Re: More Ammo Against Dynamic SQL?
- From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
- To: kjped1313@xxxxxxxxx
- Date: Mon, 23 Nov 2009 21:44:05 +0000
does security count? In most cases it turns out to be relatively trivial to
achieve insecure results by exploiting unintended side effects of dynamic
sql. I'll lay bets that you might have a somewhat important app that a
knowledgable insider could circumvent by exploiting dynamic sql. You'd
probably want to be careful how you exposed this, but done correctly this is
likely to be a somewhat effective argument given the right audience.
Niall
On Mon, Nov 23, 2009 at 8:01 PM, Kellyn Pedersen <kjped1313@xxxxxxxxx>wrote:
> I am working on a presentation to convince my company against some of
> the dastardly dynamic SQL that we have in our code. We perform everything
> from inserts, updates, deletes, selects and CTAS' all with dynamic SQL and
> it's killing me!
> I would love any new reasons NOT to use it, as I have all the standard
> reasons like, inability to reuse sql in the buffer, parsing issues, bind
> peeking issues, execution plan instability, etc..
> Thanks for the assist! :)
>
> Kellyn Pedersen
> Multi-Platform DBA
> I-Behavior Inc.
> http://www.linkedin.com/in/kellynpedersen
>
> "Go away before I replace you with a very small and efficient shell
> script..."
>
>
--
Niall Litchfield
Oracle DBA
http://www.orawin.info
Other related posts:
