For the sake of the exaltation business enterprise competition ability, enlargement market quota, the media company musts be reasonable to make use of the network resources, passing the internet, the company can open to whole country, whole world the business to exhibition, can reduce the business cost of the company consumedly at the same time, expanding the market effectively, this system be for realizing this purpose but development of.
Pass to the advertisement business enterprise with thorough investigation that advertise the market, the light an advertisement is the most widespread outdoor advertisement medium now, however is also a management the most trivial, permit the mistakable advertisement very much the part, light a function for advertising current information turning still not strongly, for the sake of system, make selection finally light box advertise for the focus that I study.
According to characteristics that advertise the business enterprise, design the principle according to the database to analyze with the system the design method design the advertisement box that match the advertisement business enterprise manages the procedure, the database adopts to permit the sex concurrently good and superior SQL in function Server 2005 come to develop, combine the exploitation SQL defend the infusion to invade to visit the IP method to the backstage management with restrict with script, guaranteeing the data safety, making use of.The NET technique proceeds the development, using the Visual Studio 2005 complete the software establishment, guarantee the stability of the procedure, use the software development method system design that face to the object, B2C( Business- to- Consume) electronic commerce mode, the B/ S system system construction is namely the Browser/ Server( browser/ server) construction
Pass to do this item, make me come in sight of the modern business enterprise to park the surface mostly to the technical application in information, have no real use solid place, to think that the real information turns, returning to need the company upper level values.The traditional management thought will cause business enterprise technique fallen behind necessarily, from but lose the competition ability, but the system that I develop manages software, exactly a kind of information turns, the value that believe it would at applied empress very quick appears.
Key phrase:The □ light box advertises to manage the system □ .The NET technique □ faces to the object software development method
□ system analysis data safety
基于WEB的SQL数据库安全策略浅析
第1章 概述
1.1 网络时代的数据库安全
1.2 进行数据库安全策略的研究的必要性
1.3 如何探讨基于Web的数据库安全策略
1.4 研究过程中应注意的事项
第2章 MS SQL Server 2000数据库介绍
2.1 数据库对象
2.1.1 数据库表
2.1.2 数据库关系
2.1.3 数据库视图
2.1.4 数据库存储过程
2.1.5 数据库拓展存储过程
2.1.6 数据库用户与角色
2.2 MS SQL Server2000数据库的安全性
2.2.1 验证方法选择
2.2.2 Web环境中的验证
2.2.3 设置全局组
2.2.4 允许数据库访问
2.2.5 分配权限
2.2.6 简化安全管理
第3章 SQL数据库存储过程
3.1 ASP中存储过程调用的两种方式及比较
3.1.1使用存储过程的分页实例
3.1.2 不使用存储过程的分页实例
3.2 使用SQL存储过程要特别注意的问题
第4章 示例Web程序介绍
4.1 某大学网站简介
4.1.1 网站功能
4.1.2网站数据库设计
4.1.3 网站代码设计
4.1.4 网站组成架构
4.2 ASP连接MS SQL Server 2000数据库
4.2.1通过ODBC DSN建立连接
4.2.2通过oledb建立连接
4.2.3通过driver建立连接
4.2.4 ASP连接SQL数据库示例
第5章 入侵检测
5.1 入侵演示
5.2 存在的漏洞
5.3 漏洞分析
第6章 安全策略
6.1 服务器操作系统安全策略
6.1.1 帐号安全
6.1.2 权限配置(NTFS)
6.1.3 密码安全
6.1.4 日志管理
6.1.5 病毒防范
6.2 MS SQL Server2000数据库安全策略
6.2.1安全的密码策略
6.2.2 安全的帐号策略
6.2.3 数据库日志的记录
6.2.4 扩展存储过程
6.2.5 协议加密
6.2.6 TCP/IP端口配置
6.2.7 对网络连接进行IP限制
6.3 Web程序安全策略
6.3.1 代码防SQL注入设计
6.3.2 IIS安全配置
6.3.3 帐号管理
6.3.4 权限管理
6.3.5 密码安全(MD5)
第7章 其他数据库的安全性
7.1 MS ACCESS数据库的安全性
7.2 MS SQL Server 2005的安全性
7.3 ORACLE数据库10g安全性
第8章 总结
致谢
参考文献
-------------------------------------------------------
以上为本人大学本科毕业论文提纲。纯手工打造。如有雷同,不胜荣幸(当然雷同是不可能)。
论文写了3万5千字(删减后)。是当年我省高校优秀毕业论文。
很简单,如果没有防注入的话,sql应该是这样的
select * from accounts where name='此处是用户输入的文本';
那么再看看我们是不是可以改成这样:
select * from accounts where name ='';select * from accounts where 1='1';
这期间,用户只要输入 ';select * from accounts where 1='1 这样的文本,你的整个账号表就都返回给他了。当然,这只是一个简单的实例,具体注入的话,还需要复杂一点的过程。因为他首先要了解你的表结构,select * from sysobjects等等,不过这也都不是问题。
现在明白了么?
直接粘贴在论文中就可以。你不管什么格式的,最后都要打印出来的。txt和sql都可以,粘贴到word中打印就行
