RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements

• From: "Kenneth Naim" <kennethnaim@xxxxxxxxx>
• To: "'Stephane Faroult'" <sfaroult@xxxxxxxxxxxx>, <Freek.DHooge@xxxxxxxxx>
• Date: Mon, 2 May 2011 17:24:02 -0400

I've never worked on sql server. If I get a chance I'll go through my old
emails and find the exact system/db version/compiler where it happened.

 

Ken

 

From: Stephane Faroult [mailto:sfaroult@xxxxxxxxxxxx] 
Sent: Monday, May 02, 2011 5:27 PM
To: Freek.DHooge@xxxxxxxxx
Cc: Kenneth Naim; oratune@xxxxxxxxx; jkstill@xxxxxxxxx; 'Oracle-L Freelists'
Subject: Re: Security Question - how do you deal with sensitive information
hardcoded in SQL statements

 

Ken,

    I think that you are confusing with SQL Server. Oracle isn't that smart
;-).

Stephane Faroult
RoughSea Ltd <http://www.roughsea.com> 
Konagora <http://www.konagora.com> 
RoughSea Channel on Youtube <http://www.youtube.com/user/roughsealtd> 


On 05/02/2011 10:05 PM, D'Hooge Freek wrote: 

Kenneth,
 
Are you sure about this?
I thought I had seen a query when investigating a different problem, which
had both "normal" bind variablen and system generated ones.
I can't directly find the example again, but I will see if I can reproduce
it.
 
 
Regards,
 
 
Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge@xxxxxxxxx
tel +32(0)3 451 23 82
http://www.uptime.be
disclaimer: www.uptime.be/disclaimer
---
From: Kenneth Naim [mailto:kennethnaim@xxxxxxxxx] 
Sent: maandag 2 mei 2011 21:35
To: oratune@xxxxxxxxx; D'Hooge Freek; jkstill@xxxxxxxxx; 'Oracle-L
Freelists'
Subject: RE: Security Question - how do you deal with sensitive information
hardcoded in SQL statements
 
Another caveat with cursor sharing is if the application uses bind variables
and literals in the same statement, the literals won't be replaced as the
optimizer assumes the developer that choose to use bind variables was smart
enough to use them everywhere they should be used.
 
Ken
 
--
//www.freelists.org/webpage/oracle-l
 
 
 
  _____  



Checked by AVG - www.avg.com
Version: 10.0.1325 / Virus Database: 1500/3610 - Release Date: 05/02/11

  _____  


Checked by AVG - www.avg.com
Version: 10.0.1325 / Virus Database: 1500/3610 - Release Date: 05/02/11

• References:
  • Security Question - how do you deal with sensitive information hardcoded in SQL statements
    • From: Jared Still
  • RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements
    • From: D'Hooge Freek
  • Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements
    • From: David Fitzjarrell
  • RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements
    • From: D'Hooge Freek
  • Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements
    • From: Stephane Faroult

Other related posts:

• » Security Question - how do you deal with sensitive information hardcoded in SQL statements- Jared Still
• » RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements- D'Hooge Freek
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- David Fitzjarrell
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Michael Moore
• » RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements- D'Hooge Freek
• » RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Lange, Kevin G
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Stephane Faroult
• » RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Kenneth Naim
• » RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Jorgensen, Finn
• » RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements - Kenneth Naim
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Wolfgang Breitling
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Jared Still
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Niall Litchfield
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Michael Wehrle
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Pavel
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Jared Still
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Michael Wehrle
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Jared Still
• » Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements- Michael Wehrle

1. Home
2. oracle-l
3. Archive
4. 05-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---