Title :
On Defense and Detection of SQL SERVER Injection Attack
Author :
Xue, Qian ; He, Peng
Author_Institution :
Shannxi Coll. of Commun. Technol., Xi´´an, China
Abstract :
The mechanism of SQL injection attack is introduced in this paper. Differing from the works of the predecessors, the authors categorize the injection attacks according to the characteristics of the injection codes. For the type of web databases with SQL Server as the backend, a DDL (Detection-Defense-Log) Model against SQL injection is created. Both the client computer and the server are included in the model. The model is intended to prevent as many attacks as possible and record the dangerous attack actions by deploying some smart program on the client computer and the server respectively, which can check the length and data type of the submitted variables, and detect the injection-sensitive characters and keywords.
Keywords :
Internet; SQL; DDL; SQL server injection attack; Web databases; client computer; detection-defense-log model; injection-sensitive characters; predecessors; smart program; Computational modeling; Computers; Databases; Internet; Security; Servers; Software;
Conference_Titel :
Wireless Communications, Networking and Mobile Computing (WiCOM), 2011 7th International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-6250-6
DOI :
10.1109/wicom.2011.6040534
