A Study of Role-Based Access Control for Web Database
碩士 === 中原大學 === 資訊工程研究所 === 96 === SQL injection is a common type of database attacks in a web-based system. Parameterized view is an approach to SQL injection defense by transferring a user’s identification to databases to provide access control. But in the original form of parameterized view met...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2008
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/44564716359265247065 |
| id |
ndltd-TW-096CYCU5392007 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-096CYCU53920072015-10-13T14:53:13Z http://ndltd.ncl.edu.tw/handle/44564716359265247065 A Study of Role-Based Access Control for Web Database 基於角色的權限控管至網路資料庫之研究 CHAN-SHENG CHUANG 莊展昇 碩士 中原大學 資訊工程研究所 96 SQL injection is a common type of database attacks in a web-based system. Parameterized view is an approach to SQL injection defense by transferring a user’s identification to databases to provide access control. But in the original form of parameterized view method, a view and an associated key were created for each user. In this thesis, we proposed to add role-based access control mechanism to the parameterized view. A view is created for each role, but not for each user, to reduce the number of views needed to be created. The identity of a user is mapped to a role, which is then used to create a view for that role. This view can thus be accessed by users of that role. An example system is also implemented for illustration. Chung Shyan Liu 留忠賢 2008 學位論文 ; thesis 38 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 中原大學 === 資訊工程研究所 === 96 === SQL injection is a common type of database attacks in a web-based system. Parameterized view is an approach to SQL injection defense by transferring a user’s identification to databases to provide access control. But in the original form of parameterized view method, a view and an associated key were created for each user.
In this thesis, we proposed to add role-based access control mechanism to the parameterized view. A view is created for each role, but not for each user, to reduce the number of views needed to be created. The identity of a user is mapped to a role, which is then used to create a view for that role. This view can thus be accessed by users of that role. An example system is also implemented for illustration.
|
| author2 |
Chung Shyan Liu |
| author_facet |
Chung Shyan Liu CHAN-SHENG CHUANG 莊展昇 |
| author |
CHAN-SHENG CHUANG 莊展昇 |
| spellingShingle |
CHAN-SHENG CHUANG 莊展昇 A Study of Role-Based Access Control for Web Database |
| author_sort |
CHAN-SHENG CHUANG |
| title |
A Study of Role-Based Access Control for Web Database |
| title_short |
A Study of Role-Based Access Control for Web Database |
| title_full |
A Study of Role-Based Access Control for Web Database |
| title_fullStr |
A Study of Role-Based Access Control for Web Database |
| title_full_unstemmed |
A Study of Role-Based Access Control for Web Database |
| title_sort |
study of role-based access control for web database |
| publishDate |
2008 |
| url |
http://ndltd.ncl.edu.tw/handle/44564716359265247065 |
| work_keys_str_mv |
AT chanshengchuang astudyofrolebasedaccesscontrolforwebdatabase AT zhuāngzhǎnshēng astudyofrolebasedaccesscontrolforwebdatabase AT chanshengchuang jīyújiǎosèdequánxiànkòngguǎnzhìwǎnglùzīliàokùzhīyánjiū AT zhuāngzhǎnshēng jīyújiǎosèdequánxiànkòngguǎnzhìwǎnglùzīliàokùzhīyánjiū AT chanshengchuang studyofrolebasedaccesscontrolforwebdatabase AT zhuāngzhǎnshēng studyofrolebasedaccesscontrolforwebdatabase |
| _version_ |
1717759661535395840 |