scispace - formally typeset
Search or ask a question
Author

A. Roy-Chowdhury

Bio: A. Roy-Chowdhury is an academic researcher. The author has contributed to research in topics: Web server & Web API. The author has an hindex of 1, co-authored 1 publications receiving 15 citations.
Topics: Web server, Web API, Web modeling, Data Web, Web page

Papers
More filters
Journal ArticleDOI
TL;DR: This paper surveys several solutions that have been developed to access existing business data through the Web and discusses the details of two solutions developed at IBM: DB2(R) (DATABASE 2(TM)) World Wide Web Connection and Net.Data(TM).
Abstract: The World Wide Web has experienced phenomenal growth over the last few years. Although, at ifs inception, Web technology was primarily used to retrieve information stored in static documents, important current uses of the Web include retrieval of dynamically changing information and the conducting of business transactions. Such uses of the Web result in access to dynamically changing data on or through Web servers, usually stored in a database. Huge volumes of business data exist on mainframes and other mature platforms that cannot be moved to client/server or workstation-based platforms, due to cost or performance issues. Providing Web access to these legacy data, therefore, is of great commercial interest to businesses. In this paper, we survey several solutions that have been developed to access existing business data through the Web. We discuss the details of two solutions developed at IBM: DB2(R) (DATABASE 2(TM)) World Wide Web Connection and Net.Data(TM). Each of these is a pure middleware approach as opposed to approaches that are integrated with either the Web server or the database management system, which accounts for their flexibility and power.

15 citations


Cited by
More filters
Patent
26 May 2003
TL;DR: In this article, a method and system for creating, implementation, and use of computer-generated smart documents to which functionality is attached for providing contextually sensitive tools, controls and help content to users of those documents.
Abstract: A method and system are provided for creation, implementation, and use of computer-generated “smart” documents to which functionality is attached for providing contextually sensitive tools, controls and help content to users of those documents. Portions of documents are annotated with Extensible Markup Language (XML) tags and structure so that when a user enters those portions, such as by placing a computer cursor in those portions, the user is provided contextually sensitive tools, controls and/or help content. A document tools pane may open on the user's computer screen adjacent to the document being edited for providing the document tools, controls or help content related to the context of the text or data in which the cursor is located. If the user moves the cursor to another portion of the document, the user may obtain information associated with the context of the new portion of the document in which the cursor is located.

66 citations

Patent
Roger Wolff1, Tuan Huynh1, Nobuya Higashiyama1, Ziyi Wang1, Jeff Reynar1, Michael Ammerlaan1 
06 Jun 2000
TL;DR: In this paper, a method for recognizing strings and annotating, or labeling, the strings with a type label is presented, and action plug-ins provide possible actions based upon the type label associated with the string.
Abstract: A method for recognizing strings and annotating, or labeling, the strings with a type label. After the strings are annotated with a type label, application program modules may use the type label to provide users with a choice of actions. If the user's computer does not have any actions associated with a type label, the user may be provided with the option to surf to a download Uniform Resource Locator (URL) and download action plug-ins for that type label. One or more recognizer plug-ins perform the recognition of particular strings in an electronic document. The recognizer plug-ins may be packaged with an application program module or they may be written by third parties to recognize particular strings that are of interest. One or more action plug-ins provide possible actions to be presented to the user based upon the type label associated with the string.

29 citations

Proceedings Article
01 Jan 2011
TL;DR: A novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA is proposed and implemented and the results show that the model protects against 100% of tested attacks before even reaching the database layer.
Abstract: SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.

18 citations

Journal ArticleDOI
TL;DR: An approach based on negative tainting along with SQL keyword analysis for detecting and preventing SQLIA attack is proposed and tested on all types of SQLIAs techniques.
Abstract: SQL injection attack (SQLIA) is a serious threat to web applications. A successful SQLIAs can have serious consequences to the victimized organization that include financial lose, reputation lose, compliance and regulatory breach. Therefore, developing approaches for mitigating SQLIA is paramount important. To this end, we propose an approach based on negative tainting along with SQL keyword analysis for detecting and preventing SQLIA. We have tested our proposed approach on all types of SQLIAs techniques by generating SQL queries containing legitimate SQL commands and SQLIA. We present an analysis and evaluation of the proposed approach to demonstrate its effectiveness in detecting and protecting SQLIA attack.

12 citations

Journal ArticleDOI
TL;DR: Microsoft's Universal Data Access provides high-performance access to a variety of data and information sources on multiple platforms and an easy-to-use-programming interface that works with practically any tool or language.
Abstract: The ability to access corporate data from the Web is the powerful engine of E-commerce. There are several underlying reasons of the importance of data access solutions. Evolved from static hypertext retrieval and CGI applications, database access solutions are more advanced and specialized, which can be categorized into three types. Microsoft's Universal Data Access is a platform, application, and tools initiative that defines and delivers both standards and technologies providing access to information across the enterprise. Universal Data Access provides high-performance access to a variety of data and information sources on multiple platforms and an easy-to-use-programming interface that works with practically any tool or language. OLE DB and ADO are two basic building blocks of UDA. When choosing appropriate solutions to data access, there are four main criteria used in the decision-making process: technical feasibility, operational feasibility, economic feasibility, and legal feasibility. Database-to-...

11 citations