Php-based independent sql injection defense analysis alarm method and system thereof

An alarm system, an independent technology, applied in the transmission system, electrical components, etc., can solve the problem that it is difficult to establish normal SQL statements and SQL injection attacks, cannot provide very effective protection, high false alarm rate and false negative rate, etc. problem, to achieve the effect of increasing cost, good scalability, and data protection
CN110474888AInactive Publication Date: 2019-11-19GUANGDONG EFLYCLOUD COMPUTING CO LTD
0 Cites 2 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGDONG EFLYCLOUD COMPUTING CO LTD
Publication Date
2019-11-19
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
Patent Text Reader

Abstract

The invention discloses a php-based independent sql injection defense analysis alarm method and a system thereof, and the method comprises the steps: checking whether a request IP is a forbidden IP blacklist, ending the request if the request IP is the forbidden IP blacklist, and entering the next step if the request IP is not the forbidden IP blacklist; judging whether parameters of sql injectioncontain blacklist symbols, and if yes, setting the sql injection as a note level; judging whether parameters of sql injection contain blacklist keywords, and if yes, setting the sql injection as a winning level; dividing the parameters of the sql injection by taking a space as a criterion, judging whether the parameters contain blacklist keywords, and if yes, setting the sql injection as an errorlevel; and performing sql injection on the error level, checking whether the request ip injected by the sql is subjected to injection attacks for a specified number of times, and if yes, forbidding the request ip and listing the request ip into a forbidden IP blacklist. According to the method, measures are taken for the sql injection problem in an omnibearing manner, corresponding measures are taken for prevention, response, monitoring and recording, and the data security is protected to a greater extent.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of SQL injection attacks, in particular to a PHP-based independent SQL injection defense analysis alarm method and a system thereof. Background technique

[0002] With the rapid development of Internet technology, Web technology and database technology have become the key technologies of modern information system. Information security based on Web server and database is one of the core Internet security issues. For web servers and databases, they are extremely vulnerable to hackers. Among them, SQL injection attack is a common type of attack faced by web servers at present. The attacker inserts a series of SQL commands by modifying the input field of the web form of the application program or the query string in the page request to change the database query statement. Thereby deceiving the database server to execute malicious SQL commands, thereby realizing unauthorized access to the background database and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More