Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACNS
2004
Springer
2004
Springer
SQLrand: Preventing SQL Injection Attacks
We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web frontend, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Real-time TrafficACNS 2004 | Attacks Target Databases | Cryptography | Practical Protection Mechanism | SQL Injection Attacks |
Related Content
| Added | 30 Jun 2010 |
| Updated | 30 Jun 2010 |
| Type | Conference |
| Year | 2004 |
| Where | ACNS |
| Authors | Stephen W. Boyd, Angelos D. Keromytis |
Comments (0)
Researcher Info
|
