| SQL注入漏洞的分析及防范 |
| |
| 引用本文: | 钟增胜.SQL注入漏洞的分析及防范[J].重庆工商大学学报(自然科学版),2005,22(6):592-596. |
| |
| 作者姓名: | 钟增胜 |
| |
| 作者单位: | 重庆工商大学,招生就业处,重庆,400067 |
| |
| 摘 要: | 阐述了SQL注入的原理,对SQL注入的一般思路进行了详细分析;通过整形参数和字符串参数来判断是否存在注入漏洞,再通过判断数据库类型和数据库表名及字段名来达到注入的不同目的;介绍了多种注入方式,并从服务器管理员和程序员2个方面对SQL注入漏洞提出了防范措施。
|
| 关 键 词: | ASP SQL注入 入侵攻击 安全防范 |
| 文章编号: | 1672-058X(2005)06-0592-05 |
| 收稿时间: | 2005-05-25 |
| 修稿时间: | 2005-05-252005-09-29 |
On analysis and prevention of SQL injection |
| |
| ZHONG Zeng - sheng.On analysis and prevention of SQL injection[J].Journal of Chongqing Technology and Business University:Natural Science Edition,2005,22(6):592-596. |
| |
| Authors: | ZHONG Zeng - sheng |
| |
| Abstract: | The principles of SQL injection are discussed,and its general laws are analyzed in detail.SQL injection can be judged with reshaping and character string parameters and the aim of injection can be judged according to the type,table name and field name of database.A few ways of injection are introduced.The countermeasures are thus proposed for serve administrators and programmers. |
| |
| Keywords: | ASP SQL injection attack security protection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《重庆工商大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《重庆工商大学学报(自然科学版)》下载免费的PDF全文 |
