Loading…
A Database Protection System Aiming at SQL Attack
Many Websites on the Internet are based on database, especially Websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the Internet. Different from many protection systems deployed b...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Many Websites on the Internet are based on database, especially Websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the Internet. Different from many protection systems deployed between Web servers and Internet, this article designed a database protection system between Web server and database server. It parses network and database protocol of the packets passing through, and extracts the SQL statements, then analyzes and filters the SQL statements, so it protects the database effectively on the application layer and its effectiveness is independent of any particular target system, application environment, or DBMS. Even there is no need to modify the source code of existing Web applications. This system has been carried out in application and has good effect. |
---|---|
DOI: | 10.1109/IAS.2009.322 |