| SQL Server of Microsoft is a kind of widespread utilization database.Many electronic commerce website,the internal information platform of enterprise and so on are also based on SQL Server,but the security has also been doubted by users.SQL injection is the most popular method to attack SQL Server which highly threatened the security of SQL Server,the principle of SQL injection and the security of database are mainly studied in this paper,as well as how to maintain the security of SQL Server to keep away from SQL injection.Structured Query Language is first introduced in the paper,thus how to use SQL to operate and the environment of SQL injection in brief,as well as the background of SQL injection in multiple analyses.With the insertion of harmful character to attack SQL server is the technology of SQL injection.The aggressors obtain the material what they want by the submission of special manipulation data in different kinds of ways intentionally, which is on the premise that the programmers don't examine users' data strictly or the data never be checked.SQL injection is a type of script attack,both the principle and general step of SQL injection are elaborated comprehensively in the paper,unified certain special details,blind SQL Injection,Cross Site Scripting,crack examination and how to keep away from SQL injection are also discussed.The management of security is a most important part of database management system,in view of security system belongs to SQL Server,to prevent SQL injection effectively,the security disposition of SQL Server are proposed in the thesis.Finally,outline the further research direction and summarize the thesis. |
PDF Full Text Request