摘要
注入式漏洞已成为Web应用程序的首要安全风险,而由于SQL注入漏洞的广泛流行和Web应用程序数据库所包含的各种重要内容对攻击者的高吸引力,使得SQL注入攻击也成为了近年来最流行的入侵方式。基于标识的SQL注入攻击防御系统通过将处理后的SQL查询语句与对应的调用方法的堆栈地址相结合,生成对应的唯一标识符,并通过该标识符来判定SQL查询语句的合法性,将恶意SQL查询与合法SQL查询区分开来,有效保证了对大多数SQL注入攻击的防御。
Injection vulnerability has becomes the primary security risk of Web application,and for the widespread of SQL injection vulnerability and various important and attractive contents contained in Web application database,SQL injection attacks thus become the most popular intrusion method. This paper proposes a novel method for preventing this kind of attacks,with this method,and by combining stripped-down SQL queries with stack traces and creating a unique identifier,the legitimacy of SQL queries is thus distinguished. In this way,the system can prevent most of the SQL injection attacks effectively.
出处
《信息安全与通信保密》
2011年第6期54-55,60,共3页
Information Security and Communications Privacy