这种类型的攻击只可能在数据库或密码存储已经暴露的情况下进行。
This type of attack is only possible if the database or password store is already compromised.
攻击者将跟踪联机数据库等内容并试图获取以后会用到的有价值的信息——例如,信用卡或客户信息。
An attacker will go after content such as online databases with the intention of getting valuable information that can be used later-for example, credit card or customer information.
结构化查询语言(SQL)注入是专门针对数据库的攻击。
Structured Query Language (SQL) injections are attacks carried out against databases.
这样,在数据库记录里的第一个激活用户就被查到,返回这个结果,攻击者就登陆了。
And thus it found the first user in the database, returned it and logged him in.
例如,如果托管联机数据库应用程序或电子商务站点,则一定会成为攻击者的目标。
For example, if you host an online database application or e-commerce site, you can expect to be squarely in the sites of an attacker at some point.
如果条件合适,则这样的攻击所导致的损坏程度可能仅限于黑客的SQL语言知识程度和数据库配置。
Given the right conditions, the extent of damage caused by such an attack may be limited only by the extent of the hacker's knowledge of the SQL language and the database configuration.
MySQL的默认安装,特别是根密码空缺和缓冲区溢出的潜在漏洞,使得这个数据库服务器成为容易攻击的目标。
The default installation of MySQL, particularly the empty root password and the potential vulnerability to buffer overflow, makes the database server an easy target for attacks.
Evans称,由于它是自适应的,不需要攻击特征数据库,所以该技术很有吸引力。
The technique is attractive because it is adaptive and requires no attack signature database, Evans says.
SQLInjection攻击还可用于更改数据或损坏数据库。
SQL injection attacks can also be used to change data or damage the database.
使用用户输入的数据查询数据库的任何应用程序(包括Windows窗体应用程序)都是Injection攻击的潜在目标。
Any application that queries a database using user-entered data, including Windows Forms applications is a potential target of an injection attack.
SQLInjection攻击的基本原理如下:您创建一个网页,允许用户向文本框中输入文本,用于对数据库执行查询。
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database.
避免数据自动存入数据库(阻止SQL注入式攻击)。
Automatically escapes data saved to the database (to prevent SQL injection attacks).
最后是三个漏洞:一个是攻击MicrosoftWord的,一个是利用Microsoft's animated cursor vulnerability漏洞的,最后是利用Microsoft's SQL数据库引擎漏洞的Slammer worm蠕虫。
Three exploits followed: an attack on Microsoft Word, an exploit for Microsoft's animated cursor vulnerability and the Slammer worm, which exploited a flaw in Microsoft's SQL database engine.
上周在线交易公司TDAmeritradeHolding说,他的一个数据库被黑客攻击了,而且黑客已经掌握了许多TD的客户资料。
Last week Internet stock trading company TD Ameritrade Holding said that one of its databases had been hacked by a thief who obtained personal information on some of its customers.
但是,值得牢记的是,许多IPS嗅探器使用基于特征码的检测方法,这意味着当攻击被发现的时候才能被加入到数据库中。
Worth noting, however, is that many IPS sensors use signature-based detection, meaning that attacks are added to a database as they are discovered.
这些因素包括:42%的移动设备增长量、安装有不断增长的数据库以及复杂的操作系统,这些都为黑客们的攻击提供了条件。
These elements include growing mobile vulnerabilities, which increased 42 percent, a growing installed base, and sophisticated operating systems from which hackers can launch their attacks.
很容易使用上文SQL注入中所示的相同技巧来攻击之;数据存储区刚好是XML文件而不是实际的数据库。
They are both vulnerable to attack using the same techniques shown above with SQL injections; the data store just happens to be XML files instead of an actual database.
虽然我不能详细解释这种攻击是如何实施的,但如果您了解SQL 的话,就可以找到相关的答案。 如果您在Web服务器上驻留数据库的话,一定要了解这种攻击。
Although I can't get into the specifics of how to pull this type of attack off, you can look it up if you have SQL knowledge, which—if you're hosting database on your Web server—you should have.
恶意软件的一种常见攻击类型,所谓的缓冲区溢出攻击,会使接受输入的程序崩溃,如web浏览器的地址栏或数据库的搜索窗口。
One common type of malware, called a buffer overflow attack, overwhelms programs that accept input, like the address line in a Web browser or a search window for a database.
在这种攻击中,攻击者利用数据库或web页面的设计缺陷从数据库提取信息,甚至操纵数据库的信息。
In this attack, an attacker USES weaknesses in the design of the database or Web page to extract information or even manipulate information within the database.
DBA或者高权限账号被攻击者获取后,虽然攻击者能够得到数据库中的全部数据,但是由于敏感数据是被加密的,所以仍然不能获得明文。
DBA or high privilege account was acquired by the attacker, although the attacker can get all the data in the database, but because the sensitive data is encrypted, it still can not get plaintext.
由于敏感数据被加密,任何直接对数据库文件进行分析的攻击方式,都只能看到密文。
Because the sensitive data is encrypted, any direct attack on the database file analysis, can only see the ciphertext.
通过修改url,攻击者可以对数据库结构逆向开发,有可能找到用户姓名、口令甚至信用卡号。
By modifying the URL, attackers can reverse-engineer the database structure and potentially find users' names, passwords, or even credit card Numbers.
半结构数据库的标记算法因为在标记时考虑到各种可能的攻击方式,所以其标记有较好的鲁棒性。
The labeling algorithm for semi structure database is relatively robust because it takes almost all possible attacks into account.
本课题所研究的内容,是在开发一个具有网络查询录入功能的合成树脂产品数据库系统的基础上,研究如何在网络上保护该系统不被恶意攻击。
This thesis, on the basis of a synthesized resin product database system with functions of query and input from remote host, researches how to protect the system from hostile attacks.
实施的功能,减少的数目时重新启动更新的数据库,网络攻击或应用模块释放。
Implemented functionality decreasing the number of restarts when updated databases of network attacks or application modules are released.
不管是否加密,如果数据库捕获它为攻击者提供了一个源代码来验证自己的猜测的速度只有有限的硬件资源。
Whether encrypted or not, if the database is captured it provides an attacker with a source to verify his guesses at speeds limited only by his hardware resources.
这可用于防止试图破坏DHCP绑定数据库的攻击,并对进入交换机端口的DHCP流量限速。
This can be used to prevent attacks that attempt to poison the DHCP binding database, and to rate-limit the amount of DHCP traffic that enters a switch port.
分布式拒绝服务攻击并没有用来侵入后台数据库,这一攻击多用来阻止用户正常进入某些网页,或者阻止一些功能性服务的正常使用。
Although distributed denial of service attacks do not harm a database, they are generally carried out to prevent people having access to an Internet site or to prevent a service from functioning.
分布式拒绝服务攻击并没有用来侵入后台数据库,这一攻击多用来阻止用户正常进入某些网页,或者阻止一些功能性服务的正常使用。
Although distributed denial of service attacks do not harm a database, they are generally carried out to prevent people having access to an Internet site or to prevent a service from functioning.
应用推荐