Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> SQL Injection Concern

SQL Injection Concern

From: Knight, Jon <jknight_at_concordefs.com>
Date: Mon, 10 Jan 2005 10:32:31 -0600
Message-ID: <17ECCBDCF27C544583F2CAD928F953261A5413@memex1.corp.cefs.int>


  We've got a table listing stored programs that need to execute after various application activity. My first thought is to just use "execute immediate" on the stored program. But this will allow anyone to insert a row into our table and execute arbitrary code. I'm interested in any suggestions or solutions you've implemented to tighten up security in such a situation.

Thanks,
Jon Knight
Senior Database Analyst
2525 Horizon Lake Drive, Suite 120
Memphis, TN 38133
JKnight_at_concordefs.com

901.371.8000 - Phone
800.238.7675 - Phone
901.380.8336 - Fax
www.FirstData.com

First Data's merger with Concord creates "One Company" with enhanced choice, voice and innovation for all customers.
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Jan 10 2005 - 10:31:38 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US