>A read-only table is new to me. How do I make it read only? By putting it >in a read only tablespace? Or, is there another way? For example you can simulate RO using TRIGGER like below: CREATE OR REPLACE TRIGGER make_table_ro BEFORE INSERT OR DELETE OR UPDATE ON your_table BEGIN raise_application_error(-20101, 'Table is read-only'); END; / PS RO Tablespace is the real solution. J. On 2005.01.10 19:24:56 oracle-l-bounce wrote: >Thanks all for the suggestions. BTW, We have an upgrade on the way, but >we're still on 8i ... > >A read-only table is new to me. How do I make it read only? By putting it >in a read only tablespace? Or, is there another way? > >Thanks, >Jon > >-----Original Message----- >From: Mercadante, Thomas F [mailto:thomas.mercadante@xxxxxxxxxxxxxxxxx] >Sent: Monday, January 10, 2005 10:48 AM >To: 'jknight@xxxxxxxxxxxxxx'; oracle-l@xxxxxxxxxxxxx >Subject: RE: SQL Injection Concern > >Can you not control what gets put into this table? Make it read-only? > >-----Original Message----- >From: Knight, Jon [mailto:jknight@xxxxxxxxxxxxxx] >Sent: Monday, January 10, 2005 11:33 AM >To: oracle-l@xxxxxxxxxxxxx >Subject: SQL Injection Concern > >We've got a table listing stored programs that need to execute after >various application activity. My first thought is to just use "execute >immediate" on the stored program. But this will allow anyone to insert a >row into our table and execute arbitrary code. I'm interested in any >suggestions or solutions you've implemented to tighten up security in such a >situation. > >Thanks, >Jon Knight >Senior Database Analyst >2525 Horizon Lake Drive, Suite 120 >Memphis, TN 38133 >JKnight@xxxxxxxxxxxxxx >901.371.8000 - Phone >800.238.7675 - Phone >901.380.8336 - Fax >www.FirstData.com >First Data's merger with Concord creates "One Company" with enhanced choice, >voice and innovation for all customers. > >-- >//www.freelists.org/webpage/oracle-l >-- >//www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l