Als Bestandteil der Informatik-Lehre werden für die Programmierausbildung vermehrt Methoden der automatisierten Programmbewertung eingesetzt. Für die Programmiersprachen Java und SQL stehen hierfür an der Hochschule Hannover die Werkzeuge „Graja“ und „aSQLg“ zur Verfügung. In einer Evaluationsstudie wurde ermittelt, inwieweit diese beiden Werkzeuge Studierende und Dozenten unterstützen und wo d...

SQL injection is a type of attack which the attacker adds Structured Query Language code to a web form input box to gain access or make changes to data. SQL injection vulnerability allows an attacker to flow commands directly to a web application's underlying database and destroy functionality or confidentiality. Researchers have proposed different tools to detect and prevent this vulnerability...

SQL injection is a type of attack which the attacker adds Structured Query Language code to a web form input box to gain access or make changes to data. SQL injection vulnerability allows an attacker to flow commands directly to a web application's underlying database and destroy functionality or confidentiality. Researchers have proposed different tools to detect and prevent this vulnerability...

This article describes how the performance of certain Prolog programs can be improved by storing large lists of facts in an SQL database rather than as Prolog facts. In experiments that will be described, the speed improvements ranged from negligible to a factor of over 200. This improvement comes about because SQL servers are strongly optimized for searching large, flat tables. However, modern...

The paper begins by identifying the organizations which are vulnerable to the SQL attack referred to as an SQL injection attack (SQLIA). The term “SQL injection attack” is defined and a diagram (Fig.1) is used to illustrate the way that attack occurs. In another section, the paper identifies the methods used to detect an attack to SQL, whereby the techniques are discussed extensively using rele...

Data mining is becoming increasingly important since the size of databases grows even larger and the need to explore hidden rules from the databases becomes widely recognized. Currently database systems are dominated by relational database and the ability to perform data mining using standard SQL queries will de nitely ease implementation of data mining. However the performance of SQL based dat...

The SQL standard specifies authorization via a large set of rather opaque rules, which are difficult to understand and dangerous to change. To make the model easier to work with, we formalize the implicit principles behind SQL authorization. We then discuss two extensions, for explicit metadata privileges and general privilege inference on derived objects. Although these are quite simple and ea...

The lion's share of datalog features have been incorporated into the SQL3 standard proposal. However, most SQL manuals still recommend to implement user-de ned conditions for data integrity nondeclaratively, by triggers or stored procedures. We describe how to implement known declarative database technology for integrity checking in SQL databases. We show how to represent and evaluate arbitrari...