摘要
SQL注入是一种常用且易于实施的攻击手段,对网络应用程序的安全构成严重威胁。分析了现有的各种防范技术,在此基础上提出了一种基于语言集成查询LINQ(Language-Integrated Query)防范SQL注入攻击的多层体系结构。该体系使用LINQ语法代替传统的SQL语句来查询和处理数据库中的数据,在运行时,LINQ中的组件会将集成在代码中的查询转换成SQL,并在数据库系统上执行,完全转移了与数据库及SQL的交互形式,提高了应用程序的安全性。
SQL injection is a common attacking means and is easily to be implemented,which constitutes a serious menace to the security of network applications.In this paper we analyse the existing prevention technologies,and present a LINQ-based multi-tier architecture to prevent SQL injection attacks based on it.This architecture replaces traditional use of SQL with LINQ syntax to query and process data in the database. At the runtime,components of LINQ will transform the query integrated in codes into SQL sentence,and executes the SQL sentence in database.This makes a complete transfer of the interaction mode between Database and SQL,and improves the application security.
出处
《计算机应用与软件》
CSCD
2010年第11期291-293,共3页
Computer Applications and Software
