摘要
本文从SQL注入攻击的原理入手,对ASP+SQL Server网站攻击模型进行研究。从应用服务器、数据服务器、代码策略等角度进行测算,针对如何避免SQL注入进行策略分析。从功能程序角度,提出了通用SQL注入攻击检验模型,该模型策略可以在服务器端进行检测、跟踪、备案,保证用户访问服务器过程中以单独函数推进,保证系统处于稳定安全状态。
In this paper, the principle of SQL injection attack was analyzed, and further, the attack model aiming at ASP + SQL Server website was discussed and measured from the point of application server, data servers and code strategies. The prevention strategies weregiven, so as to avoid the SQL injection. Finally, from the angle of function program, the general detection model of SQL injection attack was put forward in which we can detect, track the attack and record it in the server to ensure that users can access server in separate function propulsion, guarantee system in a stable condition.
出处
《网络安全技术与应用》
2011年第3期14-16,共3页
Network Security Technology & Application
关键词
SQL
注入攻击
策略分析
检测模型
SQL
Injection Attack
Strategy Analysis
Detection Model