摘要
针对不断出现的Web数据库安全问题和企业用户灵活多变的安全需求,对影响Web数据库安全的主要因素进行分析,构建一种基于XML的Web数据库安全中间件。从微管理和面向服务理念对身份鉴别、访问控制、漏洞检测和操作审计四个方面进行深入探讨。用监听器和过滤器实现用户访问控制、漏洞扫描器进行漏洞检查、日志记录器进行审计跟踪。为了更准确的预防SQL注入等攻击行为,使用了正则表达式定义过滤规则。实验和仿真证明,该中间件能够动态地适应环境变化,可以有效防止内外部用户对Web数据库的攻击和数据泄露。
In view of the Web database security problems and the flexible and changeable security demand of enterprises,we analysed the main factors that affect the security of Web database,and constructed an XML-based Web database security middleware. Thorough discussion are focused on four aspects,including the identity authentication,access control,leak detection and security auditing,based on the micro management and service-oriented philosophy. The middleware uses monitor and filter to implement user access control,uses vulnerability scanner for loopholes inspection,and uses log recorder for auditing tracking. In order to more accurately prevent SQL injection attacks and so on,it uses regular expression to define filtering rules. It is proved by the experiment and simulation that the middleware can dynamically adapt to the environmental changes and effectively prevent the attacks on the Web database by internal and external user's and the data leakage.
出处
《计算机应用与软件》
CSCD
2015年第8期38-42,179,共6页
Computer Applications and Software
基金
陕西教育厅科研计划项目(12JK1055)
