摘要
SQL注入技术通过输入带有SQL关键字的语句破坏后台数据库查询语句完整性,进而开展客户端攻击,危害性很强,此外,不合规范的输入数据,也加重系统负担,降低系统可靠性。所以电子政务系统安全性、可靠性亟待提高。正则表达式具有很强的模式匹配功能,可以用来校验各种类型数据。加入正则表达式校验层,扩充传统三层B/S架构至四层后,通过校验客户端输入数据,能够遏制某些客户端攻击,在一定程度上提高电子政务系统安全性、可靠性。在电子政务系统建设中应用该项技术,取得了优良的效果。
SQL injection has ferocious harm to E-Gov. It can break integrality of query sentence in background database by inputing some vicious sentences which contain SQL key words. Thereupon, it carries out client attack. Besides, inputing data which isn't accordant with criterion may aggravate burden of system and reduce reliability of system at all. So the security and reliability in E-Gov system desiderates enhancing. The regular expressions have strong ability to match pattern so as to verify various data which has a varity of types. The traditional B/S frame structure can expand from three layers to four layers by adding regular expressions verifying layer. Therefore, clients are kept from being attacked by verifying input data at client. Thus security and reliability in E-Gov system is improved to a certainly level, This technology acquires good effect in the course of application in an E-Gov system.
出处
《计算机工程》
CAS
CSCD
北大核心
2007年第9期269-271,共3页
Computer Engineering
基金
国家科技攻关计划基金资助项目(2003BA808A16)
科技部农业科技成果转化资金资助项目(04EFN211100002)
