• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>2013 International Conference on Informatics and Creative Multimedia : 21st Century Living through Computing and Creativity >A Taxonomy of SQL Injection Attacks
【24h】

A Taxonomy of SQL Injection Attacks

机译:SQL注入攻击的分类法

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Nowadays web applications play an important role in online business including social networks, online services, banking, shopping, classes, email and etc. Ease of use and access to web application make them more popular in offering online services instead of in person services. a simple user just need a computer and an internet connection to access web application and use online services provided by that application. There is one core in common between all dynamic web application and that is their need to use a database to store information inside that and retrieve that information upon the user request or add, edit and delete them. Among all database types, rational databases are very popular. Most of relational database management systems such as MySQL, Oracle, MS SQL Server, MS Access, Postgres use SQL as their language. Flexibility of SQL makes it a powerful language. It allows the user to ask what information he wants without having any knowledge about how the information will be fetch. However vast use of SQL based databases make it the center of attention of hackers. SQL injection attack is a well-known security threat to database driven web applications. A successful SQL injection attack reveals critical confidential information to the hacker. In this paper first we provided background information on this vulnerability. Next we present a comprehensive review of different types of SQL injection attack. For each attack we provide an example that shows how the attack launches. Finally we propose the best solution at development phase to defeat SQL injection and conclusion.
机译:如今,Web应用程序在包括社交网络,在线服务,银行,购物,课程,电子邮件等在内的在线业务中起着重要作用。易于使用和访问Web应用程序使它们在提供在线服务而不是亲自服务方面变得更加流行。一个简单的用户只需要一台计算机和互联网连接即可访问Web应用程序并使用该应用程序提供的在线服务。所有动态Web应用程序之间都有一个共同点,那就是它们需要使用数据库在其中存储信息并根据用户请求检索该信息或添加,编辑和删除它们。在所有数据库类型中,理性数据库非常流行。大多数关系数据库管理系统(例如MySQL,Oracle,MS SQL Server,MS Access,Postgres)都使用SQL作为其语言。 SQL的灵活性使其成为一种功能强大的语言。它允许用户在不了解如何获取信息的情况下询问自己想要的信息。但是,基于SQL的数据库的广泛使用使其成为黑客关注的焦点。 SQL注入攻击是对数据库驱动的Web应用程序的众所周知的安全威胁。成功的SQL注入攻击会向黑客泄露关键机密信息。首先,在本文中,我们提供了有关此漏洞的背景信息。接下来,我们将对不同类型的SQL注入攻击进行全面回顾。对于每种攻击,我们都提供一个示例,说明攻击如何启动。最后,我们提出了在开发阶段克服SQL注入和结论的最佳解决方案。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号