文章基本信息

标题：Web Security by Preventing SQL Injection Using Encryption in Stored Procedures
本地全文：下载
作者：Deevi Radha Rani ; B.Siva Kumar ; L.Taraka Rama Rao 等
期刊名称：International Journal of Computer Science and Information Technologies
电子版ISSN：0975-9646
出版年度：2012
卷号：3
期号：2
页码：3689-3692
出版社：TechScience Publications
摘要：SQL Injection attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. SQL Injection attacks can be easily prevented by applying more secure authentication schemes in login phase itself. In this paper we are going to prevent SQLIA (SQL Injection Attacks) by using encryption in Stored Procedures. Advance Encryption Standard (AES) Encrypted user name and password are used to improve the authentication process with minimum overhead. The server has to maintain encrypted parameters of every user’s username and password.reconstruction.
关键词：sql injection; encryption; stored procedures;parameterized queries; bind variables; sanitization; authentication眝