| 摘要 |
PROBLEM TO BE SOLVED: To solve the problem in an abrupt increase of SQL injection attacks, caused by a Web application with neglected consideration of security in program development design, which may not be unreasonable to describe an SQL language for database query with a computer language specialized for the Web application intact, that although it has become possible to obtain measures against the SQL injection attacks, 100% secure measures against the SQL injection attacks to unknown problems cannot be found out if the problem of character codes interpreted by a database management system (DBMS) is bypassed. SOLUTION: By leaving the SQL query method intact, and by changing an SQL reserved word on a system-by-system basis, it becomes possible to disable an SQL injection attack program which frequently appears as an attacking tool. Security measures are provided by the database management system side. COPYRIGHT: (C)2010,JPO&INPIT |
