Top

Published in:

2018 | OriginalPaper | Chapter

MySQL Extension Automatic Porting to PDO for PHP Migration and Security Improvement

Authors : Fabio Mondin, Agostino Cortesi

Published in: Computer Information Systems and Industrial Management

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In software management, the upgrade of programming languages may introduce critical issues. This is the case of PHP, the fifth version of which is going towards the end of the support. The new release improves on different aspects, but removes the old deprecated MySQL extensions, and supports only the newer library of functions for the connection to the databases. The software systems already in place need to be renewed to be compliant with respect to the new language version. The conversion of the source code, to be safe against injection attacks, should involve also the transformation of the query code. The purpose of this work is the design of specific tool that automatically applies the required transformation yielding to a precise and efficient conversion procedure. The tool has been applied to different projects to provide evidence of its effectiveness.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Model of Secure Data Storage in the Cloud for Mobile Devices

next chapter Network Electronic Devices Authentication by Internal Electrical Noise

Artzi, S., et al.: Finding bugs in web applications using dynamic test generation and explicit-state model checking. IEEE Trans. Softw. Eng. 36(4), 474–494 (2010)CrossRef

Clause, J.A., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: ISSTA 2007, pp. 196–206 (2007)

Costantini, G., Ferrara, P., Cortesi, A.: Static analysis of string values. In: Qin, S., Qiu, Z. (eds.) ICFEM 2011. LNCS, vol. 6991, pp. 505–521. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24559-6_34CrossRef

Hauzar, D., Kofron, J.: Framework for static analysis of PHP applications. In: ECOOP 2015, pp. 689–711 (2015)

Khmelevsky, Y., Rinard, M., Sidiroglou-Douskos, S.: A source-to-source transformation tool for error fixing (2013)

Kiezun, A., Guo, P.J., Jayaraman, K., Ernst, M.D.: Automatic creation of SQL injection and cross-site scripting attacks. In: ICSE 2009, pp. 199–209 (2009)

Loveman, D.B.: Program improvement by source-to-source transformation. J. ACM 24(1), 121–145 (1977)MathSciNetCrossRef

Pawlak, R., Monperrus, M., Petitprez, N., Noguera, C., Seinturier, L.: SPOON: a library for implementing analyses and transformations of Java source code. Softw. Pract. Experience 46, 1155–1179 (2015)CrossRef

Pollet, I., Le Charlier, B., Cortesi, A.: Distinctness and sharing domains for static analysis of Java programs. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 77–98. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45337-7_5CrossRef

10.

Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. PLDI 46, 32–41 (2007)

11.

Zanioli, M., Ferrara, P., Cortesi, A.: SAILS: static analysis of information leakage with sample. In: ACM SAC 2012, pp. 1308–1313 (2012)

12.

A MySQL Converter Tool. https://github.com/philip/MySQLConverterTool

13.

C2CUDATranslator. https://github.com/prem30488/C2CUDATranslator

14.

Grumpy: Go running Python. https://github.com/google/grumpy

15.

Migrating from PHP 5.6.x to PHP 7.0.x. http://php.net/manual/en/migration70.php

16.

PHP Backward incompatible changes. http://php.net/manual/en/migration70.incom-patible.php

17.

PHP Supported Versions. http://php.net/supported-versions.php

18.

PHP 5.4 Short Array Syntax Converter. https://github.com/thomasbachem/php-short-array-syntax-converter

19.

PIPS: Automatic Parallelizer and Code Transformation Framework. https://pips4u.org

20.

The PIPS Workbench Project. http://www.cri.ensmp.fr/PIPS/home.html

21.

ROSE compiler infrastructure. http://rosecompiler.org

22.

YAK Pro - mysql to mysqli converter. http://mysql-to-mysqli.yakpro.com/

Title: MySQL Extension Automatic Porting to PDO for PHP Migration and Security Improvement
Authors: Fabio Mondin
Agostino Cortesi
Publisher: Springer International Publishing
Book: Computer Information Systems and Industrial Management
Print ISBN: 978-3-319-99953-1

Electronic ISBN: 978-3-319-99954-8

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-99954-8_38

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner