您的位置:首页  > 论文页面

基于Ajax的Web应用安全性研究

发表时间:2008-06-30  浏览量:2267  下载量:1080
全部作者: 杨洁,王虹
作者单位: 武汉理工大学信息工程学院
摘 要: Ajax是Web 2.0时代新兴的流行网络技术,也代表着Web 2.0时代的来临。自2005年以来,由Google公司发起,Apache、微软等组织或公司推广的Ajax框架技术,迅速于2006年在国内外各个大小网站得到了普及,无论是商业主页,还是E-mail服务,亦或是目前极为流行的BLOG主页,随处可见Ajax框架搭建的页面和服务。Ajax框架技术极大地提高了网页的动态交互性,使互联网应用系统响应更敏捷,并提供给用户远胜于传统HTTP Web页面的全新操作体验,使用户体验更丰富。但Ajax框架技术在带来这些操作和性能上的优点的同时,也引入了一些容易让人忽视的安全问题,而一些在传统Web应用中威胁度级别并不高的安全问题,也随着Ajax框架本身固有的一些特性,变得更容易被攻击。本文介绍了Ajax的主要技术和原理,并分析其优势和存在的安全威胁,重点研究由于脚本语言、XML注入和XSS攻击问题引起的负面安全影响及其相应的防御措施,使Web应用的安全性得到了改善和提高。
关 键 词: 数据安全与计算机安全;Ajax;Web应用;安全性;防御
Title: The Web application security research based on Ajax
Author: YANG Jie, WANG Hong
Organization: School of Information Engineering, Wuhan University of Technology
Abstract: Ajax is a popular network technology emerges in Web 2.0 era, which also represents the coming of Web 2.0 era. The framework of the Ajax technology which was launched by Google and promoted by Apache, Microsoft and other organizations or companies since 2005 rapidly gained ground in sites both at home and abroad in 2006. Whether the commercial home page, E-mail services, or BLOG home page which is very popular currently, the pages and services built by Ajax framework can be easily seen. Ajax framework technology has greatly improved the dynamic interactivity of web pages, so that the response of internet application system is more agile. It also offers users the new operating experience which is better than traditional HTTP Web pages, makes users' experience richer and more varied. However, while bringing these operation and performance advantages, Ajax framework technology also introduced a number of security problems which are easy to be ignored. Some safety problems whose threat level was not so high in traditional Web application become more vulnerable due to the inherent characteristics of Ajax framework. This paper introduces the main technology and principles of Ajax, and then analyzes its advantages and existent security threat. As focused on the negative security impacts caused by scripting language, XML injection and XSS attack and the corresponding defense measures, it enabled the Web application security to be improved and enhanced.
Key words: data security and computer security; Ajax; Web application; security; defense
发表期数: 2008年10月第12期
引用格式: 杨洁,王虹. 基于Ajax的Web应用安全性研究[J]. 中国科技论文在线精品论文,2008,1(12):1408-1412.
 
2 评论数 0
暂无评论
友情链接