{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:27:35Z","timestamp":1750307255811,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,3,22]],"date-time":"2011-03-22T00:00:00Z","timestamp":1300752000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CCF-0424422CNS-1018924"],"award-info":[{"award-number":["CCF-0424422CNS-1018924"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000143","name":"Division of Computing and Communication Foundations","doi-asserted-by":"publisher","award":["CCF-0424422CNS-1018924"],"award-info":[{"award-number":["CCF-0424422CNS-1018924"]}],"id":[{"id":"10.13039\/100000143","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,3,22]]},"DOI":"10.1145\/1966913.1966971","type":"proceedings-article","created":{"date-parts":[[2011,4,7]],"date-time":"2011-04-07T09:36:11Z","timestamp":1302168971000},"page":"416-422","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Diesel"],"prefix":"10.1145","author":[{"given":"Adrienne Porter","family":"Felt","sequence":"first","affiliation":[{"name":"UC Berkeley"}]},{"given":"Matthew","family":"Finifter","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]},{"given":"Joel","family":"Weinberger","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]},{"given":"David","family":"Wagner","sequence":"additional","affiliation":[{"name":"UC Berkeley"}]}],"member":"320","published-online":{"date-parts":[[2011,3,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314466.1314475"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1108473.1108496"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 18th USENIX Security Symposium","author":"Dalton M.","year":"2009","unstructured":"M. Dalton , C. Kozyrakis , and N. Zeldovich . Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications . In Proceedings of the 18th USENIX Security Symposium , Montreal, Canada , August 2009 . M. Dalton, C. Kozyrakis, and N. Zeldovich. Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications. In Proceedings of the 18th USENIX Security Symposium, Montreal, Canada, August 2009."},{"key":"e_1_3_2_1_4_1","volume-title":"USENIX Security","author":"Felmetsger V.","year":"2010","unstructured":"V. Felmetsger , L. Cavedon , C. Kruegel , and G. Vigna . Toward Automated Detection of Logic Vulnerabilities in Web Applications . In USENIX Security , 2010 . V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. Toward Automated Detection of Logic Vulnerabilities in Web Applications. In USENIX Security, 2010."},{"key":"e_1_3_2_1_6_1","unstructured":"Google. Android Developers: Security and Permissions. http:\/\/developer.android.com\/guide\/topics\/security\/security.html.  Google. Android Developers: Security and Permissions. http:\/\/developer.android.com\/guide\/topics\/security\/security.html."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/320473.320482"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101935"},{"key":"e_1_3_2_1_9_1","volume-title":"Proceedings of the IEEE International Symposium on Secure Software Engineering","author":"Halfond W. G.","year":"2006","unstructured":"W. G. Halfond , J. Viegas , and A. Orso . A Classification of SQL-Injection Attacks and Countermeasures . In Proceedings of the IEEE International Symposium on Secure Software Engineering , Arlington, VA, USA , March 2006 . W. G. Halfond, J. Viegas, and A. Orso. A Classification of SQL-Injection Attacks and Countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA, March 2006."},{"key":"e_1_3_2_1_10_1","unstructured":"JForum---Powering communities. http:\/\/www.jforum.net.  JForum---Powering communities. http:\/\/www.jforum.net."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1142473.1142489"},{"key":"e_1_3_2_1_12_1","unstructured":"J. C. K. Keane. {Full-disclosure} Drupal Brilliant Gallery module SQL injection vulnerability. http:\/\/www.derkeiler.com\/Mailing-Lists\/Full-Disclosure\/2008-09\/msg00506.html.  J. C. K. Keane. {Full-disclosure} Drupal Brilliant Gallery module SQL injection vulnerability. http:\/\/www.derkeiler.com\/Mailing-Lists\/Full-Disclosure\/2008-09\/msg00506.html."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772747"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/70730.70731"},{"key":"e_1_3_2_1_15_1","volume-title":"Internet Security Auditors Alert: WP-Forum &#8804","author":"Lara J. G.","year":"2009","unstructured":"J. G. Lara . Internet Security Auditors Alert: WP-Forum &#8804 ; 2.3 SQL Injection vulnerabilities. http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/508504\/100\/0\/threaded, 2009 . J. G. Lara. Internet Security Auditors Alert: WP-Forum ≤ 2.3 SQL Injection vulnerabilities. http:\/\/www.securityfocus.com\/archive\/1\/archive\/1\/508504\/100\/0\/threaded, 2009."},{"key":"e_1_3_2_1_16_1","volume-title":"Butterworth-Heinemann","author":"Levy H. M.","year":"1984","unstructured":"H. M. Levy . Capability-Based Computer Systems . Butterworth-Heinemann , Newton, MA, USA , 1984 . H. M. Levy. Capability-Based Computer Systems. Butterworth-Heinemann, Newton, MA, USA, 1984."},{"key":"e_1_3_2_1_17_1","unstructured":"N. Loeve. Funnel - A Multiplexer Plugin for MySQL-Proxy. https:\/\/lists.launchpad.net\/mysql-proxy-discuss\/msg00030.html.  N. Loeve. Funnel - A Multiplexer Plugin for MySQL-Proxy. https:\/\/lists.launchpad.net\/mysql-proxy-discuss\/msg00030.html."},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 17th Annual Network and Distributed Systems Security Symposium (NDSS 2010)","author":"Mettler A.","year":"2010","unstructured":"A. Mettler , D. Wagner , and T. Close . Joe-E: A Security-Oriented Subset of Java . In Proceedings of the 17th Annual Network and Distributed Systems Security Symposium (NDSS 2010) , 2010 . A. Mettler, D. Wagner, and T. Close. Joe-E: A Security-Oriented Subset of Java. In Proceedings of the 17th Annual Network and Distributed Systems Security Symposium (NDSS 2010), 2010."},{"key":"e_1_3_2_1_20_1","unstructured":"MySQL Proxy. http:\/\/forge.mysql.com\/wiki\/MySQL_Proxy.  MySQL Proxy. http:\/\/forge.mysql.com\/wiki\/MySQL_Proxy."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455808"},{"key":"e_1_3_2_1_22_1","unstructured":"Oracle. Examples of Second Order SQL Injection Attack. http:\/\/st-curriculum.oracle.com\/tutorial\/SQLInjection\/html\/lesson1\/les01_tm_attacks2.htm.  Oracle. Examples of Second Order SQL Injection Attack. http:\/\/st-curriculum.oracle.com\/tutorial\/SQLInjection\/html\/lesson1\/les01_tm_attacks2.htm."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.21"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/1251353.1251369"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007631"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/319151.319163"},{"key":"e_1_3_2_1_28_1","unstructured":"Sun Microsystems Inc. Connection pooling 2008. http:\/\/java.sun.com\/developer\/onlineTraining\/Programming\/JDCBook\/conpool.html#pool.  Sun Microsystems Inc. Connection pooling 2008. http:\/\/java.sun.com\/developer\/onlineTraining\/Programming\/JDCBook\/conpool.html#pool."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SESS.2007.12"}],"event":{"name":"ASIA CCS '11: 6th ACM Symposium on Information, Compuer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Hong Kong China","acronym":"ASIA CCS '11"},"container-title":["Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1966913.1966971","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1966913.1966971","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:52:25Z","timestamp":1750243945000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1966913.1966971"}},"subtitle":["applying privilege separation to database access"],"short-title":[],"issued":{"date-parts":[[2011,3,22]]},"references-count":27,"alternative-id":["10.1145\/1966913.1966971","10.1145\/1966913"],"URL":"https:\/\/doi.org\/10.1145\/1966913.1966971","relation":{},"subject":[],"published":{"date-parts":[[2011,3,22]]},"assertion":[{"value":"2011-03-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}