Re: SQL Injection Concern

• From: Jared Still <jkstill@xxxxxxxxx>
• To: jknight@xxxxxxxxxxxxxx
• Date: Mon, 10 Jan 2005 09:39:37 -0800

Use bind variables.  That will greatly reduce or eliminate
the chance of SQL injection with 'execute immedate'.


On Mon, 10 Jan 2005 10:32:31 -0600, Knight, Jon <jknight@xxxxxxxxxxxxxx> wrote:
>   We've got a table listing stored programs that need to execute after
> various application activity.  My first thought is to just use "execute
> immediate" on the stored program.  But this will allow anyone to insert a
> row into our table and execute arbitrary code.  I'm interested in any
> suggestions or solutions you've implemented to tighten up security in such a
> situation.
> 

-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
--
//www.freelists.org/webpage/oracle-l

• References:
  • SQL Injection Concern
    • From: Knight, Jon

Other related posts:

• » SQL Injection Concern
• » RE: SQL Injection Concern
• » RE: SQL Injection Concern
• » Re: SQL Injection Concern
• » RE: SQL Injection Concern
• » RE: SQL Injection Concern
• » Re: SQL Injection Concern
• » RE: SQL Injection Concern
• » RE: SQL Injection Concern
• » Re: SQL Injection Concern
• » Re: SQL Injection Concern

1. Home
2. oracle-l
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---