Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Structured query language (SQL) injection attacking protection method based on internal storage

A technology of injecting attacks and memory, applied in the field of network security, can solve problems such as firewalls not detecting SQL injection, client or server-side authentication is not strict, etc., to avoid SQL injection and improve operating efficiency

Active Publication Date: 2013-04-24
北京讯鸟软件有限公司
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the traditional database verification mode has the following problems: the client or server side verification is not strict, and it is impossible to prevent users from entering some illegal information, the most dangerous of which is SQL injection
Since SQL injection is accessed from the normal WWW port, and it looks no different from normal web page access, so currently commonly used firewalls cannot detect SQL injection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Structured query language (SQL) injection attacking protection method based on internal storage
  • Structured query language (SQL) injection attacking protection method based on internal storage
  • Structured query language (SQL) injection attacking protection method based on internal storage

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] Below in conjunction with accompanying drawing and specific embodiment the present invention will be described in further detail

[0036] The invention provides a method for protecting against SQL injection attacks based on memory, comprising the following steps: user registration: put user information into a database, and put it into the memory database; user modification: modify the user information of the database, and synchronously modify the user of the memory database Information; User Verification: Select the memory database mode or database mode to verify user information according to the status of the configuration item. The following is a detailed description of the memory-based SQL injection attack protection method.

[0037] First, the user registration stage is introduced: when a user submits a registration application to the server, user information needs to be provided to the server. The user information includes registration information and necessary ver...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a structural query language (SQL) injection attacking protection method based on internal storage. The SQL injection attacking protection method based on the internal storage comprises following steps including user registration, user modification and user authentication. The user registration includes that user information is put in a data bank and put in an internal storage data bank. The user modification includes that the user information of the data bank is modified, and synchronously, the user information of the internal storage data bank is modified. The user authentication includes that according to a state of a configuration item, an internal storage data bank mode or a data bank mode is selected to verify the user information. On one hand, through a No SQL internal storage data bank, key-value-to-information which is stored in advance is used as verification information to be compared with a verification condition which is submitted by a user, therefore, a traditional SQL statement comparing method is radically replaced, and occuring of SQL injection is avoided. On the other hand, a whole verification process is based on calculating of internal storage data, and is not interacted with hard disc storage medium of a server, and therefore, operation efficiency is greatly improved..

Description

technical field [0001] The invention relates to a SQL injection attack protection method, in particular to a memory-based SQL injection attack protection method, and belongs to the technical field of network security. Background technique [0002] With the development of Internet, Web application systems based on B / S mode, such as e-commerce systems and e-government systems, are more and more favored by users. Most web application systems need to interact with users. When the user applies for interaction with the server, the server verifies, controls and records the user's behavior through the login interface, which plays a role in protecting the operation security. [0003] In the traditional database verification mode, after the user enters the user name and password on the login interface, the data validity verification is first performed on the client side. If the data is illegal (such as entering characters that are not allowed) or the content is empty, If the user is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 吴为民梁浩
Owner 北京讯鸟软件有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com