Content-based Web Security Graded Management System

• Main Authors: Shih Lien Yang, 楊士廉
• Other Authors: 游坤明
• Format: Others
• Language: zh-TW
• Published: 2002
• Online Access: http://ndltd.ncl.edu.tw/handle/08799510281050633976

碩士 === 中華大學 === 資訊工程學系碩士班 === 90 === Web security has become a critical issue with the rapid development of e-commerce over the Internet. The techniques of security can be categorized into three types — identification, encoding system and package filtering. Since those methods cannot provide enough protection over Web concerning with an enterprise’s business logic. In this paper, we describe the architecture of a content-based, graded security web server management system. The system is an enhanced version of ‘Document Based Vaccine Defense System’. In the system, we propose a mechanism that can adapt to different web server system and we apply LDAP Directory Server to integrate the permission control of original system. Also, we can flexibly expand our secure function to defend the novel attack. For strengthening the security of a web server defense system, our management system handles the logon users’ authority and the access control of sensitive information in web pages in a graded security management mode. Besides, our system has capability against “SQL injection” attack. Moreover, for reducing the inefficiency of security functions, we pre-analyze the content of web document to reduce the unnecessary vaccine injections.