%TOC% ---++ Introduction StringBorg is a solution to injection attacks for arbitrary languages. StringBorg prevents injection attacks by embedding the syntax of guest languages (for example SQL, LDAP, Shell, XPath) in the host language (PHP, Java) and applying the _proper escaping_ rules and _positive checking_ automatically to all direct or indirect user input. Documentation: * Technical report: _"Preventing Injection Attacks with Syntax Embeddings -- A Host and Guest Language Independent Approach"_ [[http://swerl.tudelft.nl/bin/view/Main/TechnicalReports][available]] from the website of our research group ([[http://swerl.tudelft.nl/twiki/pub/Main/TechnicalReports/TUD-SERG-2007-003.pdf][pdf]]). * Blog: http://mbravenboer.blogspot.com/search/label/stringborg ----+++ Supported languages Currently, StringBorg supports PHP and Java as host languages. Supported guest languages are: * SQL-92 * LDAP search filters * Shell * XPath * XML If you have suggestions or requests for languages that we should support, then please let us know (contact one of the developers or join our mailing list). ---++ Download ---+++ Stable Releases Currently no stable releases are available. ---+++ Latest Developments Distributions (tarball, rpm, srpm) of the head revision are created continuously. We advice to install StringBorg using [[http://nix.cs.uu.nl][Nix]] one-click install or RPM. * http://buildfarm.st.ewi.tudelft.nl/releases/strategoxt/stringborg-unstable-latest/ The distributions contain the latest of the latest developments, but if you really want to, the latest sources can be checked out using:
svn checkout %SVNSTRATEGOXT%/stringborg/trunkBefore you can configure the package as described above you have to run the =./bootstrap= script. ---+++ Latest Samples Samples for StringBorg are available in the standard distribution (subdirectory =stringborg-samples=), but also as a separate package to make the samples easier to use if you use a deployment system (RPM, Nix) for the installation of StringBorg. The latest tarball of the samples can be obtained from: * http://buildfarm.st.ewi.tudelft.nl/releases/strategoxt/stringborg-samples-unstable-latest/ You need to install the samples: a plain =./configure= will configure the package (all its dependencies should be detected automatically) and you can make the samples using =make check=. In the various subdirectories you can of course also run the individual targets to generate specific files. See =Makefile.samples= for information on the targets. ---+++ Installation Install the package with the usual sequence of commands: