| With the development of the computer science, an increasingly number of the colleges began to use the online examination system to test students. The online system has become an important role of the remote education. We know it is repeatedly happened that the web gets hacked, however the online system is of great importance to all of the colleges. Hence the security of the online system is crucial.This paper mainly studied the security of the online examination system. The system this paper implemented is based on PHP language, using B/S structure. Web application now faces several potential risk such as SQL injection, XSS, remote commands executing, and the URL redirection. It is of great value to guarantee the system and its database. So it is necessary to encrypt the sensitive information. Recording the operation to the database is to have a regulation of using database.The system this paper mainly focuses on study and implementation of the SQL injection and the XSS. By security filtering the URL parameter from users, to prevent SQL injection during concatenating the SQL statement; by meaning transferring the submit actions user made can we prevent XSS and other potential risks. The main content of this paper is safe storage and journal function of the database. By encrypting data with the rational encrypt algorithm, we can prevent data from being hacked and destructed. In an addition, it is easy to manage by recording the database action with the journal function. This paper proceeded comprehensive analysis on the safety of the online exam system, and verified the safety and reliability of the system.In the end, the paper proved the security of the online examination system. From the result we learn that introducing the security precaution mechanism prevent the system from the hostile attack effectively, improving the security of online examination system. |
PDF Full Text Request