首页    期刊浏览 2024年12月02日 星期一
登录注册

文章基本信息

  • 标题:A Survey of SQL Injection Attack Detection and Prevention
  • 本地全文:下载
  • 作者:Khaled Elshazly ; Yasser Fouad ; Mohamed Saleh
  • 期刊名称:Journal of Computer and Communications
  • 印刷版ISSN:2327-5219
  • 电子版ISSN:2327-5227
  • 出版年度:2014
  • 卷号:02
  • 期号:08
  • 页码:1-9
  • DOI:10.4236/jcc.2014.28001
  • 语种:English
  • 出版社:Scientific Research Publishing
  • 摘要:Structured Query Language Injection Attack (SQLIA) is the most exposed to attack on the Internet. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model. In the paper, work is separated into two parts. The first aims to put SQLIA into perspective by outlining some of the materials and researches that have already been completed. The section suggesting methods of mitigating SQLIA aims to clarify some misconceptions about SQLIA prevention and provides some useful tips to software developers and database administrators. The second details the creation of a filtering proxy server used to prevent a SQL injection attack and analyses the performance impact of the filtering process on web application.
  • 关键词:SQL Injection; Database Security; Attack; Authentication
国家哲学社会科学文献中心版权所有