ANALISIS KEAMANAN SERANGAN SQL INJECTION BERDASARKAN METODE KONEKSI DATABASE
Keywords:
Security Database, SQL Injection, Data Connection, RBACAbstract
The rapid development of information technology enabling everyone to access the needed information instantly. Security becomes a very important factor if the information are accessed globaly, one of the vulnerabilities that are common and very dangerous for the web is a SQL Injection. It therefore requires analysis of guaranteeing the security of the data connection on web applications become more secure. Analysis process of the SQL Injection attack to compare several types of data connections on PHP is Mysql Connect, Mysql-improved OOP and Procedural and PDO in RDBMS MySQL with use of the role-based and different data servers. According to results the research obtained significant differences lies in the data connection using the function bindParam and non-bindParam. The final result in analysis study obtained an understanding of how an attack can happen to the data connection and the results obtained from the research in SQL Injection attacks are useful for comparing a better connection method used by web developers to maintain security.
References
Ferraiolo, D. F., Kuhn, D. R., & Chandramouli, R. (2007). Role-Based Access Control. Boston: Artech House.
Kadir, A. (2001). Dasar Pemrograman Web Dinamis dengan Menggunakan PHP. Yogyakarta: ANDI.
Kaushik, M., & Ojha, G. (2014). Attack Penetration System for SQL Injection. International Journal of Advanced Computer Research, 4.
Kiviharju, M. (2013). Cryptographic Roles in the Age of Wikileaks. IEEE Military Communications Conference.
Lu, H., Hong, Y., Yang, Y., Duan, L., & Badar, N. (2015). Towards user-oriented RBAC model. Journal of Computer Security, 23.
Nugroho, B. (2004). Aplikasi Pemrograman Web Dinamis dengan PHP dan MySQL. Yogyakarta: Gava Media.
Qian, L., Zhu, Z., Hu, J., & Liu, S. (2015). Research of SQL Injection Attack and Prevention Technology. International Conference on Estimation, Detection and Information Fusion.
Sharma, C., & Jain, S. (2014). Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications. IEEE International Conference on Advance in Engineering & Technology Research, August 01-02.
Singh, P., & Kaur, K. (2015). Database Security Using Encryption. International Conference on Futuristic Trend in Computational Analysis and Knowledge Management.
