Publication Date

Spring 2021

Advisor(s) - Committee Chair

Guangming Xing (Director), Ivan Novikov, and Dominic Lanphier

Degree Program

Department of Physics and Astronomy

Degree Type

Master of Science


Buffer overflows and SQL Injection have plagued programmers for many years. A successful buffer overflow, innocuous or not, damages a computer’s permanent memory. Safer buffer overflow programs are presented in this thesis for the C programs characterizing string concatenation, string copy, and format get string, a C program which takes input and output from a keyboard, in most cases. Safer string concatenation and string copy programs presented in this thesis require the programmer to specify the amount of storage space necessary for the program’s execution. This safety mechanism is designed to help programmers avoid over specifying the amount of storage space in a computer in the event in which the actual storage space is smaller.

SQL injection into a computer database can alter or delete some or all of the computer database. To make matters more complicated, not all SQL databases use the same SQL statements and programming syntax. SQLite version 3 is a database which is vulnerable to SQL Injection. Computer Science I (CS I) and Computer Science II (CS II) classes will benefit from a computer program designed to illustrate various defective queries and how SQL injection might occur in a practical, real-world setting. The C++ command-line program designed in this thesis is a contribution to this project.


Computer Sciences | Databases and Information Systems | Information Security