A database protection system aiming at SQL attack
many websites on the internet are based on database, especially websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the internet. Different from many protection systems deployed between web servers and internet, this article designed a database protection system between web server and database server. It parses network and database protocol of the packets passing through, and extracts the SQL statements, then analyzes and filters the SQL statements, so it protects the database effectively on the application layer and its effectiveness is independent of any particular target system, application environment, or DBMS. Even there is no need to modify the source code of existing web applications. This system has been carried out in application and has good effect.
SQL attack protocol analysis database protection
Deng Liwu Xu Ruzhi Jiang Lizheng Lv Guangjuan
School of Computer Science & Technology North China Electric Power University Beijing,China
国际会议
The Fifth International Conference on Information Assurance and Security(第五届信息保障与安全国际会议)
西安
英文
655-657
2009-08-18(万方平台首次上网日期,不代表论文的发表时间)