I think in metalink, oracle has discussed detailed about this problem. One can find in the headlines. FAQ For Oracle PL/SQL Gateway Security Issue Released by David Litchfield Jaffar On 2/7/06, Niall Litchfield <niall.litchfield@xxxxxxxxx> wrote: > On 2/7/06, The Human Fly <sjaffarhussain@xxxxxxxxx> wrote: > > Hello List, > > > > Being one of the fan of oracle, I truly disapointed to read the > > following blog. Has any come across of this link or not? > > Now, Oracle experts, tell us how to definy with this comment in the blog? > > > > http://blogs.zdnet.com/Ou/?p=151 > > > Its fair to say that this subject has attracted a fair deal of comment here > and elsewhere. The assertions do have a basis in fact (though some are badly > worded - not every product has 82 vulnerabilities as the blog suggests) and > some of the recommendations may not be too wise, Oracle suggest for example > that applying David Litchfield's work around will break Oracle Applications > and The Product Formerly Known As HTMLDB. > > > -- > > Niall Litchfield > > Oracle DBA > > http://www.orawin.info > -- Best Regards, Syed Jaffar Hussain OCP 8i & 9i DBA, Banque Saudi Fransi, Saudi Arabia http://jaffardba.blogspot.com/ ---------------------------------------------------------------------------------- "Winners don't do different things. They do things differently." -- //www.freelists.org/webpage/oracle-l