| With the continuous development of information technology,we are in the era of big data.Every day,thousands of basic personal information,property information and location information are circulated on the Internet.The importance of protecting data security is self-evident.The MySQL database is an important system for storing and accessing data.The security threats faced by the MySQL database mainly come from three aspects: human factors,the database's own system and third-party components.Among them,MySQL's own systems and third-party components usually rely on vendors and component providers to release patches to fix security vulnerabilities.The influence of human factors on MySQL is mainly reflected in the security of identity authentication and SQL statement execution.MySQL uses passwords for identity authentication,and passwords are vulnerable to dictionary attacks and replay attacks.In addition,illegal users can also recover user passwords through social engineering and other methods to achieve the purpose of attack.MySQL is vulnerable to SQL injection attacks when executing SQL statements,and users' high-risk SQL statements can also pose a security threat to the database.In response to these threats,we need to enhance MySQL's identity authentication protocol and filter SQL statements.The research work of this thesis mainly includes the following three contents:(1)In response to security threats such as password guessing attacks and counterfeit attacks that the MySQL database identity authentication process may face,this thesis designs a secure-proxy-based MySQL two-factor authentication protocol.This protocol adds a secondary authentication process based on the MySQL identity authentication protocol.This thesis improves the time-based one-time password algorithm,and uses the algorithm to combine the timestamp and user information to generate a secondary authentication code.And use proxy technology to verify the password and secondary authentication code entered by the user to complete the twofactor authentication and enhance the security of the identity authentication of the MySQL database.(2)Aiming at the external SQL injection attacks and internal technical personnel attacks that the MySQL database may execute during the execution of SQL statements,this thesis proposes a secure-proxy-based SQL statement filtering method.This method uses the host IP address blacklist and SQL statement blacklist to preliminarily filter SQL statements.Then use the libinjection feature extraction algorithm to extract the features of common SQL injection statements and establish a SQL injection feature library,using the feature library to filter SQL statements.At the same time,the index is established according to the SQL keywords to improve the search algorithm of libinjection and improve the matching efficiency.(3)Aiming at the above research content,use the technologies such as Open Resty and mysql-proxy to build a secure-proxy-based MySQL database protection system.The protection system uses proxy technology to implement the MySQL database twofactor authentication protocol and SQL statement filtering.Finally,the system is tested from two aspects of function and performance. |
PDF Full Text Request