A Database Protection System Aiming at SQL Attack

Abstract

Many websites on the internet are based on database, especially websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the internet. Different from many protection systems deployed between web servers and internet, this article designed a database protection system between web server and database server. It parses network and database protocol of the packets passing through, and extracts the SQL statements, then analyzes and filters the SQL statements, so it protects the database effectively on the application layer and its effectiveness is independent of any particular target system, application environment, or DBMS. Even there is no need to modify the source code of existing web applications. This system has been carried out in application and has good effect.