使用基于applet的未经授权的信息访问

S. Sokolov, O. M. Alimov, L. E. Ivleva, Ekaterina Yu. Vartanova, V. Burlov
{"title":"使用基于applet的未经授权的信息访问","authors":"S. Sokolov, O. M. Alimov, L. E. Ivleva, Ekaterina Yu. Vartanova, V. Burlov","doi":"10.1109/EICONRUS.2018.8317046","DOIUrl":null,"url":null,"abstract":"The problem of unauthorized access to information on Web sites through the use of malicious code by an attacker leads to undesirable consequences that arise both on the server side and on the users side. This article is devoted to the review and analysis of existing methods for ensuring the information security of automated systems for authentication and distributed networks. The existence of vulnerabilities on most modern Web content management platforms allows an attacker to inject malicious files onto the server or modify existing files. Recently, there has been a large increase in cybercrime, which is a fairly lucrative business for intruders. To avoid the introduction of malicious code on the site, in addition to the above steps, you should use the SCP / SSH / SFTP protocols instead of FTP to download files to the server, which will prevent the passwords from being sent “in the clear”.","PeriodicalId":6562,"journal":{"name":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","volume":"1 1","pages":"128-131"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Using unauthorized access to information based on applets\",\"authors\":\"S. Sokolov, O. M. Alimov, L. E. Ivleva, Ekaterina Yu. Vartanova, V. Burlov\",\"doi\":\"10.1109/EICONRUS.2018.8317046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The problem of unauthorized access to information on Web sites through the use of malicious code by an attacker leads to undesirable consequences that arise both on the server side and on the users side. This article is devoted to the review and analysis of existing methods for ensuring the information security of automated systems for authentication and distributed networks. The existence of vulnerabilities on most modern Web content management platforms allows an attacker to inject malicious files onto the server or modify existing files. Recently, there has been a large increase in cybercrime, which is a fairly lucrative business for intruders. To avoid the introduction of malicious code on the site, in addition to the above steps, you should use the SCP / SSH / SFTP protocols instead of FTP to download files to the server, which will prevent the passwords from being sent “in the clear”.\",\"PeriodicalId\":6562,\"journal\":{\"name\":\"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)\",\"volume\":\"1 1\",\"pages\":\"128-131\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EICONRUS.2018.8317046\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EICONRUS.2018.8317046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

摘要

攻击者通过使用恶意代码对Web站点上的信息进行未经授权的访问,会导致服务器端和用户端都出现不希望出现的后果。本文致力于审查和分析用于确保身份验证和分布式网络的自动化系统的信息安全的现有方法。大多数现代Web内容管理平台上存在的漏洞允许攻击者将恶意文件注入服务器或修改现有文件。最近,网络犯罪大幅增加,这对入侵者来说是一笔相当有利可图的生意。为了避免网站上引入恶意代码,除了以上步骤外,您应该使用SCP / SSH / SFTP协议而不是FTP将文件下载到服务器,这样可以防止密码被“明文”发送。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Using unauthorized access to information based on applets
The problem of unauthorized access to information on Web sites through the use of malicious code by an attacker leads to undesirable consequences that arise both on the server side and on the users side. This article is devoted to the review and analysis of existing methods for ensuring the information security of automated systems for authentication and distributed networks. The existence of vulnerabilities on most modern Web content management platforms allows an attacker to inject malicious files onto the server or modify existing files. Recently, there has been a large increase in cybercrime, which is a fairly lucrative business for intruders. To avoid the introduction of malicious code on the site, in addition to the above steps, you should use the SCP / SSH / SFTP protocols instead of FTP to download files to the server, which will prevent the passwords from being sent “in the clear”.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信