Re: SQL Injection

• From: "Dennis Williams" <oracledba.williams@xxxxxxxxx>
• To: oracle-l <oracle-l@xxxxxxxxxxxxx>
• Date: Wed, 22 Mar 2006 09:02:21 -0600

Here is another paper: http://www.ii.uib.no/~moen/inf248/slides_0710.pdf

On 3/22/06, Dennis Williams <oracledba.williams@xxxxxxxxx> wrote:
>
>  List,
>
> Here is a recent paper on how hackers can use the SQL injection technique.
>
>
> http://www.ngssoftware.com/papers/sqlinference.pdf
>
> The SQL Server example appears quite appaling, with a hacker being able to
> access the O.S. The Oracle example looks bad (select password from
> dba_users) on the surface, but an ordinary user shouldn't have that table
> and the password is encrypted anyway. Does anyone know if current versions
> of SQL Server are this vulnerable?
>
> Dennis Williams
>

• References:
  • SQL Injection
    • From: Dennis Williams

Other related posts:

• » SQL Injection
• » Re: SQL Injection

1. Home
2. oracle-l
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---