Title :
SQL DOM: compile time checking of dynamic SQL statements
Author :
McClure, Russell A. ; Krüger, Ingolf H.
Author_Institution :
Dept. of Comput. Sci. & Eng., California Univ., La Jolla, CA, USA
Abstract :
Most object oriented applications that involve persistent data interact with a relational database. The most common interaction mechanism is a call level interface (CLI) such as ODBC or JDBC. While there are many advantages to using a CLI - expressive power and performance being two of the most key - there are also drawbacks. Applications communicate through a CLI by constructing strings that contain SQL statements. These SQL statements are only checked for correctness at runtime, tend to be fragile and are vulnerable to SQL injection attacks. To solve these and other problems, we present the SQL DOM: a set of classes that are strongly-typed to a database schema. Instead of string manipulation, these classes are used to generate SQL statements. We show how to extract the SQL DOM automatically from an existing database schema, demonstrate its applicability to solve the mentioned problems, and evaluate its performance.
Keywords :
SQL; data flow analysis; object-oriented programming; program compilers; relational databases; SQL DOM; compile time checking; dynamic SQL statements; impedance mismatch; object oriented applications; relational database; strongly-typed classes; Computer science; Data security; Engines; Impedance; Object oriented databases; Permission; Relational databases; Runtime; Software engineering; Utility programs;
Conference_Titel :
Software Engineering, 2005. ICSE 2005. Proceedings. 27th International Conference on
Print_ISBN :
1-59593-963-2
DOI :
10.1109/ICSE.2005.1553551
