摘要
针对ASP.NET应用程序中存在SQL注入攻击问题,通过分析注入攻击的途径和方法,从输入过滤、语句参数化和SQL关键词转义三方面进行防范,实现三层防范模型。该防范模型可以自定义关键词转义规则,能够有效阻断SQL注入攻击途径,提高Web应用程序的安全性。实验结果表明该防范模型的可行性和有效性。
Aiming at the SQL injection attack problem in ASP. NET application, after the analysis on the approach and method of injection attacks, a three-level prevention model is put forward from the aspect of input filtering, statement parameters and SQL keywords escaping. With this model, we can customize the rule of keywords escaping and block the approach of SQL injection attacks effectively. The result of experiments verifies the feasibility and effectiveness of this prevention model.
出处
《计算机与现代化》
2014年第3期151-153,160,共4页
Computer and Modernization
基金
河南省教育厅科学技术研究重点项目(12B520040)
