检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:董沛然 DONG Peiran(IT Department,China Development Bank,Beijing 100032,China)
出 处:《数字通信世界》2023年第1期62-65,共4页Digital Communication World
摘 要:SQL注入漏洞是软件漏洞中最为常见的一类漏洞,也是信息安全领域的一个研究热点。文章首先以SQL注入和命令注入为例,阐述了注入类程序漏洞的原理、分类和危害,并介绍了注入类漏洞的起始点、爆发点、传递链等概念。然后针对大型复杂系统的特点,给出了防范注入类漏洞缺陷的5个方法,特别是创新性地提出了基于大型复杂系统的数据流校验模型,并分析其优势。最后,对未来研究可能面临的挑战进行了展望。Injection leak is the most common one in all of the software leaks.And it is always one of the research focuses in the area of information security.With SQL injection and command injection as examples,it states the theory,mainly classification and harms of injection leak.It introduces the concept of starting point,bursting point,and transfer chain of injection leaks.Furthermore,in view of the light of the functional features of Large-scale Complex System,five measures in the aspect of design,software architecture and coding are proposed.Especially,verification model based on Large-scale Complex System is innovatively proposed.Finally a perspective of the future work in this research area is discussed.
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.43