Multi-hashing for Protecting Web Applications from SQL Injection Attacks
SQL injection is a type of frequently reported security attacks on database-driven web applications in which attackers execute unauthorized query operations to access information. In this paper, we describe the design and implementation of an efficient protection scheme against the SQL injection att...
Gespeichert in:
Veröffentlicht in: | International journal of computer and communication engineering 2015-05, Vol.4 (3), p.187-195 |
---|---|
Hauptverfasser: | , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | SQL injection is a type of frequently reported security attacks on database-driven web applications in which attackers execute unauthorized query operations to access information. In this paper, we describe the design and implementation of an efficient protection scheme against the SQL injection attacks based on a multiple-hashing mechanism. The proposed protection system model consists of three phases, which are registration, login and validation phases, and database is divided into product and query databases. By using multiple hashing operations the proposed scheme achieves higher efficiency than conventional schemes, which do not use sophisticated hashing operations. The scheme is implemented with HTML, PHP and MySQL, and cryptographic hashing function SHA-512 is used in the coding. Our experimental results show that the proposed scheme achieves very high level of security gain with negligible amount of time overheads compared to the conventional methods. |
---|---|
ISSN: | 2010-3743 2010-3743 |
DOI: | 10.17706/IJCCE.2015.4.3.187-195 |