Types and persistence in database programming languages
ACM Computing Surveys (CSUR)
Interfaces and specifications for the Smalltalk-80 collection classes
OOPSLA '92 conference proceedings on Object-oriented programming systems, languages, and applications
ACM SIGMOD Record
SQL/CLI—a new binding style for SQL
ACM SIGMOD Record
Making the future safe for the past: adding genericity to the Java programming language
Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Software—Practice & Experience
Domain specific embedded compilers
Proceedings of the 2nd conference on Domain-specific languages
A modal analysis of staged computation
Journal of the ACM (JACM)
Fully Integrated Data Environments: Persistent Programming Languages, Object Stores, and Programmingenvironments
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Extracting queries by static analysis of transparent persistence
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
Static checking of dynamically generated queries in database applications
ACM Transactions on Software Engineering and Methodology (TOSEM)
An improved component model for component based software engineering
ACM SIGSOFT Software Engineering Notes
Preventing injection attacks with syntax embeddings
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Simple and safe SQL queries with c++ templates
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Computer Networks: The International Journal of Computer and Telecommunications Networking
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
Interprocedural query extraction for transparent persistence
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Deep typechecking and refactoring
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Enforcing code security in database web applications using libraries and object models
LCSD '07 Proceedings of the 2007 Symposium on Library-Centric Software Design
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
ACM Transactions on Information and System Security (TISSEC)
Preventing injection attacks with syntax embeddings
Science of Computer Programming
Simple and safe SQL queries with C++ templates
Science of Computer Programming
The NOX framework: native language queries for business intelligence applications
DaWaK'10 Proceedings of the 12th international conference on Data warehousing and knowledge discovery
Compiler plugins can handle nested languages: AST-level expansion of LINQ queries for java
ICOODB'09 Proceedings of the Second international conference on Object databases
The NOX OLAP query model: from algebra to execution
DaWaK'11 Proceedings of the 13th international conference on Data warehousing and knowledge discovery
Model based hybrid approach to prevent SQL injection attacks in PHP
InfoSecHiComNet'11 Proceedings of the First international conference on Security aspects in information technology
PSIAQOP: preventing SQL injection attacks based on query optimization process
Proceedings of the Second Kuwait Conference on e-Services and e-Systems
ScalaQL: language-integrated database queries for scala
SLE'09 Proceedings of the Second international conference on Software Language Engineering
Efficient object querying for java
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
Automatic prefetching by traversal profiling in object persistence architectures
ECOOP'06 Proceedings of the 20th European conference on Object-Oriented Programming
JReq: database queries in imperative languages
CC'10/ETAPS'10 Proceedings of the 19th joint European conference on Theory and Practice of Software, international conference on Compiler Construction
BTA: architecture for reusable business tier components with access control
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part III
Green streams for data-intensive software
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
Developers of data-intensive applications are increasingly using persistence frameworks such as EJB, Hibernate and JDO to access relational data. These frameworks support both transparent persistence for individual objects and explicit queries to efficiently search large collections of objects. While transparent persistence is statically typed, explicit queries do not support static checking of types or syntax because queries are manipulated as strings and interpreted at runtime. This paper presents Safe Query Objects, a technique for representing queries as statically typed objects while still supporting remote execution by a database server. Safe query objects use object-relational mapping and reflective metaprogramming to translate query classes into traditional database queries. The model supports complex queries with joins, parameters, existentials, and dynamic criteria. A prototype implementation for JDO provides a type-safe interface to the full query functionality in the JDO 1.0 standard.