Multi-hashing for Protecting Web Applications from SQL Injection Attacks

SQL injection is a type of frequently reported security attacks on database-driven web applications in which attackers execute unauthorized query operations to access information. In this paper, we describe the design and implementation of an efficient protection scheme against the SQL injection att...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of computer and communication engineering 2015-05, Vol.4 (3), p.187-195
Hauptverfasser: Bansal, Yogesh, Park, Jin H
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:SQL injection is a type of frequently reported security attacks on database-driven web applications in which attackers execute unauthorized query operations to access information. In this paper, we describe the design and implementation of an efficient protection scheme against the SQL injection attacks based on a multiple-hashing mechanism. The proposed protection system model consists of three phases, which are registration, login and validation phases, and database is divided into product and query databases. By using multiple hashing operations the proposed scheme achieves higher efficiency than conventional schemes, which do not use sophisticated hashing operations. The scheme is implemented with HTML, PHP and MySQL, and cryptographic hashing function SHA-512 is used in the coding. Our experimental results show that the proposed scheme achieves very high level of security gain with negligible amount of time overheads compared to the conventional methods.
ISSN:2010-3743
2010-3743
DOI:10.17706/IJCCE.2015.4.3.187-195