摘要
SQL注入是一种常用且易于实施的攻击手段,对网络应用程序的安全构成严重威胁。本文在公共自行车交通系统中提出了一种基于LINQ防范SQL注入攻击的多层体系结构。该体系使用LINQ语法代替传统的SQL语句来查询和处理数据库中的数据,在运行时,LINQ中的组件会将集成在代码中的查询转换成SQL,并在数据库系统上执行,完全转移了与数据库及SQL的交互形式,提高了应用程序的安全性。
SQL injection is a common and easily-implemented attacking means which poses a serious menace to the security of network applications. This paper presents a LINQ-based multi-tier architecture to prevent SQL injection attacks in the public bicycle transport system. This architecture replaces the traditional use of SQL with LINQ syntax to query and process data in database. At the runtime, components of LINQ will transform the query integrated in code into SQL sentence, and execute the SQL sentence in database. This makes a complete transfer of the interaction mode between Database and SQL and improves the application security.
出处
《城市公共交通》
2011年第11期53-56,共4页
Urban Public Transport
