SQL injection | EPFL Graph Search

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. Document-oriented NoSQL databases can also be affected by thi

Un espace de consommation de stupéfiants dans la ville de Lausanne

Marco Neri

Les locaux d'injection sont des centres légalement approuvés, sous supervision médicale, où l'on permet aux consommateurs de drogues intraveineuses de s'injecter dans un environnement protégé, hygiénique et moins stressant que la plupart des lieux publics. Actuellement, les problèmes liés aux drogues sont moins visibles qu'au milieu des années 1980 mais ils demeurent existants. On dénombre en Suisse près de 30'000 toxicomanes. Toutes les villes sont ainsi touchées par le phénomène mais seul un petit nombre d'entre elles possède un local de consommation. Lausanne, par exemple, possède près de 1'500 toxicodépendants mais aucun local d'injection. Un espace de consommation de stupéfiants en plein cœur de la ville de lausanne n'est pas une idée nouvelle. Le Conseil communal de la ville de Lausanne avait soutenu (en vain) la réalisation d'un centre d'injection en 2007. Le présent projet s'inscrit par conséquent dans un contexte quelque peu imaginaire, où le local d'injection apparaîtrait comme une utopie urbaine.

2009

AFM Based Single Cell Microinjection

Joanna Katarzyna Bitterli

The development of atomic force microscopy (AFM) has enabled a major breakthrough in the study of individual biological objects, such as nucleic acids, proteins and protein complexes. More recently the use of AFM to investigate eukaryotic cells has been explored. In one approach, the AFM probe can be used as a needle that delivers material into a single living cell while the AFM microscope controls precisely the interactions between the probe and the biological sample. The work presented here was dedicated to the development of a microinjection system for single cells based on atomic force microscopy. Demonstration experiments of liquid delivery into cells were also performed in order to characterize the system, its potential and its limits. As the injection of liquid into a cell requires the insertion of the tip into a cell, a detailed study of AFM probe-cell interactions was carried out. In the introduction microinjection into adherent cells, its applications and limitations are described. The main limitation of this method is lack of control over the cell penetration. Since atomic force microscope (AFM) offers this possibility, a novel microinjection tool for liquid delivery into single adherent cells based on the AFM is proposed in this work. A case study examines the specifications of an AFM-based microinjection system, such as control of delivered volume and control of AFM-probe cell interactions. Given the specifications, a detail design of the system is proposed with an AFM probe with microfluidic channels (NADIS) as a core component. In next two chapters, the fabrication and characterization of the system is presented including the flow of liquids through the NADIS probes. Some limitations of the system are discussed together with possible approaches to improvement. Further, an in depth analysis of cell indentation is undertaken. Aspects such as determination of tip insertion and factors influencing the probability of cell membrane penetration by an AFM tip are discussed. Cell membrane rupture with an AFM probe is described with a simple mechanical model. Biophysical analysis of the tip insertion is presented followed by development of a five parameter analysis of force-separation curves. In addition the effect of tip penetration on cell viability is addressed. Finally, the AFM-based microinjection system is used to deliver liquids into individual adherent cells. Microinjection into the cytoplasm, but not into the nucleus is demonstrated. The experiments study possible system leakage, clogging of the tip opening with cell residues and injection parameters. Finally the probe-cell interactions during the injections are analysed.

EPFL2012

An Embedded Query Language in Scala

Amir Shaikhha

In this thesis we address the problem of integrating general purpose programming languages with relational databases. An approach to solving this problem is using raw strings to represent SQL statements. This approach leads to runtime errors and security vulnerabilities like SQL injection. The second approach is integrating the query in a host language. The most well-known example of the second approach is LINQ. This approach provides static checking of types and syntax during compilation. This thesis presents an embedded query language in Scala, namely Shadow Embedding in Slick. Shadow Embedding provides even stronger compile-time guarantees than LINQ and similar systems in Scala. The experimental results show that the performance of our approach is very similar to the case of using raw Strings, thanks to static code analysis and clever code caching.

2013

AFM Based Single Cell Microinjection

Joanna Katarzyna Bitterli

EPFL2012