以知識庫為基礎建置SQL Injection防禦系統之研究

CCUR > College of Business > Department of Information Management & Graduate Institute of Information Management > Thesis > Item 987654321/40496

jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/40496

题名:	以知識庫為基礎建置SQL Injection防禦系統之研究 Research on Constructing SQL Injection Defending System Based on Knowledge Base
作者:	楊勝全
贡献者:	資訊管理學系
关键词:	網頁應用程式防禦系統 SQL injection
日期:	2018
上传时间:	2018-08-30 13:52:48 (UTC+8)
摘要:	網路科技迅速的發展帶動網頁應用程式廣泛的應用，網頁應用程式與資料庫的結合使得系統也變得複雜，加上使用者輸入的資料庫查詢請求不容易確認是否安全。因此我們需要一個能有效地阻擋惡意使用者對資料庫進行SQL Injection的防禦機制。在這篇論文中，提出不同其他學者的防禦機制的防禦系統，且防禦系統可以防範，單一攻擊和多重指令攻擊，在執行資料庫指令前，先將使用者組成SQL指令記錄在資料庫，並依據知識庫內的知識判斷使用者提供的指令，通過查核的指令傳遞給資料庫執行，產生執行結果後再回傳資訊給使用者，進而避免執行不當組合而成的SQL指令。 A rapid developemet of network techonology promotes web application widely ap-plied. The combination of web application and database makes system more com-pli-cated than before. Besides, it is hard to confirm the security of database access re-quest by users. Therefore, we need a defense mechanism which can effectively block the SQL injection for database by malicious users. In this thesis, we propose a defense mecha-nism different from those of other scholars. With our method, we can defend both sin-gle attack and multiple query attack. Before executing database instructions, we store all SQL instrutions composed by users into database. And then, we filter those SQL in-structons with the knowledge from knowledge base. Finally, we pass the filtered SQL instructions to database, executing them and returning the results back to the users. Fol-lowing the method above, we can avoid any SQL instructions containing improper exe-cution.
显示于类别:	[Department of Information Management & Graduate Institute of Information Management] Thesis

文件中的档案:

档案	描述	大小	格式	浏览次数
index.html		0Kb	HTML	184	检视/开启

检视Licence

在CCUR中所有的数据项都受到原著作权保护.

数据加载中.....