The Research On Security Protection Of Application Database Server In Chemical Enterprises

Chemical enterprises occupy an important position in the national economy.They are the basic and pillar industries of the country.How to protect the data security of chemical companies in the wave of the Internet has important research value.Among many data security hazards,SQL injection attack is the biggest threat to enterprise database servers.The database that is under attack will have serious consequences such as data loss and leakage,causing huge losses to the enterprises.Second-order SQL injection is one of the important means of injection attack.Because of its high concealment and difficulty in discovery,it often becomes the neglected point of defense.Most of the traditional defense methods use the strategy of screening and discarding suspected attack data.The types of chemical data are complex,including a large number of symbols and formulas,which are similar to the attack payload of SQL injection.Strict screening strategies can cause conventional chemical data to be mistaken for attacks.Discard the data and lose sight of them.Therefore,on the premise of guaranteeing data integrity,this paper proposes the following new second-order SQL injection defense technology.1.Sensitive character log generation technology.In the storage process of the attack payloads,the sensitive character set is used to identify and record the data,and the classifier based on the naive Bayes algorithm is used to judge and classify the record twice to generate a sensitive character log.This log can provide the O&M personnel with a list of potential attack payloads,improve the efficiency of data recovery,and reduce the damage caused by injection attacks.2.Second-order SQL injection defense technology based on dichotomy.Before the second call of attack payloads,mark sensitive operations and track data flow.The data of the second call are intercepted before entering the server.The sensitive character set are combined with the dichotomy to identify and escape the sensitivecharacters.The escaped attack load loses the injection capability and successfully defends the second-order SQL injection.Both defense methods are implemented on the basis of guaranteeing the integrity of data storage.Test with chemical data and attack payloads containing sensitive characters.The experimental results show that the attack data are effectively identified and recorded.The sensitive characters from the second call of the database are accurately identified and escaped,which effectively prevents the occurrence of second-order SQL injection and ensures the security of the application database of chemical enterprises.