基于Web服务的网上报名系统设计与实现

华中科技大学硕士学位论文基于Web服务的网上报名系统设计与实现姓名：郭琦申请学位级别：硕士专业：计算机系统结构指导教师：肖道举20080609IWebWebWebWRSWebWebWebWebWebWRSWRSWRSWebWRSIIAbstractAsarevolutionarynetworktechnology,Webmakesthenetworkbepopularfromprerogative,andbecomemoreandmoreimportantforpeople’sworkandlife.Weblettheinformationreleasebecomeeasy.TheactiveWebbringsconveniencetopeople.So,designandcompleteaRegisterSystemforstudentsissignificanceandneeded.Basedontheanalysisofrequirement,thedesignprinciplesoftheWRSsystemareexplained,thesystemstructure,workprocessesandfunctionmodulesofthesystemaredescribed.TheidentityverificationoftheWRSsystem,includingthecontrolmethodpreventingthelawlessaccess,isdiscussed.ThemodelsandcontrolprojectoftheWRSsystemaredescribed,includingthedesignoftheregularexpressionwhichverifyingtheclientwords,thebasicfunctionofthedatabasepoolandthemethodprocessingthesuperabundantrequestwhichbasedonthetoken.ForthesecurityofWRSsystem,theissuesonwebsecurityareresearchedanddiscussed.ThesecurityprojecthasbeendesignedfortheWRSsystem,includingthepasswordencryption,datafiltration,validatedcodeanderrorcontrol.Intheencryptionfield,themodeofassemblethepasswordandthearithmeticofencryptionareparticulardiscussed.Inthedatafiltrationfield,theSQLinjectionhasbeendiscussedandresearched,theregularexpressionpreventingitaredesigned.Inthevalidatedcodefield,themethoddisturbingtheautoprogramidentifyarediscussed,thewayofgeneratingthevalidatedcodestringisdescribed.Finally,theerrorobjectsofthewholesystempossibleoccurringareanalyzed.Thesystemwe'vedesignedcansatisfytherequirementofthestudents,worksefficientlyatlotofrequestingcondition,andpreventtheattacks.TheWRSsystemisapractical,secure,expansibleWebapplicationsystem.KeyWords:RegisterthroughtheNetwork,IdentityVerification,DatabaseConnectionPool,ValidatedCode,DataFiltration,RegularExpression□_____□“√”111.1WebWebC/SWebWebWeb[1]Web[2]WebApacheIISWebWebWeb[3-4]WebWebWebWeb1.2Web1.2.1WebWebWeb2WebHTMLHTML[5]CGICGIHTTP[6]HTMLCGIPerlVisualBasicCGICGI[7]CGICGIApplet[8]AppletJavaAppletAppletJavaJavaJVMAppletAppletApplet“”JavaAppletAppletJavaSunServletServletJavaServletJavaAPIHTTPServletServletHTMLServletSunJSPJSPHTML*.htm*.htmlJavaJSPJSP[9]HTMLWebJSPHTML3ActiveXJSPASPPHPASPCGIWeb[10-11]ASPHTMLCOMASPPWSIISWebWebASPIIS[12]PHPJSPASPHTMLPHP1.2.2WebWeb20072836716%[13]OWASP2007WebWebWebDOS1.2.2.1Web1Web[14-15]WebWebWeb42Web[16]Web3SQLSQL[17]SQLSQLInjectionSQL[18-19]WebSQL4[20]5[21]1.2.2.2WebWeb[22]WebSQL5Web“[23]”Web1.31.3.1WRSWRSWRSWebWeb1.3.261.3.3123472Web2.1formHTML[24]form.../formnameactionmethodonsubmitnameformform1form2…actionURLmethodgetpostgetonsubmitreturnexam()exam()input.../inputinputtextareaselectbuttoninputtypetextpassword****checkboxradiohidden[25]imagesrc=...URLonfocusonblur8onselectonchangtextareaselectoption.../optionbuttontypebuttonsubmitresetbuttonsubmitformactionURLreset2.2IdentificationEntityAuthenticationIdentityVerification[26-27][28]/HTTP[29]92.3[30][31]CPU2.4[32]123SQL410[33][34-35]“”2.12.1112.5Hashxz=h(x)hHashy=Sigk(z)[36]HashHash[37]HashRabinHashMerkleHashN-HashMD5SHA2.6StephenKleene1956[38][39][40-41]\s\w\b\b\b\w1213\d{9}1391392.12.1/*+?{n}n{n}n{nm}nm2.22.2/\W\S\D\B[^x]x[^aeiou]aeioua[^]+a|Windows98|Windows2000|WindosXPWindows98Windows2000WindosXP(\d{1,3}){3}1-331312\11\b(\w+)\b\s+\1\bgogokittykitty(\b(\w+)\b)1(\s+)(\1)(?Word\w+)’(?'Word'\w+))\w+Word\kWord(?=exp)exp\b\w+(?=ing\b)ingingI'msingingwhileyou'redancing.singdanc(?=exp)exp(?=\bre)\w+\brerereadingabookading(?!exp)exp\d{3}(?!\d)\b((?!abc)\w)+\babc(?!exp)exp(?![a-z])\d{7}a.*babaababaabab?a.*?b14abaababaabab[42-43]DFANFADFANFA2.7WebWeb153WRSWRS3.13.1.1WRS3.1.21WRSWRS2163.1URL3.3.1.23.117343.21WRS2WRS34JSP+Tomcat+Oracle9.0i3.33.3.1WRS183.3.1.1MD53.23.2193.3.1.2URLcookiescookiecookieSessionSession3.33.3203.3.23.3.2.13.13.11616168--12864643232163218320***—******11128648664*****@***.****.***^\d{16}$\d\d{16}16^$^\d{16}$16^[\u4e00-\u9fa5]{2,6}$212-64e00-9fa5Unicode^19d{2}-((0([1-9]{1})|(1[0|1|2]))-(([0-2]([1-9]{1}))|(3[0|1]))$19d{2}419((0([1-9]{1}))|(1[0|1|2]))0*1-910-12|(([0-2]([1-9]{1}))|(3[0|1]))01-2930-311989-01-01^[\u4e00-\u9fa5]{1,64}$^[\u4e00-\u9fa5]{1,32}$^[\u4e00-\u9fa5]{1,16}$^[\u4e00-\u9fa5]{1,64}$^\d{18}$187-14-11^0\d{2}[-]?\d{8})|0\d{3}[-]?\d{7})$3847^1[3-9]\d{9}$1113-9^[^0]\d{5}$0^\w+@\w+(\.\w+)+$****@***.******.***223.3.2.2WRSWebWRS123.434233.453.5null3.52463.3.2.3“”TokenTokenTokenTokenSessionTokenTokenTokenTokenTokenTokenTokenSessionIDMD5128Token3.625TokenSessionTokenSessionTokensessionIDTokenTokenTokenSession3.6Token3.3.33.3.3.1/MD5111111MD5MD5MD526MD5MD5MD5MD53.3.3.2WRSSQLSelect*fromwhere=‘’and=‘’;SQL“”00100215’;--and00100215’and1=1;--Select*fromwhere=‘00100215’;--’and=‘’;Select*fromwhere=‘00100215’and1=1;--’and=‘’;“”“”00100215’or’a’=’aSelect*fromwhere=‘00100215’or‘a’=‘a’and=‘’;or“”00100215“”’or21;--Select*fromwhere=‘’or1=1;--’and=‘’;or“”27‘--’SQL“”“”“”“”“’”“;”“--”\w*((\%27)|(\’))\w*(\;)(\-\-)(3.1)or“”or1=121“or”ororor\w*((\%27)|(\’))\w*(((\%6F)|o|(\%4F))((\%72)|r|(\%52))\w*)+\w*(3.2)or“”“”oror\w*((\%27)|(\’))\w*(((\%6F)