We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

What: We are developing a tool to track variables and their values in C programs as they change at runtime. Because of the low-level, unrestricted memory access the language allows, the challenge lies in collecting accurate information without disrupting the program’s execution. Our approach combines techniques from profiling with memory tracking to analyze dynamic allocation throughout the lifetime of a program.
Read the rest of this entry »

• 0 Comments

My theory is that once you have a customer viewing your action, shop or website, you need to hold on to them. In your Ebay auctions you need to have links to anywhere and everywhere to do with your items. Links to your shop, similar items you have for sale on Ebay, your About me page, and more. If it is an auction put a link to a similar item but make it Buy It Now. Some people are impatient and want it now. This sounds like a lot of links but be subtle.
Read the rest of this entry »

• 0 Comments

This document describes how to use Microsoft Visual Basic to quickly and easily create a graphical front-end for a CSIM19 simulation written in C. The example used in this document is a simple service center phone bank. The source for this example is included with this document. You will not be able to compile the source yourself unless you own the CSIM19 libraries. This document assumes that readers are reasonably familiar with CSIM19 and basically proficient in Microsoft Visual Basic and Microsoft Visual C++. Obviously the methods described here are also applicable in other development environments, as long as users know their preferred development tools well enough.
Read the rest of this entry »

• 0 Comments

SQLYog Enterprise Edition Version 6.55 Review
This software is one of the most popular GUI-based tools for MySQL. Most of the features of the software are geared to help the daily work of DBAs and developers. The software is rich in features and therefore this review will only highlight some of the cool capabilities.

Connection to Remote Servers
Most companies require you to use the ssh protocol to access their servers. While it is easy to setup your own ssh tunnel to connect to your remote database, it is quite cumbersome to do that. SQLYog allows you to easily do this and lets you save your secure MySQL connection. I use this all the time and I do not even think about ssh tunneling anymore.

On the downside, when I tried to connect to another database, the software opened a separate window for me. This made it difficult for me to switch from one window to another. This can be annoying if you want to compare two databases but it could also be a security measure so that you do not accidentally apply the wrong SQL statements to the wrong database.

Download pdf MySQL Magazine

• 0 Comments

Welcome to the third and final lesson for this tutorial. If you’ve gone through Lesson 1 and Lesson 2, you already know the essentials for installing and writing useful scripts with MySQL and PHP. We’re going to look at some useful PHP functions that should make your life a lot easier. First, let’s look at include files.
Read the rest of this entry »

• 0 Comments

Reflective programming is becoming popular due to the increasing set of dynamic services provided by execution environments like JVM and CLR. With custom attributes Microsoft introduced an extensible model of reflection for CLR: they can be used as additional decorations on element declarations. The same notion has been introduced in Java 1.5. The annotation model, both in Java and in C#, limits annotations to classes and class members. In this paper we describe C# a, an extension of the C# programming language, that allows programmers to annotate statements and code blocks and retrieve these annotations at run-time. We show how this extension can be reduced to the existing model. A set of operations on annotated code blocks to retrieve annotations and manipulate bytecode is introduced. We also discuss how to use C# to annotate programs giving hints on how to parallelize a sequential method and how it can be implemented by means of the abstractions provided by the run-time of the language. Finally, we show how our model for custom attributes has been realized.
Read the rest of this entry »

• 0 Comments

The brackets around objectowner indicate it is an optional argument. An object’s owner is determined at create-time, but it can be changed post-creation. The main goal of this section is to explain which owner is assigned when you omit this optional argument or when the object is created by a member of the fixed-server role sysadmin. The rules that dictate who the object owner is can be a little confusing until you understand fixed-server and fixed-database roles and the system-created user dbo.
Read the rest of this entry »

• 0 Comments