摘要
SQL注入攻击是针对基于数据库的网站和信息系统的一种常见攻击。通过非法的输入,攻击者可以绕开验证、非法获取内容甚至篡改系统数据。通常在客户端的验证可以被攻击者用跳过输入界面直接提交非法数据的方法攻击;而服务端的验证又会严重消耗服务器的资源。为了克服上述缺陷,通过对注入语句的分析,提出了一种轻量级的服务端验证方法,用文本挖掘的方法取得最不常见的字符串替换掉输入中的少数字符以阻止SQL注入攻击,同时最小化服务器用于验证输入合法性的资源。
SQL injection attack is a common attack against database-based websites and information systems.Through illegal input,attackers can bypass authentication,illegally acquire content and even tamper with system data.In general,client-side validation can be attacked by attackers by directly submitting illegal data by skipping the input interface,while server-side validation can seriously consume server resources.In order to overcome the above defects,a lightweight server-side validation method is proposed by analyzing the injected statements.The method of text mining is used to get the least common strings and replace a few characters in the input to prevent SQL injection attacks,while minimizing the resources that servers use to validate input legitimacy.
作者
付熙徐
龚希章
FU Xixu;GONG Xizhang(Institute of Modern Information and Educational Technology,Shanghai Ocean University,Shanghai 201306,China)
出处
《盐城工学院学报(自然科学版)》
CAS
2019年第2期28-32,共5页
Journal of Yancheng Institute of Technology:Natural Science Edition
