Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for preventing structured query language (SQL) implantation

A technology of abstracting and requesting parameters, applied in the fields of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as low processing efficiency, and achieve the effect of reducing requirements, improving security, and high processing efficiency

Active Publication Date: 2015-11-11
FUJIAN TQ DIGITAL
View PDF7 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this patent application needs to judge and check all SQL statements, and the processing efficiency is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing structured query language (SQL) implantation
  • Method and system for preventing structured query language (SQL) implantation
  • Method and system for preventing structured query language (SQL) implantation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to describe the technical content, achieved goals and effects of the present invention in detail, the following descriptions will be made in conjunction with the embodiments and accompanying drawings.

[0029] The most critical idea of ​​the present invention is: through SQL injection detection, obtain the request parameter that needs defense, generate URL summary set, analyze, parameter value or key word replacement process to the acquired SQL injection, prevent SQL from injecting into the system.

[0030] Please refer to figure 1 , Embodiment 1 of the present invention provides a method for preventing SQL injection, including the following steps:

[0031] S1: Configure the reverse proxy module and record all request logs; such as the known nginx, use the logging function to record all request logs. Optionally, the reverse proxy module can also be, for example, IIS under the windows system;

[0032] S2: Use the injection detection module to perform SQL injec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention discloses a method and a system for preventing structured query language (SQL) implantation, wherein the method comprises the steps of: configuring a reverse proxy module, and recording all request logs; performing SQL implantation detection on requests by using an implantation detection module, and recording request parameters with implantation vulnerabilities; parsing the request parameters, extracting corresponding parameter names, and generating a URL abstract collection; acquiring an SQL implantation request to URL by an attacker; transmitting the SQL implantation request to an implantation defense module by the reverse proxy module; determining whether the address of the SQL implantation request is in the URL abstract collection or not by the implantation defense module; if so, replacing parameter values and related keywords of the address of the SQL implantation request by the implantation defense module to acquire a secure request; and transmitting the secure request to a WEB site of a target server. By adopting the method and the system, the requirements for programmers can be reduced, the security of a website can be improved, and the website can be automatically protected without modification of source codes.

Description

technical field [0001] The invention relates to a method and system for preventing SQL injection. Background technique [0002] At present, many websites have found SQL injection vulnerabilities, and there are some injection detection methods on the market, but all of them require programmers to modify the website code, and the professional requirements for programmers are relatively high. And it has a lot to do with the way the program is developed. If SQL injection cannot be prevented, many sites will be hacked and database passwords will be leaked. [0003] The existing patent application (Application No.: 201310296901.5) discloses a method for SQL injection defense against databases, including the following steps: (a) receiving SQL statements from the application system for accessing the database; (b) injecting the SQL statements Judging and checking, if SQL injection is found, intercept the SQL injection, record the error, and return an exception message to the applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55
CPCG06F21/554
Inventor 陈丛亮刘德建毛新生
Owner FUJIAN TQ DIGITAL
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More