Research And Design Of Security Protection System For Web Content

With the popularity of the network and the development of informationtechnology, website services play an increasingly important role in the social life.However, complexity and diversity of Web application system lead to an endless ofvulnerability, and Internet are suffering the ravages of a large number of computerviruses and malicious code, cause the website content security events with attacks byhacker followed. Today, the website faces to face all kinds of serious security threat,how to safeguard the website security, especially to prevent the website content frombeing tampered, is being more and more attention.The webpage is the information carrier, so protection for the website contentnamely protection for web pages. The website contents include static script files anddynamic data. For script files, based on the through the analysis of status and reasonsfor website tampering, researching on all kinds of security protection system forwebsite, integrating and contrasting existing anti-tamper technology of web pages,this paper proposes a novel webpage tamper proof method based on text and imagewatermarking, and describing watermark extraction, embedding and detectionalgorithm in detail. The results of experiment show that the method has relatively highreliability, and has application value to prevent webpage from tampering. Dynamicdatas are stored in the relation database, so the paper proposes a fragile databasewatermarking algorithm based on text format, making use of characteristic in SQLquery, embedding the watermark into text format data. This method is effective toprotect the file integrity and prevent tampering for database.Based on research on theoretical methods above, this paper use C/S as the basicframework, and design in detail include watermark extraction and embedding at client,file integrity detection, detection of dynamic database, watermark detection at server,develop security protection system for web content. At the client, the methodproposed in the third chapter is applied to the system. At the server, use file systemfilter driver to protecting the static files and event-triggered technology to monitor thedatabase. The test results show that the system is effective to protect the web contentfrom tampering, and find the tampering behavior in time, providing support forsecurity protection of web content.