| In order to manage the logging information system more efficiently and integrated, the former developer designed the data access middleware for the logging company. In logging company most applications need access data through the data access middleware instead of accessing the database directly. Applications sent SQL statements into data access middleware via socket software, the data access middleware queries data from database and sents the results back to the application. If the application uses dynamically generated SQL statements, and the developer does not test the legality of users'input data, the user can input data with some illegal conditions or statements, and get data which he does not have permission. Some unauthorized users may also develop an application to sent SQL statement to the data access middleware directly to query data or get some information about the database. This is called SQL injection. In order to provide better security detection, SQL injection detection technology in the data access middleware software must be studied.Firstly, data access middleware, SQL injection, SQL statement parsing technology and SQL injection detection technology are introduced. Then SQL injection detection techniques used in data access middleware of mud logging system are discussed. In the client side, SQL statement analytical technique is used to detect SQL injections in input data. In the server side, some appropriate defensive measures are applied to detect SQL injections. By using these methods, the system resources and data can be accessed legally and safely. |
PDF Full Text Request