期刊名称:International Journal of Computer Science and Information Technologies
电子版ISSN:0975-9646
出版年度:2012
卷号:3
期号:5
页码:4981-4987
出版社:TechScience Publications
摘要:SQL Injection Attack (SQLIA) is a technique that helps the attackers to direct enters into the database in an unauthorized way and reach the highest or most decisive point in extracting or updating sensitive information from any organizations database. In this paper, we studied the scenario of the different types of attacks with descriptions and examples of how attacks of that type could be performed and their detection & prevention schemes. It also contains strengths and weaknesses of various SQL injection attacks. It is known to all that SQL injection attacks easily prevented by applying more secure schemes in login phase and after login phase. Therefore, we implement our proposed scheme called SQLENCP, the SQL injection prevention by encryption & hashing techniques, to handle the SQLIA and prevent them. Although, the proposed implemented system is unable to handle all the SQL injection attacks, but it can prevent tautology attacks, union based query attacks & illegal structured query attacks
