| As today’s environment of network times, web application platform has become aninteraction of Internet information. However, because of web application securityvulnerabilities in recent years, web cites are attacked wantonly by hackers, and webpagetampering incidents occur frequently. Faced with increasingly serious security threats ofweb applications, how to protect website security has become a significant researchtopic in the field of Information Security.Based on analysis of web site attacks and resistance, as well as a variety ofwebpage tamper proofing technologies, we conclude that security risks of webpage andback-end database have affected the performance of tamper proofing systems. Hence,this article will propose a new solution for this security issue. The program putsimproving security of the system itself as its main objective, and focuses on the securityof dynamic data on webpages during its transmission and storage. In CryptologyTechnique, the symmetric encryption AES algorithm, asymmetric encryption RSAalgorithm, and the hash function MD5algorithm are introduced separately. Theiradvantages and disadvantages are analyzed and compared also. Then a securitymechanism based on hybrid encryption technology will be proposed. In order to protectsecurity of webpage files and data related to the system on every side, the new securitymechanism uses a mix of different cryptographic algorithms on file uploadingmechanism, database proxy mechanism and data backup mechanism. Meanwhile, adatabase agent mechanism based on COM technology is put forward, which can notonly provide further guarantee for database security, but also reduce the web server load,thus improve the performance of the whole system.Dynamic webpage tamper proofing system is actually a comprehensive applicationof encryption technology and network security knowledge. On the basis of aboveprogram and ideas, this article puts the web server, proxy server, publishing server andbackup server as the basic framework of the system, and divides the system into fiveparts including security uploads, real-time monitoring, database proxy, data backup,alarm and restoration to be designed and realized. As a result, a relatively small butcomplete dynamic webpage tampering proofing system is achieved.The system is based on Windows platform with VC++development tool. The function of real-time monitoring of web files with file filter driver technology is realized,as well as the entire anti-tamper process including data backup, alarm and restoration.The system can protect the information on web sites effectively. |
PDF Full Text Request