Securing native XML database-driven web applications from XQuery injection vulnerabilities

Since the very beginning of query processing in database systems, cost-based query optimization has been the essential strategy for effectively answering complex queries on large documents. XML documents can be efficiently stored and processed using native XML database management systems. Even though such systems can choose from a huge repertoire of join operators (e. g., Structural Joins and Holistic Twig Joins) and various index access operators to efficiently evaluate queries on XML documents, the development of full-fledged XML query optimizers is still in its infancy. Especially the evaluation of complex XQuery expressions using these operators is not well understood and needs further research. The extensible, rule-based, and cost-based XML query optimization framework proposed in this chapter, serves as a testbed for exploring how and whether well-known concepts from relational query optimization (e. g., join reordering) can be reused and which new techniques can make a significant contribution to speed-up query execution. Using the best practices and an appropriate cost model that will be developed using this framework, it can be turned into a robust cost-based XML query optimizer in the future.

Download Full-text

IETM Database Design Based on Native XML Database Technology

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.971-973.1624 ◽

2014 ◽

Vol 971-973 ◽

pp. 1624-1627

Author(s):

Jun Zhang ◽

Jian Qiang Zhang ◽

Hong Yan Zhao

Keyword(s):

Design Method ◽

Great Influence ◽

Production Method ◽

Module Structure ◽

Information Control ◽

Xml Database ◽

Index Model ◽

Database Technology ◽

Native Xml Database ◽

Information Objects

Database is the foundation of making IETM, database structure has great influence to the TETM production method and use efficiency. Aiming at the defects when using relational database to process XML documents, According to the characteristics of IETM data module and information objects under S1000D standard, native XML database needed to meeting the conditions were analyzed, using a native XML database technology to structure IETM data Module and information set; and giving data module code, information objects, information control composition structure codes of the data module structure, gives the design method of IETM database storage and index model, which can effectively avoid the traditional the deficiency of IETM database support for XML technology.

Download Full-text

OrientX: An integrated, schema based native XML database system

Wuhan University Journal of Natural Sciences ◽

10.1007/bf02829235 ◽

2006 ◽

Vol 11 (5) ◽

pp. 1192-1196 ◽

Cited By ~ 4

Author(s):

Meng Xiaofeng ◽

Wang Xiaofeng ◽

Xie Min ◽

Zhang Xin ◽

Zhou Junfeng

Keyword(s):

Database System ◽

Xml Database ◽

Native Xml Database

Download Full-text

An integrative approach to query optimization in native XML database management systems

Proceedings of the Fourteenth International Database Engineering & Applications Symposium on - IDEAS '10 ◽

10.1145/1866480.1866491 ◽

2010 ◽

Cited By ~ 3

Author(s):

Andreas M. Weiner ◽

Theo Härder

Keyword(s):

Query Optimization ◽

Database Management ◽

Database Management Systems ◽

Management Systems ◽

Integrative Approach ◽

Xml Database ◽

Native Xml Database

Download Full-text

AN OPENEHR REPOSITORY BASED ON A NATIVE XML DATABASE

Proceedings of the International Conference on Health Informatics ◽

10.5220/0003784003860389 ◽

2012 ◽

Keyword(s):

Xml Database ◽

Native Xml Database

Download Full-text

The integration of XML databases and content management systems in digital editions

Proceedings of Balisage: The Markup Conference 2019 ◽

10.4242/balisagevol23.birnbaum01 ◽

2019 ◽

Cited By ~ 1

Author(s):

David J. Birnbaum ◽

Hugh Cayless ◽

Emmanuelle Morlock ◽

Leif-Jöran Olsson ◽

Joseph Wicentowski

Keyword(s):

Web Application ◽

Web Applications ◽

Content Management ◽

Management Systems ◽

Xml Database ◽

Xml Databases ◽

Digital Edition ◽

Advantages And Disadvantages ◽

Content Management Systems

We have identified four models for integrating digital edition content into eXist-db [eXist-db], which are, in increasing order of dependence on eXist-db itself: 1) using Apache [Apache] and PHP [PHP] to mediate between the user and eXist-db, so that eXist-db provides only XML database services, 2) a pure XQuery framework for building an eXist-db web application [Web applications], 3) the eXist-db HTML templating framework [HTML templating], and 4) TEI Publisher [TEI Publisher]. Our examination and comparison of these ways of conceptualizing and implementing the infrastructure for a digital edition reveals that each of them has advantages and disadvantages, primarily from the perspective of sustainability. These considerations apply to edition frameworks generally, and are therefore not specific to eXist-db, which has been used here as an example because of the number of editions that employ it and the variety of models it currently supports.

Download Full-text