摘要
为了预防网络应用程序中的SQL注入攻击,提出了防SQL注入攻击的数据库驱动DDriver的设计方法。通过在应用程序和它下面的关系数据库管理系统之间放置一个安全的数据库驱动来检测SQL注入攻击。该驱动器根据预设的查询语句ID来判断SQL语句是否合法,不依赖应用程序和关系数据库,适用于任何系统。通过实现数据库驱动DDriver,并在两个关系数据库管理系统中测试其性能以及处理时间上的额外开销,验证了DDriver在防SQL注入攻击中的准确性及有效性。
In order to detect SQL injection in the web applications,the design of a database driver(called DDriver) is outlined.Via placing a secure database driver between the application and its underlying RDBMS,DDriver can create query ID which is used to judge from injected and legitimate queries.DDriver doesnt’ depend on the application or the RDBMS which can easily fit any application.Via achieving DDriver,ever testing its performance and the overhead caused on the processing time on two RDBMSs.the experiment shows that DDriver can deal with injected and legitimate queries with positive results.
出处
《计算机工程与设计》
CSCD
北大核心
2010年第12期2691-2694,共4页
Computer Engineering and Design
