We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

This guide provides an overview of Yahoo! Query Language (YQL) along with information on how to use YQL to retrieve data from Yahoo! Social Directory, MyBlogLog, and data from other Yahoo! Web services. YQL also allows you to retrieve data from external sources such as the New York Times as well as feeds such as RSS and Atom. This guide is intended for software developers who are familiar with SQL, MySQL, or Yahoo! Pipes.
Read the rest of this entry »

• 0 Comments

All of the tutorials we’ve examined so far have used a tiered architecture consisting of presentation, Business Logic, and Data Access layers. The Data Access Layer (DAL) was crafted in the first tutorial (Creating a Data Access Layer) and the Business Logic Layer in the second (Creating a Business Logic Layer). Starting with the Displaying Data With the ObjectDataSource tutorial, we saw how to use ASP.NET 2.0’s new ObjectDataSource control to declaratively interface with the architecture from the presentation layer.
Read the rest of this entry »

• 0 Comments