摘要
现今实现防止SQL注入攻击主要是在服务器端实现,实现的方法主要有基于正则表达式的输入验证、敏感字符的改写、部分数据加密。上述方法的缺点主要体现在以下的几个方面,其一,服务端处理数据使系统资源被过分占用,容易造成服务器端拒绝服务;其二,编写动态网页的脚本语言多样化,每种脚本对应一种防止SQL注入方法,使程序不具有可读性、标准性。文中着力解决基于服务器端处理SQL注入攻击的缺陷,故探寻了一种在客服端实现的基于jQuery防止SQL注入攻击的方法,其目的是使攻击在客服端就被拦截,同时利用jQuery开放性的特点使web程序更具有可移植性。
The main method of realizing to prevent SQL injection attacks is based on regular expression validation,sensitive character's change,partly data's encryption on the server.As is stated above,disadvantage of those method are mainly embodied in the following aspects,firstly on the server deal with information easily to create system resource are over-occupied,easy to create server-side denial of service.Secondly mutiplex ways to compile web program,each script have each an opinion to prevent attack.Accordingly program is absent of readability,standardization.So discuss a method that is based on jQuery,and the purpose of preventing the SQL injection on the client.As the same time,while taking advantage of the characteristics of jQuery open-ended program to make web more portable.
出处
《计算机技术与发展》
2011年第2期177-180,共4页
Computer Technology and Development
基金
四川省应用基础研究计划课题(04JY029-096)
四川省自然科学重点项目(09ZA055)
