以知識庫為基礎建置SQL Injection防禦系統之研究

CCUR > College of Business > Department of Information Management & Graduate Institute of Information Management > Thesis > Item 987654321/40496

Please use this identifier to cite or link to this item: https://irlib.pccu.edu.tw/handle/987654321/40496

Title:	以知識庫為基礎建置SQL Injection防禦系統之研究 Research on Constructing SQL Injection Defending System Based on Knowledge Base
Authors:	楊勝全
Contributors:	資訊管理學系
Keywords:	網頁應用程式防禦系統 SQL injection
Date:	2018
Issue Date:	2018-08-30 13:52:48 (UTC+8)
Abstract:	網路科技迅速的發展帶動網頁應用程式廣泛的應用，網頁應用程式與資料庫的結合使得系統也變得複雜，加上使用者輸入的資料庫查詢請求不容易確認是否安全。因此我們需要一個能有效地阻擋惡意使用者對資料庫進行SQL Injection的防禦機制。在這篇論文中，提出不同其他學者的防禦機制的防禦系統，且防禦系統可以防範，單一攻擊和多重指令攻擊，在執行資料庫指令前，先將使用者組成SQL指令記錄在資料庫，並依據知識庫內的知識判斷使用者提供的指令，通過查核的指令傳遞給資料庫執行，產生執行結果後再回傳資訊給使用者，進而避免執行不當組合而成的SQL指令。 A rapid developemet of network techonology promotes web application widely ap-plied. The combination of web application and database makes system more com-pli-cated than before. Besides, it is hard to confirm the security of database access re-quest by users. Therefore, we need a defense mechanism which can effectively block the SQL injection for database by malicious users. In this thesis, we propose a defense mecha-nism different from those of other scholars. With our method, we can defend both sin-gle attack and multiple query attack. Before executing database instructions, we store all SQL instrutions composed by users into database. And then, we filter those SQL in-structons with the knowledge from knowledge base. Finally, we pass the filtered SQL instructions to database, executing them and returning the results back to the users. Fol-lowing the method above, we can avoid any SQL instructions containing improper exe-cution.
Appears in Collections:	[Department of Information Management & Graduate Institute of Information Management] Thesis

Files in This Item:

File	Description	Size	Format
index.html		0Kb	HTML	201	View/Open

View Licence

Loading...