Method and system for preventing structured query language (SQL) implantation

A technology of abstracting and requesting parameters, applied in the fields of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as low processing efficiency, and achieve the effect of reducing requirements, improving security, and high processing efficiency

Active Publication Date: 2015-11-11
FUJIAN TQ DIGITAL
View PDF7 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this patent application needs to judge and check

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing structured query language (SQL) implantation
  • Method and system for preventing structured query language (SQL) implantation
  • Method and system for preventing structured query language (SQL) implantation

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0028] In order to describe in detail the technical content, the achieved objectives and effects of the present invention, the following description will be given in conjunction with the embodiments and the accompanying drawings.

[0029] The key concept of the present invention is to obtain request parameters that need to be defended through SQL injection detection, generate URL summary collections, analyze the obtained SQL injections, and process parameter values ​​or keywords to prevent SQL injection into the system.

[0030] Please refer to figure 1 , Embodiment 1 of the present invention provides a method for preventing SQL injection, including the following steps:

[0031] S1: Configure the reverse proxy module and record all request logs; such as the known nginx, use its logging function to record all request logs. Optionally, the reverse proxy module may also be, for example, IIS under the windows system;

[0032] S2: Use the injection detection module to perform SQL injection...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a method and a system for preventing structured query language (SQL) implantation, wherein the method comprises the steps of: configuring a reverse proxy module, and recording all request logs; performing SQL implantation detection on requests by using an implantation detection module, and recording request parameters with implantation vulnerabilities; parsing the request parameters, extracting corresponding parameter names, and generating a URL abstract collection; acquiring an SQL implantation request to URL by an attacker; transmitting the SQL implantation request to an implantation defense module by the reverse proxy module; determining whether the address of the SQL implantation request is in the URL abstract collection or not by the implantation defense module; if so, replacing parameter values and related keywords of the address of the SQL implantation request by the implantation defense module to acquire a secure request; and transmitting the secure request to a WEB site of a target server. By adopting the method and the system, the requirements for programmers can be reduced, the security of a website can be improved, and the website can be automatically protected without modification of source codes.

Description

technical field [0001] The invention relates to a method and system for preventing SQL injection. Background technique [0002] At present, many websites have found SQL injection vulnerabilities, and there are some injection detection methods on the market, but all of them require programmers to modify the website code, and the professional requirements for programmers are relatively high. And it has a lot to do with the way the program is developed. If SQL injection cannot be prevented, many sites will be hacked and database passwords will be leaked. [0003] The existing patent application (Application No.: 201310296901.5) discloses a method for SQL injection defense against databases, including the following steps: (a) receiving SQL statements from the application system for accessing the database; (b) injecting the SQL statements Judging and checking, if SQL injection is found, intercept the SQL injection, record the error, and return an exception message to the applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 陈丛亮刘德建毛新生
Owner FUJIAN TQ DIGITAL
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap