Showing papers on "Streaming XML published in 2020"
3 Sep 2020
TL;DR: This paper proposes PXpathV, a runtime approach to detect and prevent XPath injection attacks in web applications by intercepting and parsing XPath expressions, identifying malicious inputs, and validating XML files through a schema to ensure secure data retrieval.
Abstract: Generally, most Web applications use relational databases to store and retrieve information. But, the growing acceptance of XML technologies for documents it is logical that security should be integrated with XML solutions. In a web application, an improper user inputs is a main cause for a wide variety of attacks. XML Path or XPath language is used for querying information from the nodes of an XML document. XPath Injection is an attack technique, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code directly into the XPath query evaluation engine. Through the crafted input a malicious user would bypass authentication or to access restricted data from the XML data source.Hence, we proposed an approach to detect XPath injection attack in XML databases at runtime. Our approach intercept XPath expression and parse the XQuery expression to find the inputs to be placed in the expression. The identified inputs are used to design an XML file and it would be validated through a schema.
3 Jul 2020
TL;DR: This paper presents and compares XML parsers with and without data mapping for Haskell, finding a best-performing parser that rivals top tools in other languages, offering usability and performance for large-scale data analysis.
Abstract: The paper presents and compares a range of parsers with
and without data mapping for conversion between XML and Haskell.
The best performing parser competes favorably with the fastest tools
available in other languages and is, thus, suitable for use in large-scale
data analysis. The best performing parser also allows software develop-
ers of intermediate-level Haskell programming skills to start processing
large numbers of XML documents soon after finding the relevant XML
Schema from a simple internet search, without the need for specialist
prior knowledge or skills. We hope that this unique combination of parser
performance and usability will provide a new standard for XML mapping
to high-level languages.
and without data mapping for conversion between XML and Haskell.
The best performing parser competes favorably with the fastest tools
available in other languages and is, thus, suitable for use in large-scale
data analysis. The best performing parser also allows software develop-
ers of intermediate-level Haskell programming skills to start processing
large numbers of XML documents soon after finding the relevant XML
Schema from a simple internet search, without the need for specialist
prior knowledge or skills. We hope that this unique combination of parser
performance and usability will provide a new standard for XML mapping
to high-level languages.