Treffer: 基于反向数据流传播的 SQL 语句随机化.

Application programs use randomized SQL statements can access the database and defend against SQL injection attacks in randomized SQL environment. This paper analyzed the challenges of randomization of SQL statements in application programs and proposed a SQL statement randomization method based on reverse data flow propagation. Reverse data flow propagation algorithm could quickly and accurately identify the SQL statements in application programs by tracing the data propagation of SQL statements in reverse, starting from the database operation function. Experiments show that the algorithm based on PHP 8. 0 kernel recognizes SQL statements with an accuracy of 91.7%. The SQL statement randomization method based on reverse data flow propagation is more convenient and universal than the traditional method. Application processed by this method can be suitable for randomized SQL environment to defend against SQL injection attack. [ABSTRACT FROM AUTHOR]

应用程序使用随机化 SQL 语句可在随机化 SQL 环境中访问数据库并防御 SQL 注入攻击。 分析了应用 程序 SQL 语句随机化存在的挑战, 提出了一种基于反向数据流传播的 SQL 语句随机化方法。 反向数据流传播 算法从数据库操作函数出发, 反向追踪 SQL 语句的数据传播, 可快速、准确地识别应用程序源码中的 SQL 语句。 实验表明基于 PHP 8. 0 内核实现的算法识别 SQL 语句准确率达 91.7%。 基于反向数据流传播的 SQL 语句随机 化方法较传统方法实施更便捷、通用性更强, 该方法处理后的应用程序可适用于随机化 SQL 环境防御 SQL 注入 攻击。 [ABSTRACT FROM AUTHOR]

Copyright of Application Research of Computers / Jisuanji Yingyong Yanjiu is the property of Application Research of Computers Edition and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)