RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements

From: D'Hooge Freek <Freek.DHooge_at_uptime.be>
Date: Mon, 2 May 2011 22:05:56 +0200
Message-ID: <4814386347E41145AAE79139EAA39898150260A6BC_at_ws03-exch07.iconos.be>

Kenneth,

Are you sure about this?
I thought I had seen a query when investigating a different problem, which had both "normal" bind variablen and system generated ones. I can't directly find the example again, but I will see if I can reproduce it.

Regards,

Freek D'Hooge
Uptime
Oracle Database Administrator
email: freek.dhooge_at_uptime.be
tel +32(0)3 451 23 82
http://www.uptime.be
disclaimer: www.uptime.be/disclaimer
---

From: Kenneth Naim [mailto:kennethnaim_at_gmail.com] Sent: maandag 2 mei 2011 21:35
To: oratune_at_yahoo.com; D'Hooge Freek; jkstill_at_gmail.com; 'Oracle-L Freelists' Subject: RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements

Another caveat with cursor sharing is if the application uses bind variables and literals in the same statement, the literals won't be replaced as the optimizer assumes the developer that choose to use bind variables was smart enough to use them everywhere they should be used.

Ken

--

http://www.freelists.org/webpage/oracle-l Received on Mon May 02 2011 - 15:05:56 CDT

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message