Representing database programs as objects
Advances in database programming languages
Domain specific embedded compilers
Proceedings of the 2nd conference on Domain-specific languages
ODBC 3.5 Developer's Guide
Writing Secure Code
Orthogonally persistent object systems
The VLDB Journal — The International Journal on Very Large Data Bases - Persistent object systems
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Preventing injection attacks with syntax embeddings
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Simple and safe SQL queries with c++ templates
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Computer Networks: The International Journal of Computer and Telecommunications Networking
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
Eliminating impedance mismatch in C++
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
Enforcing code security in database web applications using libraries and object models
LCSD '07 Proceedings of the 2007 Symposium on Library-Centric Software Design
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
ACM Transactions on Information and System Security (TISSEC)
Preventing injection attacks with syntax embeddings
Science of Computer Programming
Simple and safe SQL queries with C++ templates
Science of Computer Programming
Development of tools to manage embedded SQL
Proceedings of the 49th Annual Southeast Regional Conference
Model based hybrid approach to prevent SQL injection attacks in PHP
InfoSecHiComNet'11 Proceedings of the First international conference on Security aspects in information technology
Securing RFID systems from SQLIA
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part II
PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
Secure code generation for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
SQL injection attack mechanisms and prevention techniques
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
BTA: architecture for reusable business tier components with access control
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part III
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Most object oriented applications that involve persistent data interact with a relational database. The most common interaction mechanism is a call level interface (CLI) such as ODBC or JDBC. While there are many advantages to using a CLI -- expressive power and performance being two of the most key -- there are also drawbacks. Applications communicate through a CLI by constructing strings that contain SQL statements. These SQL statements are only checked for correctness at runtime, tend to be fragile and are vulnerable to SQL injection attacks. To solve these and other problems, we present the SQL DOM: a set of classes that are strongly-typed to a database schema. Instead of string manipulation, these classes are used to generate SQL statements. We show how to extract the SQL DOM automatically from an existing database schema, demonstrate its applicability to solve the mentioned problems, and evaluate its performance.