|
|
|
Date Submitted:
06/18/05
Hits: 53 Rating:  based on 0 votes
SQL Injection Protection by Variable Normalization of SQL StatementAdded by Papergrl
Description:
We present here a method to protect from SQL injection attack. The method involve using a virtual database connectivity drive as well as a special method named "variable normalization" to extract the basic structure of a SQL statement so that we could use that information to determine if a SQL statement is allowed to be executed. The method can be used in most scenarios and does not require changing the source code of database applications (i.e. the CGI web application). The presented method can also be used for auto-learning the allowable list of SQL statements, which makes the system very easy to setup. And since the decision of whether a SQL statement is allowed is to check if the normalized statement exists in our ready-sorted allowable list, the overhead of the system is very minimal.
Read the Complete Paper You don't have permission to post replies. Please login or register. |