sql注入攻击应用现状及防御….docVIP

论文编码：WZ201511 摘 要 随着计算机网络的发展，Web应用程序得到极为广泛的应用，其自身的安全也面临越来越多的威胁，结构化查询语言（SQL）注入攻击也是目前Web应用程序面临的主要安全威胁之一，因此对SQL注入攻击应用现状与防御对策对于理解和加强Web应用程序的安全具有十分重要的意义。 SQL注入攻击是黑客对数据库进行攻击的常用手段之一。随着B/S模式应用开发的发展，使用这种模式编写应用程序的程序员也越来越多。但是由于程序员的水平及经验也参差不齐，相当大一部分程序员在编写代码的时候，没有对用户输入数据的合法性进行判断，使应用程序存在安全隐患。用户可以提交一段数据库查询代码，根据程序返回的结果，获得某些他想得知的数据，这就是所谓的SQL Injection，即SQL注入。 本文所论述的内容主要是对于在现存的群体结构中，对于SQL诸如攻击的应用现状的一些了解，以及对于减小SQL注入攻击所造成的危害，降低WEB系统的安全威胁的一些防御对策，对于提高web程序质量具有重要的意义。 关键词：注入攻击 应用现状 防御对策 网络管理  ABSTRACT Title: SQL injection attack and defense With the development of computer networks, web applications extremely wide range of applications, its security is also facing increasing threats and Structured Query Language (SQL) injection attacks is facing web application security threats SQL injection attack and defense is of great significance for the understanding and enhance the security of web applications. SQL injection attacks are one of the common means of hacker attacks on the database. With the development of the B / S mode application development, more and more programmers to write applications that use this model. However, due to the uneven level and experience of the programmers, a large part of the programmer when writing code, not the legitimacy of the user input data to judge, to make the application a security risk. Users can submit a database query code, according to the procedure to return the results, get some data he would like to know, This is known as SQL Injection, namely SQL injection. Expounds the main content of this article is for the existing population structure of SQL, such as the present situation of the application of attack for some of the understanding, as well as reduce SQL injection attacks caused harm, some prevention measures to reduce WEB system security threat, has the vital significance to improve the quality of WEB application. Key words: Injection attacks, Application status, Defense countermeasure ，Network mana