues to grow, and the application of web is becoming more and more popular under the promotion of demand market. Nowadays, network security has become an important part of national security, due to the technical level and experience of programmers. Some programmers do not take the whole network security into account when writing code, especially when users interact with each other, they do not legally judge the information submitted by users, which makes the application have security problems. When users and web pages submit data containing database code, enter the database for illegal operations, modify the database, delete or destroy the information of the database, this is the so-called SQL Injection, that is, SQL injection. Although the network popularizes our life, but people's security awareness is weak, coupled with the current firewall injection of SQL can not provide timely protection measures. In addition, the method of SQL injection is very flexible, and the clever SQL statements are constructed at the time of interaction, so that the information in the database can be obtained successfully. Therefore, it is necessary to study the problem of SQL injection security. This paper studies database security from SQL injection attack and prevention. Among them, the basic knowledge of SQL and the architecture of Web application will be studied first, then the related technologies of SQL injection will be analyzed, and then the corresponding defense measures will be discussed. This paper is mainly to study the prevention of SQL injection, first to understand the principle of SQL injection, then to summarize the advantages and disadvantages of the former methods, and to put forward a more efficient prevention method and model. The method of preventing SQL injection attack is verified by an example, and the proposed model is verified. After many tests, it is proved that the model can effectively defend against SQL injection.
【學位授予單位】:遼寧科技大學
【學位級別】:碩士
【學位授予年份】:2015
【分類號】:TP393.08
【相似文獻】
相關期刊論文 前10條
1 ;美國專家提出加強網絡安全的10條建議[J];w攣胖蕓,
本文編號:2334764
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2334764.html
最近更新
教材專著
