摘要
SQL注入是Web应用中常见的一种攻击方法,危害性极大,网络开发工程师通过严密的编程和设计,可以避免该类攻击的发生。该文介绍了SQL注入的攻击方法,并提出了一个基于JSP+tomcat5+SQLServer2000应用的防护模型,经过适当修改也可以用于其他类型的Web应用中。
SQL injection is a common attack method in web application,which has large harmfulness. The leak can be avoided by the strict design and programming. In this paper,SQL injection attack method is introduced,then a prevention model for JSP+tomcat5+ SQLServer 2000 is proposed,which can be also used in the other web applications.
出处
《计算机安全》
2008年第5期9-12,共4页
Network & Computer Security
关键词
SQL注入
攻击
防护模型
SQL injection
attack
prevention model