DocumentCode :
584423
Title :
SQLIMW: A New Mechanism against SQL-injection
Author :
Jiao, Gao ; Xu, Chang-Ming ; Maohua, Jing
Author_Institution :
Bus. & Trade Dept., Northeastern Univ., Qinhuangdao, China
fYear :
2012
fDate :
11-13 Aug. 2012
Firstpage :
1178
Lastpage :
1180
Abstract :
SQL-Injection is an attack for Web applications which are based on database system, and it is one of the most serious security threats for Web application. This paper proposes a new middle-ware-based prevention mechanism: SQLIMW. The SQLIMW avoids SQL-Injection attack from the programmer to the server, and use HASH function to replace encryption. Furthermore, it protects username, password and private key of SQLIMW together by XOR operation and HASH. The proposal provides better security and efficiency.
Keywords :
Internet; SQL; authorisation; middleware; private key cryptography; SQL-injection attack; SQLIMW; Structured Query Language; Web application security threats; XOR operation; database system; encryption; hash function; middleware-based prevention mechanism; password protection; private key protection; username protection; Authentication; Databases; Educational institutions; Encryption; Middleware; Servers; Hash; SQL-Injection attack; SQLIMW; Web security;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Science & Service System (CSSS), 2012 International Conference on
Conference_Location :
Nanjing
Print_ISBN :
978-1-4673-0721-5
Type :
conf
DOI :
10.1109/CSSS.2012.298
Filename :
6394536
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=584423
بازگشت