An Efficient Protective Layer Against SQL Injection Attacks
In this paper, we present a detailed discussion on different SQL injection attacks and their prevention technique. In addition, we proposed a new scheme for prevention of SQL injection attack, which consist of three blocks or three tier architecture: the clients, the application server and the database server. Our protective layer works between the clients and application server. Therefore, before sending SQL queries to the database, the protective layer will analyze the query to check the vulnerability. If found any, it reported else it forward the query to database server. The proposed scheme is efficient and overhead is negligible.
Keywords: SQL Injection, Web Security, Vulnerabilities, Prevention, Database security.
Download Full-Text
ABOUT THE AUTHORS
Bojken Shehu
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. In 2007 he has finished the Bachelor Thesis in Saint Petersburg State Polytechnic University, Russia and in 2010 he has finished the Master Thesis in Bauman Moscow State Technical University, Russia and now he is a PhD student in Polytechnic University of Tirana, Albania.
Aleksander Xhuvani
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. He has finished the PhD study at Bordeaux in France. At 2004 he is graduated as Prof. Dr.
Bojken Shehu
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. In 2007 he has finished the Bachelor Thesis in Saint Petersburg State Polytechnic University, Russia and in 2010 he has finished the Master Thesis in Bauman Moscow State Technical University, Russia and now he is a PhD student in Polytechnic University of Tirana, Albania.
Aleksander Xhuvani
He is a pedagogue in Polytechnic University of Tirana, Faculty of Information Technology, in Computer Engineering Department. He has finished the PhD study at Bordeaux in France. At 2004 he is graduated as Prof. Dr.