| 一种轻量级的服务端防SQL注入攻击方法 |
| |
| 引用本文: | 付熙徐,龚希章. 一种轻量级的服务端防SQL注入攻击方法[J]. 盐城工学院学报(自然科学版), 2019, 32(2): 28-32 |
| |
| 作者姓名: | 付熙徐 龚希章 |
| |
| 作者单位: | 上海海洋大学现代信息与教育技术中心 |
| |
| 摘 要: | SQL注入攻击是针对基于数据库的网站和信息系统的一种常见攻击。通过非法的输入,攻击者可以绕开验证、非法获取内容甚至篡改系统数据。通常在客户端的验证可以被攻击者用跳过输入界面直接提交非法数据的方法攻击;而服务端的验证又会严重消耗服务器的资源。为了克服上述缺陷,通过对注入语句的分析,提出了一种轻量级的服务端验证方法,用文本挖掘的方法取得最不常见的字符串替换掉输入中的少数字符以阻止SQL注入攻击,同时最小化服务器用于验证输入合法性的资源。
|
| 关 键 词: | SQL注入;最不频繁字符串;信息安全;文本挖掘 |
| 收稿时间: | 2018-10-08 |
A Lightweight Server Side Method to Prevent SQL Injection |
| |
| FU Xixu and GONG Xizhang. A Lightweight Server Side Method to Prevent SQL Injection[J]. Journal of Yancheng Institute of Technology(Natural Science Edition), 2019, 32(2): 28-32 |
| |
| Authors: | FU Xixu and GONG Xizhang |
| |
| Affiliation: | Institute of Modern Information and Educational Technology, Shanghai Ocean University, Shanghai201306, China and Institute of Modern Information and Educational Technology, Shanghai Ocean University, Shanghai201306, China |
| |
| Abstract: | SQL injection attack is a common attack against database-based websites and information systems. Through illegal input, attackers can bypass authentication, illegally acquire content and even tamper with system data. In general, client-side validation can be attacked by attackers by directly submitting illegal data by skipping the input interface, while server-side validation can seriously consume server resources. In order to overcome the above defects, a lightweight server-side validation method is proposed by analyzing the injected statements. The method of text mining is used to get the least common strings and replace a few characters in the input to prevent SQL injection attacks, while minimizing the resources that servers use to validate input legitimacy. |
| |
| Keywords: | SQL injection least frequent string information security text mining |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《盐城工学院学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《盐城工学院学报(自然科学版)》下载全文 |
|
