浅论网站交叉脚本攻击和SQL插入攻击

The Cross-Website Scripting Attackand SQL Injection Attack

网站交叉脚本攻击(CROSS-SITESCRITINGATTACK)和SQL(STRUCTUREDQUERYLANGUAGE)插入(SQLINJECTION)是黑客经常采用的攻击互联网应用程序(WEB-BASEDAPPLICA TIONS)的两种有效手段.网站交叉脚本攻击可以影响运行于目前市场上所有厂家的互联网服务器程序之上运用了动态页面产生技术(如ASP或JSP)的互联网应用程序.相对而言SQL插入攻击的原理较简单,但它仍可造成资源和劳动力的巨大损失;该文全面地介绍了网站交叉脚本攻击和SQL插入攻击的工作原理、可能后果及有效的防治方法.

The cross-website Scripting attack and the structured Query Language (SQL) Injection attack are two of the most popular methods that hacks apply to attack web-based applications.Cross-website Scripting attacks can possibly affect web-based applications of dynamic page-generation techniques such as Active Server Page (ASP) and Java Server Page (JSP) on all vendors' web servers. Comparatively, the principle behind the SQL Injection attack is fairly simple. However, it can cause a huge loss in terms of resource and labor. Consequently, it is of great necessity to effectively prevent those attacks. This paper discusses the two types of attack and the related issues including the definition, working mechanism, possible consequences, and prevention methods.