English  |  正體中文  |  简体中文  |  Items with full text/Total items : 2737/2828
Visitors : 344451      Online Users : 39
RC Version 4.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Adv. Search
LoginUploadHelpAboutAdminister

Please use this identifier to cite or link to this item: http://ir.lib.stu.edu.tw:80/ir/handle/310903100/2923

Title: 醫療評鑑文件管理系統開發之安全性機制研究
The Study of Security Solution For Developing Medical Evaluation Document Management System
Authors: 林益齊
Yi-Chi Lin
Contributors: 資訊工程系碩士班
黃勇仁
Keywords: C#程式語言;網站安全性;OWASP;AES;SHA;規則運算式
C# programming language;Site Security;OWASP;AES;SHA;Regular Expression
Date: 2012
Issue Date: 2012-11-13 16:53:06 (UTC+8)
Publisher: 高雄市:[樹德科技大學資訊工程系碩士班]
Abstract: 本研究使用C#程式語言,結合.Net Framework 4.0平台,開發醫療評鑑文件管理系統,研究範圍專注在網站安全性的機制設計,探討OWASP Top 10 網站安全十大風險及其因應對策,在Web應用程式設計上著力,做主動式之防護,諸如:電子資料之保護,防止跨目錄存取、XSS(跨站腳本攻擊)、SQL Injection(資料隱碼攻擊)、指令插入攻擊,與杜絕網頁威脅等課題。主要希望所建置的系統能夠防止駭客入侵網站、植入木馬程式、控制網頁、窺探文件檔案與竊取機密資料、或破壞系統,進而提高系統平台之安全性,保障資訊資產。

在系統建置上,資料庫連線資訊使用AES256與SHA512金鑰混合(Key Mixing)加密法,確保資料庫連線資訊的保密性;文件檔案亦使用AES256與SHA512金鑰混合(Key Mixing)加密法做加密,並且上傳至資料庫做儲存,可增加安全性;使用Regular Expression(規則運算式)編碼,過濾掉使用者輸入不安全的HTML標籤,以防止SQL Injection(資料隱碼攻擊)…等,各項實作結果,皆符合達成高安全性之Web系統功能之目的。

透過本研究之安全性機制設計,可以有效阻絕駭客對系統之攻擊,防止間諜窺探文件檔案與竊取機密資料、或破壞系統…等之資安事件的發生,確保文件檔案之有效性、完整性及可靠性,進而保障資訊資產及資訊安全。
In this thesis, we use the C# programming language and the .Net Framework 4.0 Platform to develop medical-evaluating document-management system. This scope of our study is focus on the mechanisms of the site security, discussions of OWASP Top 10 risks of site security and responses strategies. We concentrate our attention on web-application design and active protection, such as Electronic Data protection, Cross-Directory Access SQL Injection data injection attacks, command injection attacks, and avoidance of web-threat and so on. The aim of this thesis is to build a system which can prevents hacking from websites, Trojan Horses, controlling pages, snooping files and stealing confidential information and further damaging the system. Thus, the security of the system platform can be improved so as to protect information assets.

In the setting of our system, we combine AES256 and SHA512 algorithms in information encryption of database connection to ensure the confidentiality. When we upload and store the files in the database, the crypto algorithms (combination of AES 256-bit Encryption and SHA-512 Hashing) is used to encrypt the document files for increasing security. The Regular Expression coding is used to filter out unsafe HTML tags form inputs, prevent SQL Injection attacks, etc. In the implementation results, our system achieves web functions with high security.

By the implementation of our configuration, systems could effectively avoid information security incidents and prevent hacker attacks and spies to steal document files and information. And we ensure the availability, integrity and reliability of uploading and storage of the document files, and guarantee information assets and information security.
Appears in Collections:[資訊工程系(所) ] 博碩士論文

Files in This Item:

File Description SizeFormat
index.html0KbHTML318View/Open
stu-101-s99739104-1.pdf全文9577KbAdobe PDF323View/Open


All items in STUAIR are protected by copyright, with all rights reserved.

 


無標題文件

著作權政策宣告:

1.

本網站之數位內容為樹德科技大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
 
2. 本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本校護人員(clairhsu@stu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
 
DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback