Can you not control what gets put into this table? Make it read-only? -----Original Message----- From: Knight, Jon [mailto:jknight@xxxxxxxxxxxxxx] Sent: Monday, January 10, 2005 11:33 AM To: oracle-l@xxxxxxxxxxxxx Subject: SQL Injection Concern We've got a table listing stored programs that need to execute after various application activity. My first thought is to just use "execute immediate" on the stored program. But this will allow anyone to insert a row into our table and execute arbitrary code. I'm interested in any suggestions or solutions you've implemented to tighten up security in such a situation. Thanks, Jon Knight Senior Database Analyst 2525 Horizon Lake Drive, Suite 120 Memphis, TN 38133 JKnight@xxxxxxxxxxxxxx 901.371.8000 - Phone 800.238.7675 - Phone 901.380.8336 - Fax www.FirstData.com First Data's merger with Concord creates "One Company" with enhanced choice, voice and innovation for all customers. -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l