RE: SQL Injection Concern

• From: J.Velikanovs@xxxxxxxx
• To: jknight@xxxxxxxxxxxxxx
• Date: Mon, 10 Jan 2005 19:49:48 +0200

>A read-only table is new to me.  How do I make it read only?  By putting 
it
>in a read only tablespace?  Or, is there another way?
For example you can simulate RO using TRIGGER like below:
CREATE OR REPLACE TRIGGER make_table_ro
 BEFORE INSERT OR DELETE OR UPDATE
 ON your_table
BEGIN
raise_application_error(-20101, 'Table is read-only');
END;
/

PS RO Tablespace is the real solution.

J.

On 2005.01.10 19:24:56 oracle-l-bounce wrote:

>Thanks all for the suggestions.  BTW, We have an upgrade on the way, but
>we're still on 8i ...
>
>A read-only table is new to me.  How do I make it read only?  By putting 
it
>in a read only tablespace?  Or, is there another way?
>
>Thanks,
>Jon
>
>-----Original Message-----
>From:  Mercadante, Thomas F [mailto:thomas.mercadante@xxxxxxxxxxxxxxxxx]
>Sent:  Monday, January 10, 2005 10:48 AM
>To:    'jknight@xxxxxxxxxxxxxx'; oracle-l@xxxxxxxxxxxxx
>Subject:       RE: SQL Injection Concern
>
>Can you not control what gets put into this table?  Make it read-only?
>
>-----Original Message-----
>From: Knight, Jon [mailto:jknight@xxxxxxxxxxxxxx]
>Sent: Monday, January 10, 2005 11:33 AM
>To: oracle-l@xxxxxxxxxxxxx
>Subject: SQL Injection Concern
>
>We've got a table listing stored programs that need to execute after
>various application activity.  My first thought is to just use "execute
>immediate" on the stored program.  But this will allow anyone to insert a
>row into our table and execute arbitrary code.  I'm interested in any
>suggestions or solutions you've implemented to tighten up security in 
such a
>situation.
>
>Thanks,
>Jon Knight
>Senior Database Analyst
>2525 Horizon Lake Drive, Suite 120
>Memphis, TN  38133
>JKnight@xxxxxxxxxxxxxx
>901.371.8000 - Phone
>800.238.7675 - Phone
>901.380.8336 - Fax
>www.FirstData.com
>First Data's merger with Concord creates "One Company" with enhanced 
choice,
>voice and innovation for all customers.
>
>--
>//www.freelists.org/webpage/oracle-l
>--
>//www.freelists.org/webpage/oracle-l

--
//www.freelists.org/webpage/oracle-l

• References:
  • RE: SQL Injection Concern
    • From: Knight, Jon

Other related posts:

• » SQL Injection Concern
• » RE: SQL Injection Concern
• » RE: SQL Injection Concern
• » Re: SQL Injection Concern
• » RE: SQL Injection Concern
• » RE: SQL Injection Concern
• » Re: SQL Injection Concern
• » RE: SQL Injection Concern
• » RE: SQL Injection Concern
• » Re: SQL Injection Concern
• » Re: SQL Injection Concern

1. Home
2. oracle-l
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---