摘要
为降低Web应用程序中合法用户身份被非法窃取的风险,同时提高应用系统机密性及完整性,提出了一种基于AOP的安全会话管理方法。该方法关联远程IP地址与会话标识符(SessionID),通过对访问请求的关联性分析验证合法用户身份,从而应对Web应用程序中常见的失效身份验证与会话管理问题。通过方面(Aspect)封装的应用程序接口(API)具有较好的可扩展性,经编织后的Web应用程序无需修改原业务逻辑代码,就能有效提升自身会话管理机制的安全性及可靠性,保障用户数据不遭受未授权访问。
To reduce the risk of illegally spoofing legitimate users in web applications and improve the confidentiality and integrity of the application,a method of secure session management using Aspect-orientedprogramming(AOP)was proposed. By associating the remote IP address with the session identifier(SessionID)and analyzing the relevance of access requests,the legitimate user's identity was authenticated,so problems ofthe common broken authentication and session management in Web applications were solved. Applicationprogramming interface(API)encapsulated by Aspect has good scalability. The woven web application withoutmodifying the original business logic code can effectively improve the security and reliability of its own session management mechanism,and protect the user data from unauthorized access.
作者
叶志鹏
何成万
张峥峰
YE Zhipeng;HE Chenwan;ZHANG Zhengfeng(School of Computer Science and Engineering,Wuhan Institute of Technology,Wuhan 430205,China)
出处
《武汉工程大学学报》
CAS
2018年第5期565-568,共4页
Journal of Wuhan Institute of Technology
关键词
应用程序接口
面向方面编程
会话固定
失效的身份验证与会话管理
application programming interface
aspect-oriented programming
session fixation
broken authentication and session management
