首页 | 本学科首页   官方微博 | 高级检索  
     检索      

浅论网站交叉脚本攻击和SQL插入攻击
引用本文:刁群,桂现才,洪伟铭.浅论网站交叉脚本攻击和SQL插入攻击[J].湛江师范学院学报,2003,24(6):88-91.
作者姓名:刁群  桂现才  洪伟铭
作者单位:1. 广州市综合勘探大队,广东,广州,510440
2. 湛江师范学院,数学系,广东,湛江,524048
3. 湛江师范学院,信息科技学院计算机系,广东,湛江,524048
摘    要:网站交叉脚本攻击(CROSS-SITESCRITINGATTACK)和SQL(STRUCTUREDQUERYLANGUAGE)插入(SQLINJECTION)是黑客经常采用的攻击互联网应用程序(WEB-BASEDAPPLICA TIONS)的两种有效手段.网站交叉脚本攻击可以影响运行于目前市场上所有厂家的互联网服务器程序之上运用了动态页面产生技术(如ASP或JSP)的互联网应用程序.相对而言SQL插入攻击的原理较简单,但它仍可造成资源和劳动力的巨大损失;该文全面地介绍了网站交叉脚本攻击和SQL插入攻击的工作原理、可能后果及有效的防治方法.

关 键 词:网站交叉脚本攻击  SQL插入  互联网
文章编号:1006-4702(2003)06-0088-04
修稿时间:2003年9月15日

The Cross- Website Scripting Attack and SQL Injection Attack
DIAO Qun,GUI Xian-cai,HONG Wei-ming.The Cross- Website Scripting Attack and SQL Injection Attack[J].Journal of Zhanjiang Normal College,2003,24(6):88-91.
Authors:DIAO Qun  GUI Xian-cai  HONG Wei-ming
Institution:DIAO Qun~1,GUI Xian-cai~2,HONG Wei-ming~3
Abstract:The cross-website Scripting attack and the structured Query Language (SQL) Injection attack are two of the most popular methods that hacks apply to attack web-based applications.Cross-website Scripting attacks can possibly affect web-based applications of dynamic page-generation techniques such as Active Server Page (ASP) and Java Server Page (JSP) on all vendors' web servers. Comparatively, the principle behind the SQL Injection attack is fairly simple. However, it can cause a huge loss in terms of resource and labor. Consequently, it is of great necessity to effectively prevent those attacks. This paper discusses the two types of attack and the related issues including the definition, working mechanism, possible consequences, and prevention methods.
Keywords:
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号