Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> SQL Injection

SQL Injection

From: Dennis Williams <oracledba.williams_at_gmail.com>
Date: Wed, 22 Mar 2006 09:01:44 -0600
Message-ID: <de807caa0603220701k559e96edlcaecc6dc6da08d06@mail.gmail.com> 





List,



Here is a recent paper on how hackers can use the SQL injection technique.



http://www.ngssoftware.com/papers/sqlinference.pdf



The SQL Server example appears quite appaling, with a hacker being able to
access the O.S. The Oracle example looks bad (select password from
dba_users) on the surface, but an ordinary user shouldn't have that table
and the password is encrypted anyway. Does anyone know if current versions
of SQL Server are this vulnerable?



Dennis Williams


--
http://www.freelists.org/webpage/oracle-l


Received on Wed Mar 22 2006 - 09:01:44 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US