SQLI-Dagger, a Multilevel Template based Algorithm to Detect and Prevent SQL Injection
| Autor: | Rekha K. James, Teresa K. George |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Autocommit
Web server SQL View Computer science Data definition language 02 engineering and technology computer.software_genre Language Integrated Query Database tuning In-Memory Processing SQL injection 020204 information systems 0202 electrical engineering electronic engineering information engineering Web application Query by Example Stored procedure computer.programming_language Database server Database business.industry Application server Materialized view InformationSystems_DATABASEMANAGEMENT 020207 software engineering Data Transformation Services Proxy server Identity column User-defined function Open Database Connectivity Operating system business Log shipping computer Algorithm Business Intelligence Markup Language |
| Zdroj: | International Journal of Computer Applications. 143:46-50 |
| ISSN: | 0975-8887 |
| DOI: | 10.5120/ijca2016910232 |
| Popis: | injection attacks are often found within the dynamic pages of a web application that exploit the security vulnerability of the database layers of an application. In this attack category a specifically crafted SQL command is entered in the form field of a web application instead of the expected information. SQL injection takes advantages of the design flaws in poorly designed web applications to poison SQL statements and bypass the normal methods of accessing the database content .In these types of Injection attempt the database server execute undesirable SQL Code to steal, manipulate or delete the content of a database. The proposed algorithm is implemented on an application which is placed on a proxy server kept between the Database server and a web server. It is working on multi-level template based approach, which is a model based approach to detect the illegal queries before they are executed on the database server. With the support of the query evaluation engine it can detect and block the injected query. Only the benign query is allowed to get the access to the back end database server. An alert message is generated if there is an Injection. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|