We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

During the past five years, many dramatic changes have occurred on the Web. New services have been announced, new interfaces have been developed and the Web is approaching to be the new platform for many applications. Wikis, RSS feeds, Blogs to name just a few, are dubs of new Web applications (also know as Web 2.0) that sighted people are experimenting and enjoying nowadays. However, the question we want to address is: How these new applications and changes are going to affect on how visually impaired people access them? This paper aims to provide information about the tools, services, projects, and research that are taking place nowadays on the Web and the Semantic Web to make the Web more accessible for visually impaired people. Also, the authors will present a pilot experiment to check the accessibility of some Web 2.0 services.
Read the rest of this entry »

• 0 Comments

Everybody who wants to install a web server database but does not know which software is necessary and how it is installed should benefit from reading this text. This text provides all information necessary to get a SQL database for a web server going; it does not go into any detail of CGI programming, nor does it explain the SQL database language. Excellent books are available on both topics, and it is the intention of this text to provide a working platform based on which a user can then study CGI programming and SQL. For getting a small scale SQL system running (not the notorious example of a major airline booking system, or space mission management database) it will be sufficient to have the software described in this text and the documentation accompanying it. The user manual of msql (a database introduced in this text) provides sufficient information on SQL for building your own database.
Read the rest of this entry »

• 0 Comments

This document will take you through the steps install the FusionReactor JDBC Driver Wrapper, and provide you with a few examples of how it can be used. The intention of the Wrapper is to provide a thin layer between J2EE applications and JDBC-accessible databases, in order to intercept and observe the interaction between them.
Read the rest of this entry »

• 0 Comments

MySQL is a Relational Database Management System. A relational database adds speed and flexibility, by storing data in separate tables rather than putting all the data in one area. These tables are linked by defined relations making it possible to combine data fromseveral tables upon request. Using a RDMS means it is possible to add, access, and process the data stored in your database. ‘SQL’ stands for “Structured Query Language” - the most common standardised language used to access databases. MySQL is Open Source software and is freely available at www.mysql.com. Open Source software means that the source code can easily be manipulated and modified by anyone. It is very simple to use.
Read the rest of this entry »

• 0 Comments