Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for SQL injection prevention

An anti-injection and legality technology, applied in the transmission system, electrical components, etc., can solve the problems of poor defense against SQL attacks, prone to errors, and high cost, so as to improve accuracy, service efficiency, and increase security.

Inactive Publication Date: 2016-06-22
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF6 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

There are three common ways to prevent SQL injection: 1) Constraints in the development process, developed in full compliance with code development standards; 2) Filtering based on keywords and rules; 3) Configuring parameters for receiving web pages, Configure the whitelist of submission parameters; the common method of preventing SQL injection also has certain defects, based on keyword and rule filtering, poor defense against tentative SQL attacks and special SQL attacks, prone to false positives and false negatives ;To submit the configuration parameters to the whitelist, it is necessary to configure all the parameters that can be received by the web page, which is a lot of work, expensive, and prone to errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for SQL injection prevention
  • System and method for SQL injection prevention

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be further described in detail below in conjunction with examples, but the implementation of the present invention is not limited thereto.

[0029] The database is the core part of the server. Due to the negligence of programmers or improper parameter configuration, many newly developed systems may have SQL injection vulnerabilities. At the same time, some previously developed systems have SQL injection vulnerabilities, which are difficult to repair in the later stage, and are expensive to repair. In order to solve the security problems of existing SQL injection or SQL hidden danger systems, the present invention designs a SQL injection prevention system , It includes IP blacklist filtering module, request rule detection module and http response interception module. The specific implementation principles are as follows:

[0030] The overall idea of ​​the design of SQL anti-injection: SQL anti-injection system design a complete set of security detec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a system and method for preventing SQL injection, which includes an IP blacklist filter module, a request rule detection module and an http response interception module; the IP blacklist filter module is used to set the request source IP meeting certain attack conditions as Blacklist, the system automatically intercepts IP requests in the blacklist; the request rule detection module is used to detect the legality of request parameters for requests that pass IP detection, and intercept requests with abnormal parameters; the http response interception module is used to Intercept error return information, filter out error prompt information, and prevent sensitive information from being exposed. The invention solves the security problem of the existing SQL injection or SQL hidden danger system, and increases the security of the server.

Description

Technical field [0001] The invention relates to the technical field of server data anti-injection, in particular to a SQL anti-injection system and method. Background technique [0002] The web application is based on the http protocol. The client sends an http request with parameters, the server parses the request, and submits it to the application processing program, and then the application processing program constructs the corresponding SQL query statement to query the data in the database. Based on this way of working, the server is vulnerable to SQL attacks. SQL injection is one of the commonly used service attack methods. Many service websites have SQL injection vulnerabilities. Attackers often use SQL injection to attack. After success, they can add, delete, modify, and erase data in the data at will. harm. There are mainly three common methods to prevent SQL injection: 1) Constraints in the development process, which are developed in accordance with the code developmen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L67/02H04L63/1466
Inventor 龙长春常清雪洪国军
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com