【摘要】：隨著互聯(lián)網(wǎng)的發(fā)展,網(wǎng)民數(shù)量持續(xù)增長;在需求市場的促進(jìn)下,web的應(yīng)用越來越普及。如今,網(wǎng)絡(luò)安全已經(jīng)成為國家安全的重要組成部分,由于編程人員的技術(shù)水平和經(jīng)驗不同。有的程序員在編寫代碼的時候沒有考慮到整個網(wǎng)絡(luò)安全性,特別是用戶交互時沒有對用戶提交的信息進(jìn)行合法的判斷,使應(yīng)用程序存在安全隱患。用戶和網(wǎng)頁交互時提交數(shù)據(jù)中含有數(shù)據(jù)庫代碼,進(jìn)入數(shù)據(jù)庫作非法操作,對數(shù)據(jù)庫修改、刪除或者破壞數(shù)據(jù)庫的信息,這就是所謂的SQL Injection,即SQL注入。雖然網(wǎng)絡(luò)普及我們的生活,但是人們的安全防范意識薄弱,再加上目前的防火墻對SQL注入也不能及時做出保護(hù)措施。此外,SQL注入的方法十分靈活,在交互時構(gòu)造巧妙的SQL語句,從而成功獲取數(shù)據(jù)庫中的信息。因此,研究SQL注入安全方面的問題是十分必要的。論文從SQL注入攻擊與防范對數(shù)據(jù)庫安全進(jìn)行研究。其中,將先由SQL基礎(chǔ)知識和Web應(yīng)用的架構(gòu)入手進(jìn)行研究,然后分析SQL注入的相關(guān)技術(shù),再討論與此相對應(yīng)的防御措施。本文主要是研究SQL注入的防范,先了解SQL注入的原理,再針對前人提出來的防范方法總結(jié)其優(yōu)缺點,提出更高效的防范方法和模型。用實例驗證SQL注入攻擊的防范方法,并對提出的模型進(jìn)行防范驗證,經(jīng)過多次測試證明該模型可以高效防御SQL注入。
[Abstract]:With the development of Internet, the number of Internet users continues to grow, and the application of web is becoming more and more popular under the promotion of demand market. Nowadays, network security has become an important part of national security, due to the technical level and experience of programmers. Some programmers do not take the whole network security into account when writing code, especially when users interact with each other, they do not legally judge the information submitted by users, which makes the application have security problems. When users and web pages submit data containing database code, enter the database for illegal operations, modify the database, delete or destroy the information of the database, this is the so-called SQL Injection, that is, SQL injection. Although the network popularizes our life, but people's security awareness is weak, coupled with the current firewall injection of SQL can not provide timely protection measures. In addition, the method of SQL injection is very flexible, and the clever SQL statements are constructed at the time of interaction, so that the information in the database can be obtained successfully. Therefore, it is necessary to study the problem of SQL injection security. This paper studies database security from SQL injection attack and prevention. Among them, the basic knowledge of SQL and the architecture of Web application will be studied first, then the related technologies of SQL injection will be analyzed, and then the corresponding defense measures will be discussed. This paper is mainly to study the prevention of SQL injection, first to understand the principle of SQL injection, then to summarize the advantages and disadvantages of the former methods, and to put forward a more efficient prevention method and model. The method of preventing SQL injection attack is verified by an example, and the proposed model is verified. After many tests, it is proved that the model can effectively defend against SQL injection.
【學(xué)位授予單位】：遼寧科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2015
【分類號】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 ;美國專家提出加強網(wǎng)絡(luò)安全的10條建議[J];w攣胖蕓，

本文編號：2334764