摘要
随着计算机应用开发的快速发展,基于B/S模式开发的应用软件非常普遍。在编写代码过程中,若未对系统界面中的输入进行逻辑上合法性判断,则应用程序存在安全隐患,如留言本、BBS之类的程序,大部分管理后台都是要登录以后才能留言管理的。一般情况下,用户输入密码,单击"登录"后,登录页面将密码提交给WEB页面服务器,系统到数据库中查看密码是否匹配,若匹配则登录成功,否则就会提示输入错误。
With the rapid development of computer application, the application software is commonly developed based on B/S mode. In the process of compiling the code,if there is no logical and valid judgment for the input of the system interface,the hidden risks exist in the application program,including messages and BBS programs,and most of the management programs can be logged on for their management. Under the normal circumstances, the users can enter the password and click“log on”, the logging page will send the password to a webpage server. The system uses the database to check if the password submitted matches, and if the matching is successful,logging will be finished, otherwise an error will be present.
出处
《巢湖学院学报》
2014年第6期39-42,共4页
Journal of Chaohu University
关键词
注入攻击
攻击检测
SQL
Web APP
SQL
injection attacks
Web APP
detection of attacks
