摘要
互联网的普及使得Web银行成为金融企业拓展业务的必然。然而Web银行在给用户带来极大便利的同时,网络安全特别是SQL注入攻击也成为了一个倍受关注的问题。本文在分析SQL注入原理和常见注入方式的基础上,依据多年从事银行业务系统应用开发、实施和审计经验,总结了几点Web环境下针对SQL注入的防范措施。
As the extensive application of Web banking information systems brings great convenience to the people, network security, especially SQL injection attacks have been paid much attention. This paper firstly analyzed the principle and common approaches of SQL injection, then summarized several defensive measures against SQL injection in the Web system based on author's rich experience in development, implementation and auditing in banking application system.