摘要
SQL注入攻击是一项针对计算机数据库安全方面的攻击行为,随着世界范围内的动态交互性网站形式成为主流,B/S模式的网络服务结构被大多数企业和个人网站所采用,从技术角度来说,网站所使用的程序模块越多,所出现的漏洞几率就越大,遭到攻击的可能性也就越大;从程序员的角度来说,编写代码需要用户输入合法的指令并且通过判断,然而由于SQL注入形式具有较强的隐蔽性,只要通过对SQL语句的巧妙改造,就可以实现非法目的。
SQL injection attack is a study of computer database security attacks, as the world within the scope of the dynamic interactive web form into the mainstream, B/S model of network service architecture been adopted by most of the enterprises and personal website, from a technical perspective, the site used by the program module, the more loopholes of the greater the risk, the greater the likelihood ofattack; From the point ofview ofa programmer, writing code requires users to enter legal instruction and by judgment, however due to the form of SQL injection has strong concealment, as long as to reform the SQL statements is clever, can be achieved for illegal purposes.
出处
《网络安全技术与应用》
2014年第3期105-105,108,共2页
Network Security Technology & Application
关键词
SQL语句
SQL注入
数据库安全
策略分析
SQL statements
SQL injection.The database security
Strategy analysis
