Using parse tree validation to prevent SQL injection attacks

An SQL injection attack targets interactive web applications that employ database services. Such applications accept user input, such as form fields, and then include this input in database requests, typically SQL statements. In SQL injection, the attacker provides user input that results in a different database request than was intended by the application programmer. That is, the interpretation of the user input as part of a larger SQL statement, results in an SQL statement of a different form than originally intended. We describe a technique to prevent this kind of manipulation and hence eliminate SQL injection vulnerabilities. The technique is based on comparing, at run time, the parse tree of the SQL statement before inclusion of user input with that resulting after inclusion of input. Our solution is efficient, adding about 3 ms overhead to database query costs. In addition, it is easily adopted by application programmers, having the same syntactic structure as current popular record set retrieval methods. For empirical analysis, we provide a case study of our solution in J2EE. We implement our solution in a simple static Java class, and show its effectiveness and scalability. 1

Preparation of nano-hydroxyapatite/chitosan aqueous dispersions: from lab scale to continuous production using an innovative static mixer

Chitosan is widely used in the preparation of organic-inorganic composite materials, such as n-HAp/CS composites, which findapplication for bone regeneration. The methods for their preparation are various, and usually based on the preparation of intermediate n-HAp/CS dispersions, which can greatly influence the final properties of the resulting composites since it is expected that homogenous and stable dispersions lead to composite materials with improved final properties. This work hypothesizes that, additionally to process parameters such as pH, n-HAp/CS weight ratio, mixing conditions and the presence of salts, chitosan itself has a high impact on dispersions stability. Thus, the importance of properly control the preparation of the n-HAp/CS intermediate dispersions is highlighted by doing a systematic study where relevant processing parameters were studied at lab scale using ultrasonication, alone or in the presence of chitosan, namely on particle size and zeta potential. Furthermore, and based on the best laboratorial conditions, the production of n-HAp/CS nanocomposite dispersions in continuous mode was attempted through NETmix® technology,an innovative static mixer and reactor developed at the Associate Laboratory LSRE-LCM of the Faculty of Engineering of the University of Porto(FEUP).Financial support for this work was provided in part by project Project POCI-01-0145-FEDER-006984 – Associate Laboratory LSRELCM funded by FEDER through COMPETE2020 - Programa Operacional Competitividade e Internacionalização (POCI) – and by national funds through FCT - Fundação para a Ciência e a Tecnologia, and by “AIProcMat@N2020 - Advanced Industrial Processes and Materials for a Sustainable Northern Region of Portugal 2020”, with reference NORTE-01-0145-FEDER-000006, supported by NORTE 2020 under the Portugal 2020 Partnership Agreement, through the European Regional Development Fund (ERDF). FCT and FEDER under Programme PT2020 for financial support to CIMO (UID/AGR/00690/2013). G. Ruphuy thanks Universidad de Costa Rica (UCR) and Ministerio de Ciencia, Tecnología y Telecomunicaciones de Costa Rica (MICITT) for her scholarship. Authors thank Fluidinova S.A. for providing the HAp samples.info:eu-repo/semantics/publishedVersio

Integrating accessibility and functional requirements

Initial research on Web accessibility was focused on testing completed Web pages. More recently, the focus is moving to integrating accessibility features into coding tools such as Dreamweaver 8 and plugins notably LIFT. Thus accessibility is being considered slightly earlier in the development process. However, the state of Web accessibility is still disappointing even on websites that have followed the guidelines and or used evaluation and coding tools. We are proposing an approach to start considering accessibility much earlier. Our purpose is to address accessibility in the context of what is to be done and who will be participating. In this paper, we present views of Web developers about this approach. We then show (using a case study) how Web developers can elicit accessibility requirements alongside functional requirements and integrate the two to obtain conceptual models with explicit traces of accessibility requirements integrated with functional requirements. Finally we discuss lessons learnt from the case study and common benefits of the approach for Web accessibility and Web projects

A framework for filtering web accessibility guidelines

This paper first presents a framework for filtering the Web Accessibility Guidelines according to contexts of use. It then presents a prototype that implements the framework and explains an evaluation of the prototype

Comparison of the finite volume and discontinuous Galerkin schemes for the double vortex pairing problem using the SU2 software suite

A numerical investigation of finite volume (FV) and discontinuous Galerkin (DG) finite element methods in the framework of the SU2 software is presented. The accuracy of different numerical variants is assessed with reference to the low Mach double vortex pairing flow problem, which has recently been proposed as a benchmark for studying the properties of structured and unstructured grid based methods with respect to turbulent-like vortices. The present study reveals that low-Mach corrections significantly improve the accuracy of second- and third-order, unstructured grid based schemes, at flow speeds in the incompressible limit. Furthermore, the 3rd-order DG method produces results similar to 11th-order accurate FV volume schemes

Types and Priorities of Multi-Agent System Interactions

Multi-Agent Systems may be classified as containing No Direct Interactions, Simple Interactions or Complex, Conditional Interactions between agents. This paper argues and illustrates that models with simple interactions, even though possibly less fascinating for the Multi-agent system theorists than complex interaction models are, deserve more attention in the Multi-agent system community. Simple interaction models may contain social learning and reciprocal relationships. Maybe most importantly, Simple interaction models enable cross-scale connections by linking local to global actors in their local and global ‘life worlds’

Genetic risk factors for clozapine-induced neutropenia and agranulocytosis in a Dutch psychiatric population

Personalised Therapeutic

The Detonation Mechanism of the Pulsationally-Assisted Gravitationally-Confined Detonation Model of Type Ia Supernovae

We describe the detonation mechanism comprising the "Pulsationally Assisted" Gravitationally Confined Detonation (GCD) model of Type Ia supernovae SNe Ia. This model is analogous to the previous GCD model reported in Jordan et al.(2008); however, the chosen initial conditions produce a substantively different detonation mechanism, resulting from a larger energy release during the deflagration phase. The resulting final kinetic energy and nickel-56 yields conform better to observational values than is the case for the "classical" GCD models. In the present class of models, the ignition of a deflagration phase leads to a rising, burning plume of ash. The ash breaks out of the surface of the white dwarf, flows laterally around the star, and converges on the collision region at the antipodal point from where it broke out. The amount of energy released during the deflagration phase is enough to cause the star to rapidly expand, so that when the ash reaches the antipodal point, the surface density is too low to initiate a detonation. Instead, as the ash flows into the collision region (while mixing with surface fuel), the star reaches its maximally expanded state and then contracts. The stellar contraction acts to increase the density of the star, including the density in the collision region. This both raises the temperature and density of the fuel-ash mixture in the collision region and ultimately leads to thermodynamic conditions that are necessary for the Zel'dovich gradient mechanism to produce a detonation. We demonstrate feasibility of this scenario with three 3-dimensional (3D), full star simulations of this model using the FLASH code. We characterized the simulations by the energy released during the deflagration phase, which ranged from 38% to 78% of the white dwarf's binding energy. We show that the necessary conditions for detonation are achieved in all three of the models.Comment: 22 pages, 8 figures; Ap