Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Interesting Exploit in PL/SQL

Re: Interesting Exploit in PL/SQL

From: rjamya <rjamya_at_gmail.com>
Date: Tue, 28 Nov 2006 07:04:49 -0500
Message-ID: <9177895d0611280404t6c75bc06r8510f6f3005fd9cb@mail.gmail.com> 





    
  
  1.   stop comparing passwords
  
  2.   use exception handling " when others then null;" will defeat this
exploit. So, this is one place where "when others then null;" is
acceptable.






There ... no more exploit.


Let's get back to bashing 'latch free waits' or 'cache buffers chains'.



Raj



On 11/27/06, Mladen Gogala <mgogala_at_vmsinfo.com> wrote:


> Jared Still wrote:

> > Not easily exploited, but still possible.

> >

> > http://www.databasesecurity.com/dbsec/cursor-snarfing.pdf

> > <http://www.databasesecurity.com/dbsec/cursor-snarfing.pdf>


--
http://www.freelists.org/webpage/oracle-l


Received on Tue Nov 28 2006 - 06:04:49 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US