基于SQL注入技术的攻击和防范研究
发布时间:2018-11-16 06:45
【摘要】:随着互联网的发展,网民数量持续增长;在需求市场的促进下,web的应用越来越普及。如今,网络安全已经成为国家安全的重要组成部分,由于编程人员的技术水平和经验不同。有的程序员在编写代码的时候没有考虑到整个网络安全性,特别是用户交互时没有对用户提交的信息进行合法的判断,使应用程序存在安全隐患。用户和网页交互时提交数据中含有数据库代码,进入数据库作非法操作,对数据库修改、删除或者破坏数据库的信息,这就是所谓的SQL Injection,即SQL注入。虽然网络普及我们的生活,但是人们的安全防范意识薄弱,再加上目前的防火墙对SQL注入也不能及时做出保护措施。此外,SQL注入的方法十分灵活,在交互时构造巧妙的SQL语句,从而成功获取数据库中的信息。因此,研究SQL注入安全方面的问题是十分必要的。论文从SQL注入攻击与防范对数据库安全进行研究。其中,将先由SQL基础知识和Web应用的架构入手进行研究,然后分析SQL注入的相关技术,再讨论与此相对应的防御措施。本文主要是研究SQL注入的防范,先了解SQL注入的原理,再针对前人提出来的防范方法总结其优缺点,提出更高效的防范方法和模型。用实例验证SQL注入攻击的防范方法,并对提出的模型进行防范验证,经过多次测试证明该模型可以高效防御SQL注入。
[Abstract]:With the development of Internet, the number of Internet users continues to grow, and the application of web is becoming more and more popular under the promotion of demand market. Nowadays, network security has become an important part of national security, due to the technical level and experience of programmers. Some programmers do not take the whole network security into account when writing code, especially when users interact with each other, they do not legally judge the information submitted by users, which makes the application have security problems. When users and web pages submit data containing database code, enter the database for illegal operations, modify the database, delete or destroy the information of the database, this is the so-called SQL Injection, that is, SQL injection. Although the network popularizes our life, but people's security awareness is weak, coupled with the current firewall injection of SQL can not provide timely protection measures. In addition, the method of SQL injection is very flexible, and the clever SQL statements are constructed at the time of interaction, so that the information in the database can be obtained successfully. Therefore, it is necessary to study the problem of SQL injection security. This paper studies database security from SQL injection attack and prevention. Among them, the basic knowledge of SQL and the architecture of Web application will be studied first, then the related technologies of SQL injection will be analyzed, and then the corresponding defense measures will be discussed. This paper is mainly to study the prevention of SQL injection, first to understand the principle of SQL injection, then to summarize the advantages and disadvantages of the former methods, and to put forward a more efficient prevention method and model. The method of preventing SQL injection attack is verified by an example, and the proposed model is verified. After many tests, it is proved that the model can effectively defend against SQL injection.
【学位授予单位】:辽宁科技大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TP393.08
[Abstract]:With the development of Internet, the number of Internet users continues to grow, and the application of web is becoming more and more popular under the promotion of demand market. Nowadays, network security has become an important part of national security, due to the technical level and experience of programmers. Some programmers do not take the whole network security into account when writing code, especially when users interact with each other, they do not legally judge the information submitted by users, which makes the application have security problems. When users and web pages submit data containing database code, enter the database for illegal operations, modify the database, delete or destroy the information of the database, this is the so-called SQL Injection, that is, SQL injection. Although the network popularizes our life, but people's security awareness is weak, coupled with the current firewall injection of SQL can not provide timely protection measures. In addition, the method of SQL injection is very flexible, and the clever SQL statements are constructed at the time of interaction, so that the information in the database can be obtained successfully. Therefore, it is necessary to study the problem of SQL injection security. This paper studies database security from SQL injection attack and prevention. Among them, the basic knowledge of SQL and the architecture of Web application will be studied first, then the related technologies of SQL injection will be analyzed, and then the corresponding defense measures will be discussed. This paper is mainly to study the prevention of SQL injection, first to understand the principle of SQL injection, then to summarize the advantages and disadvantages of the former methods, and to put forward a more efficient prevention method and model. The method of preventing SQL injection attack is verified by an example, and the proposed model is verified. After many tests, it is proved that the model can effectively defend against SQL injection.
【学位授予单位】:辽宁科技大学
【学位级别】:硕士
【学位授予年份】:2015
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 ;美国专家提出加强网络安全的10条建议[J];w挛胖芸,
本文编号:2334764
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2334764.html
