摘要
在应用Ajax进行电子政务网站建设与改造过程中,针对信息安全可能存在的风险包括攻击面增加、跨站点脚本Cross-site scripting(XSS)、跨站点恶意请求Cross-Site Request Forgery(CSRF)等,论文从应用层上探讨保证信息安全发布的机制,即从管理模式上采用二级审核,从技术实现方面采用多种方案,如同名脚本、标准函数和数据清理等方法,来达到信息安全发布的目的,为政务网站信息安全发布提供保障。
There are several dangers in message publishing while building e-government web by using Ajax, such as increased attack, Cross-site scripting(XSS), Cross-Site Request Forgery(CSRF) and so on. The paper, from application layer, discusses the mechanism for guaranteeing the safe message publishing. Management mode based on two-level approval is adopted, which uses data sanitizing and checking code to provide a security environment for e-government web message publishing.
出处
《信息安全与通信保密》
2008年第8期150-151,共2页
Information Security and Communications Privacy
