摘要
为了对基于J2EE应用的SQL注入漏洞进行有效发现和防范,在总结SQL注入原理的基础上,通过SQL注入攻击过程分析了可能造成的破坏,通过黑盒测试和白盒测试有效发现J2EE应用中存在的SQL注入漏洞,使用屏蔽出错信息、分配最小权限、参数化查询、输入验证及输入转义相结合的防范方法,可有效防御SQL注入攻击威胁,具有较高的实用性和安全性。
To effectively detect and defend against SQI. injection vulnerability in the J2EE Web applications, on the basis of a comprehensive summarizing the principle of SOL injection, potential damage is analyzed by the process of SQL injection attacks. Black box testing and white box testing can disclose certain defects in the existing SQL injection applieations. Through using a precaution method, including shielding error message, distribution of least privilege, parameterized query, input validation and input escaping can effectively defend against SQL injection attack, which has higher practicability and security.
出处
《计算机工程与设计》
CSCD
北大核心
2012年第10期3767-3771,共5页
Computer Engineering and Design
基金
核高基重大专项基金项目(2010ZX01045-001-004)
国家自然科学基金项目(60871042)
国家科技支撑计划基金项目(2011BAD21B02)
国家青年科学基金项目(61102126)