Many software systems include a web-based element that makes them available to the public via the internet and can expose them to a variety of web-based attacks. One of these attacks is SQL injection which can give attackers illegal access to the databases. This paper presents a way to prevent web applications against SQL injection. Pattern matching is a system that can be used to distinguish o...

Relational data query always plays an important role in data analysis. But how to scale out the traditional SQL query system is a challenging problem. In this paper, we introduce a fast, high throughput and scalable system to perform read-only SQL well with the advantage of NoSQL’s distributed architecture. We adopt HBase as the storage layer and design a distributed query engine (DQE) collabor...

SQL:2007, die sich momentan noch in Entwicklung befindende nächste Version der SQLNorm, erweitert den aus SQL:2003 bekannten SQL-Datentyp ” XML“. Als Instanzen dieses Datentyps sind nun auch komplette XQuery-Sequenzen erlaubt. Infolgedessen können SQL:2007-Anfrageergebnisse vollständige XQuery-Sequenzen als Attributwerte besitzen. Damit stellt sich die Frage, wie XQuery-Sequenzen, die im Anfrag...

Within the big data tsunami, relational databases and SQL are still there and remain mandatory in most of cases for accessing data. On the one hand, SQL is easy-to-use by non specialists and allows to identify pertinent initial data at the very beginning of the data exploration process. On the other hand, it is not always so easy to formulate SQL queries: nowadays, it is more and more frequent ...

We present an extension of the declarative programming language Curry to support the access to data stored in relational databases via SQL. Since Curry is statically typed, our emphasis on this SQL integration is on type safety. Our extension respects the type system of Curry so that run-time errors due to ill-typed data are avoided. This is obtained by preprocessing SQL statements at compile t...

SQL statements control the bi-directional data flow between application programs and a database through a high-level, declarative and semantically rich data manipulation language. Analyzing these statements brings invaluable information that can be used in such applications as program understanding, database reverse engineering, intrusion detection, program behaviour analysis, program refactori...

The relational model is the basis for most modern databases, while SQL is the most commonly used query language. However, there are data structures and computational problems that cannot be expressed using SQL-92 queries. Among them are those concerned with the bill-of-material and corporate hierarchies. A newer standard, called the SQL-99, introduced recursive queries which can be used to solv...

SQL technology has evolved during last years, and systems are being more powerful and scalable. However, there exist yet some expressiveness limitations that can be otherwise overcome with inputs from deductive databases. This paper focuses on both practical and theoretical expressiveness issues in current SQL implementations that are overcome in the Datalog Educational System (DES), a deductiv...

A wide range of database applications manage timevarying data, and it is well-known that querying and correctly updating time-varying data is dificult and error-prone when using standard SQL. Temporal extensions of SQL ofSeer substantial benefits over SQL when managing time-varying data. The topic of this paper is the effective implementation of temporally extended SQL’s. Traditionally, it has ...

sql injection attacks involve the construction of application input data that will result in the execution of malicious sql statements. Many web applications are prone to sql injection attacks. This paper proposes a novel method for preventing this kind of attacks by placing a database driver proxy between the application and its underlying relational database management system. To detect an at...