文化大學機構典藏 CCUR:Item 987654321/40496
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 47121/50987 (92%)
Visitors : 13803854      Online Users : 291
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: https://irlib.pccu.edu.tw/handle/987654321/40496


    题名: 以知識庫為基礎建置SQL Injection防禦系統之研究
    Research on Constructing SQL Injection Defending System Based on Knowledge Base
    作者: 楊勝全
    贡献者: 資訊管理學系
    关键词: 網頁應用程式
    防禦系統
    SQL injection
    日期: 2018
    上传时间: 2018-08-30 13:52:48 (UTC+8)
    摘要: 網路科技迅速的發展帶動網頁應用程式廣泛的應用,網頁應用程式與資料庫的結合使得系統也變得複雜,加上使用者輸入的資料庫查詢請求不容易確認是否安全。因此我們需要一個能有效地阻擋惡意使用者對資料庫進行SQL Injection的防禦機制。在這篇論文中,提出不同其他學者的防禦機制的防禦系統,且防禦系統可以防範,單一攻擊和多重指令攻擊,在執行資料庫指令前,先將使用者組成SQL指令記錄在資料庫,並依據知識庫內的知識判斷使用者提供的指令,通過查核的指令傳遞給資料庫執行,產生執行結果後再回傳資訊給使用者,進而避免執行不當組合而成的SQL指令。
    A rapid developemet of network techonology promotes web application widely ap-plied. The combination of web application and database makes system more com-pli-cated than before. Besides, it is hard to confirm the security of database access re-quest by users. Therefore, we need a defense mechanism which can effectively block the SQL injection for database by malicious users. In this thesis, we propose a defense mecha-nism different from those of other scholars. With our method, we can defend both sin-gle attack and multiple query attack. Before executing database instructions, we store all SQL instrutions composed by users into database. And then, we filter those SQL in-structons with the knowledge from knowledge base. Finally, we pass the filtered SQL instructions to database, executing them and returning the results back to the users. Fol-lowing the method above, we can avoid any SQL instructions containing improper exe-cution.
    显示于类别:[Department of Information Management & Graduate Institute of Information Management] Thesis

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML184检视/开启


    在CCUR中所有的数据项都受到原著作权保护.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback