KudoZ home » English to Chinese » Computers: Software

SQL injection

Chinese translation: 建议

Advertisement

Login or register (free and only takes a few minutes) to participate in this question.

You will also have access to many other tools and opportunities designed for those who have language-related jobs
(or are passionate about them). Participation is free and the site has a strict confidentiality policy.
01:33 Aug 9, 2004
English to Chinese translations [PRO]
Tech/Engineering - Computers: Software
English term or phrase: SQL injection
Via an SQL injection attack, an attacker gives himself full access privileges, which means that your customer database is open to compromise, among other things. The attacker could steal names, alter pricing or stock orders, and make off before you can say “SQL injection attack!”
有没有专业译名?
clearwater
China
Local time: 18:11
Chinese translation:建议
Explanation:
网上有好几种叫法:
SQL注入
SQL插入
SQL入侵

个人认为SQL注入比较符合英文原意。
Selected response from:

Lu Zou
Australia
Local time: 20:11
Grading comment
谢谢!
试译:SQL指令植入式(攻击)
2 KudoZ points were awarded for this answer

Advertisement


Summary of answers provided
4建议
Lu Zou
3流量注入攻击法
Chinoise


  

Answers


7 mins   confidence: Answerer confidence 4/5Answerer confidence 4/5
sql injection
建议


Explanation:
网上有好几种叫法:
SQL注入
SQL插入
SQL入侵

个人认为SQL注入比较符合英文原意。



    Reference: http://www.enet.com.cn/eschool/inforcenter/A20040621318657.h...
Lu Zou
Australia
Local time: 20:11
Native speaker of: Native in ChineseChinese
PRO pts in category: 380
Grading comment
谢谢!
试译:SQL指令植入式(攻击)
Login to enter a peer comment (or grade)

9 mins   confidence: Answerer confidence 3/5Answerer confidence 3/5
流量注入攻击法


Explanation:
流量注入攻击法

--------------------------------------------------
Note added at 2004-08-09 01:44:59 (GMT)
--------------------------------------------------

Or \"資料隱碼攻擊\"
http://www.im.ncnu.edu.tw/~ycchen/XMLWebSecurity.pdf.

--------------------------------------------------
Note added at 2004-08-09 01:48:16 (GMT)
--------------------------------------------------

为什么你不应该这么做?嗯,除了糟糕的设计考虑,你已经将自己暴露于潜在的SQL流量注入攻击(SQL injection attack)之下。有了数据访问应用程序块,我就不再需要再次连接SQL字符串了,所以让我们就不这么做吧。


網路系統安全設計及管理有缺失,如:未設計資料庫查詢參數過濾器(Query Parameter Filter)及介面查詢程式過濾器(CGI Program Filter),導致駭客利用資料隱碼攻擊(SQL Injection)夾帶程式竊取資料庫資料;對於資料庫未設定適當之存取權限,未建立嚴謹之網路銀行所有程式及網頁之換版程序;或委外開發維護之系統遭電腦廠商程式人員夾帶程式不當顯示資料原始碼,造成資料外洩;任意下載系統漏洞修補程式而遭入侵;對網路銀行主機、防火牆、資料庫主機及中心主機所形成之網路與銀行內部網路(Intranet)未作區隔,導致歹徒利用預先隱藏特定網頁或功能,入侵中心主機存取資料。

--------------------------------------------------
Note added at 2004-08-09 03:31:17 (GMT)
--------------------------------------------------

1 什么是SQL Injection
1.1 SQL Injection简单介绍
SQL Injection可以说成是一种恶意的将SQL代码传递到应用程序的过程.可以举一个例子来说明这个问题.

下面的SQL语句是用来实现用户登录的:

string StrSQL=\"SELECT UserID FROM LG_User WHERE Username=\'\"+txtUsername.Text+\"\' and Password=\'\"+txtPassword.Text+\"\'\";

可能你觉得上面的代码没有什么问题,但是我们如果构造一个特殊的输入又会怎么样呢.在txtUsername这个文本框中输入awen’ or 1=1 --这样就得到了如下的SQL查询语句:

SELECT UserID FROM LG_User WHERE Username = \'awen’ or 1=1 -- \'

两个连字符(--)是MS SQL Server的注释标记.这样就忽略了后面的验证密码的语句,也就跳过了密码验证的步骤.

实际上,SQL Injection的具体方法还有很多,在这里也就不一一详细说明了,你可以查看那isno写的《SQL injection攻击技术》.




    Reference: http://www00.zdnet.com.cn:88/developer/tech/story/0,20000816...
Chinoise
Local time: 07:11
Native speaker of: Native in ChineseChinese
PRO pts in category: 107
Login to enter a peer comment (or grade)




Return to KudoZ list


KudoZ™ translation help
The KudoZ network provides a framework for translators and others to assist each other with translations or explanations of terms and short phrases.



See also:



Term search
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search