| With the rapid development of the B/S mode application technology and database widely used in Web, SQL injection is becoming one of the most commonly used means for hackers to attack the database. However, due to the uneven levels, quite a number of the application developers of B/S mode do not consider the legal verification of the users’ data, which makes the hidden security risks exist in the application. Therefore, the research of data security based on SQL injection vulnerability has important significance.Firstly, the paper analyses the current situation and the technology trend of SQL injection field in domestic and foreign fields. Related principles of SQL injection, key technologies of SQL injection and the basic principles are analyzed. By analysis of the common attacking methods, the paper analyses SQL injection scanning technology and injection detection technology.Secondly, the paper elaborates on the working mechanism and technical features of the Web Crawler, and analyses several existing forms of URL. The following technologies are studied on this basis:DOM tree generation technology, the binding events on the control of the page technology, dictionary to guess, passive analysis, the use of search engines and so on. Then, this thesis analyses the SQL injection in the oracle database, which includes related knowledge of SQL injection in oracle database, inquiring sentences, the execution of system commands, reading and writing files and other research contents.Finally, the subject studies the SQL injection defense technology, proposes several defense methods and describes the suitable circumstances of each defense method. The subject builds a data security system based on SQL injection, gives the modular division of the subject system functions and the running examples of the functional modules, and has verified the actual effectiveness preliminarily by detecting the actual sites. |
PDF Full Text Request