Loading…

A Database Protection System Aiming at SQL Attack

Many Websites on the Internet are based on database, especially Websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the Internet. Different from many protection systems deployed b...

Full description

Saved in:
Bibliographic Details
Main Authors: Deng Liwu, Xu Ruzhi, Jiang Lizheng, Lv Guangjuan
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many Websites on the Internet are based on database, especially Websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the Internet. Different from many protection systems deployed between Web servers and Internet, this article designed a database protection system between Web server and database server. It parses network and database protocol of the packets passing through, and extracts the SQL statements, then analyzes and filters the SQL statements, so it protects the database effectively on the application layer and its effectiveness is independent of any particular target system, application environment, or DBMS. Even there is no need to modify the source code of existing Web applications. This system has been carried out in application and has good effect.
DOI:10.1109/IAS.2009.322