计算机工程2011,Vol.37Issue(11):152-154,157,4.DOI:10.3969/j.issn.1000.3842.2011.11.052
一种利用PHP防御SQL注入攻击的方法
Method of Preventing SQL Injection Attack Using PHP
摘要
Abstract
The wide-spread use of PHP in Web application development makes PHP Web application become the target of many malicious attackers.On the basis of this, through the modification of PHP interpreter and runtime libraries, the PHP Web applications can prevent SQL injection attack without the modification of the original applications.Different from traditional preventing method based on dynamic tainting, this paper uses the tainting mechanism based on trusted input tainting and SQL dialect-aware check method, solves many existing problems of traditional preventing methods.As a result, this method improves the preciseness of traditional preventing method, without any false positives.Experimental result shows that the method is precise and highly efficient, has little overhead for the PHP Web applications.关键词
动态着色/可信任输入/方言感知/注入攻击Key words
dynamic tainting/ trusted input/ dialect-aware/ injection attack分类
信息技术与安全科学引用本文复制引用
丁翔,仇寅,郑滔..一种利用PHP防御SQL注入攻击的方法[J].计算机工程,2011,37(11):152-154,157,4.基金项目
国家自然科学基金资助项目(60773171) (60773171)
国家"863"计划基金资助重点项目(2007AA01Z448) (2007AA01Z448)
