Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

SQL (structured query language) injection attack protection method based on database

A technology of injection attacks and databases, applied in the field of network security, it can solve problems such as tangible and intangible losses, great harm, and external access impact.

Inactive Publication Date: 2012-10-24
WUXI CINSEC INFORMATION TECH
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] 3. Great danger
[0010] 4. Very serious tangible and intangible losses
[0011] For the above-mentioned risks of SQL injection, most of the current solutions in the industry are to optimize the code quality or improve the protection level, and cannot fundamentally solve the problem of SQL injection.
The Chinese patent application with application number 200710099534.4 discloses a method and system for detecting SQL injection vulnerabilities. This method and system are program-based, and its main function is to intercept and integrate HTTP packets before external data enters the SQL database. This interception and integration impacts external access

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SQL (structured query language) injection attack protection method based on database
  • SQL (structured query language) injection attack protection method based on database

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The specific embodiments of the present invention will be further described below in conjunction with the accompanying drawings.

[0030] Such as figure 1 As shown, the data security shell of the present invention is a bottom driver built on the operating system layer, and uses a virtual space made of a hard disk cache (caching), and loads the database in this space. When external data accesses the database, it must pass through the data security shell, and the data security shell is responsible for the internal and external exchange of data.

[0031] Such as figure 2 As shown, the flow process of the database-based SOL injection attack protection method of the present invention is as follows:

[0032] (1) Establish a data security shell for the database

[0033] The data security shell is a low-level driver built on the operating system layer. It uses a virtual space formed by the hard disk cache to load the database in this virtual space. The data security shell i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an SQL (structured query language) injection attack protection method based on a database. A bottom layer driving data safe case is built on an operation system layer, a virtual space is formed by a hard disc cache, the database is loaded in the virtual space, when the external data visits the database, the data firstly passes through the data safe case, and the data safe case is in charge of the data exchange between the external data and the data inside the data safe case; and the management end of the data safe case records coming addresses of the external data, a port of the data safe case turns to a driver for forming a filtering passage for reaching the database, a filtering driver of the data safe case filters all external data visiting the database, safe codes are permitted to enter the database, and malicious codes are filtered and cleared. The SOL injection risk can be fundamentally avoided through the SQL injection attack protection method.

Description

technical field [0001] The invention relates to the field of network security, in particular to a database-based SQL injection attack protection method. Background technique [0002] Web security is complex, and SQL injection is the most harmful. SQL Injection, the Chinese name is "SQL injection" is a means of database attack, and it is also a manifestation of the existence of WEB application vulnerabilities. Its actual meaning is to use the external interface of certain databases to insert user data into the actual database operation. Language, so as to achieve the purpose of invading the database and even the operating system. [0003] The main form of SQL Injection is to directly insert code into user input variables that are concatenated and executed with SQL commands, and indirectly inject malicious code into strings to be stored in tables or as metadata, and the stored strings are subsequently string When connected to a dynamic SQL command, execute the malicious code...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F17/30
Inventor 耿振民王衍江
Owner WUXI CINSEC INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com