Preventing database schema extraction by error message handling

作者：

Highlights：

• A framework to prevent schema revealing via database error messages is proposed.

• Keyword based categorization approach determines the category of error messages.

• Errors are handled automatically based on their categories and defined policies.

• In error handling, sensitive parts of error messages are removed/modified/obfuscated.

摘要

Highlights•A framework to prevent schema revealing via database error messages is proposed.•Keyword based categorization approach determines the category of error messages.•Errors are handled automatically based on their categories and defined policies.•In error handling, sensitive parts of error messages are removed/modified/obfuscated.

论文关键词：Error handling,Database security,Database schema extraction,Error message modification

论文评审过程：Received 15 November 2014, Revised 16 September 2015, Accepted 29 September 2015, Available online 8 October 2015, Version of Record 27 October 2015.

论文官网地址：https://doi.org/10.1016/j.is.2015.09.010