XQuery Injection

2011 ◽  
Author(s):  
Eric van der Vlist
Keyword(s):  
Programming Languages ◽  
Bad News ◽  
Good News ◽  
Sql Injection ◽  
External Site ◽  
Rest Api

We all know (and worry) about SQL injection, but should we also worry about XQuery injection? With the power of extension functions and the implementation of XQuery update features, the answer is clearly yes! We will see how an attacker can send information to an external site or erase a collection through XQuery injection on a naive and unprotected application using the eXist-db REST API. That's the bad news... The good news is that it's quite easy to protect your application from XQuery injection after this word of warning. We'll discuss a number of simple techniques (literal string escaping, wrapping values into elements or moving them out of queries in HTTP parameters) and see how to implement them in different environments covering traditional programming languages, XSLT, XForms and pipeline languages.

Total Hip Arthroplasty: Good News, Bad News

2011 ◽  
Vol 10 (5) ◽  
pp. 58
Author(s):  
MARY ANN MOON
Keyword(s):  
Total Hip Arthroplasty ◽  
Hip Arthroplasty ◽  
Bad News ◽  
Good News ◽  
Total Hip

Do you want the good news or the bad news first?

2011 ◽  
Author(s):  
Angela Legg ◽  
Kate Sweeny
Keyword(s):  
Bad News ◽  
Good News

Total Hip Arthroplasty – Good News, Bad News

2011 ◽  
Vol 41 (8) ◽  
pp. 24
Author(s):  
MARY ANN MOON
Keyword(s):  
Total Hip Arthroplasty ◽  
Hip Arthroplasty ◽  
Bad News ◽  
Good News ◽  
Total Hip
Sign in / Sign up

Export Citation Format

Share Document