论文部分内容阅读
互联网项目里边,SQL注入漏洞、XSS漏洞和猜测URL攻击这三个漏洞可谓历史悠久,直到今天还有人不断中枪。其实这几个漏洞说大也大,说小也小。说大是说这些漏洞危害大,会导致数据层面的安全问题;说小是从技术层面上讲都是未对外部输入做处理导致的,想要做针对性地防范很简单。下面简单看看这些漏洞的原因及防范方法。SQL注入SQL注入之所以存在,主要是因为工程师将外部的输入直接嵌入到将要执行的SQL语句中了。黑客可以利用这一点
Inside the Internet project, SQL Injection Vulnerability, XSS Vulnerability and Guessing URL Attack are the three loopholes that have a long history. Until today, some people continue to shoot the gun. In fact, these loopholes are large and large, that small and small. To say big is that these vulnerabilities are harmful and can lead to data-level security issues. It is very simple to say that small is from a technical level, because no external input is processed. The following simple look at the causes of these loopholes and prevention methods. SQL Injection SQL Injection exists primarily because engineers embed external input directly into the SQL statements to be executed. Hackers can take advantage of this