SQL injection is one o f the most destructive network attacks that can lead to information leakage from the database including username, password, addresses, phone number and credit card statement and so on. This information may lead to huge loss to commercial vendor, and even threaten to the national security. In this paper we put forward a novel approach in which we define a new role called smart-driver that located between the web application and the back-end database. The smart-driver will only give normal users the information belonging to them by distributing a random number to the users as their identifier or reject masquerade behavior o f invalid users. By analyses, we prove that our method is more safety and can effectively protect our web application. © 2014 SERSC.
CITATION STYLE
Dong, Z., Liu, Y., Luo, G., & Diao, S. (2014). A smart-driver based method for preventing SQL injection attacks. International Journal of Security and Its Applications, 8(2), 67–76. https://doi.org/10.14257/ijsia.2014.8.2.07
Mendeley helps you to discover research relevant for your work.