Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements

From: Stephane Faroult <sfaroult_at_roughsea.com>
Date: Mon, 02 May 2011 23:27:24 +0200
Message-ID: <4DBF21BC.5060604_at_roughsea.com>

Ken,

I think that you are confusing with SQL Server. Oracle isn't that smart ;-).

Stephane Faroult
RoughSea Ltd <http://www.roughsea.com>
Konagora <http://www.konagora.com>
RoughSea Channel on Youtube <http://www.youtube.com/user/roughsealtd>

On 05/02/2011 10:05 PM, D'Hooge Freek wrote:
> Kenneth,
>
> Are you sure about this?
> I thought I had seen a query when investigating a different problem, which had both "normal" bind variablen and system generated ones.
> I can't directly find the example again, but I will see if I can reproduce it.
>
>
> Regards,
>
>
> Freek D'Hooge
> Uptime
> Oracle Database Administrator
> email: freek.dhooge_at_uptime.be
> tel +32(0)3 451 23 82
> http://www.uptime.be
> disclaimer: www.uptime.be/disclaimer
> ---
> From: Kenneth Naim [mailto:kennethnaim_at_gmail.com]
> Sent: maandag 2 mei 2011 21:35
> To: oratune_at_yahoo.com; D'Hooge Freek; jkstill_at_gmail.com; 'Oracle-L Freelists'
> Subject: RE: Security Question - how do you deal with sensitive information hardcoded in SQL statements
>
> Another caveat with cursor sharing is if the application uses bind variables and literals in the same statement, the literals won't be replaced as the optimizer assumes the developer that choose to use bind variables was smart enough to use them everywhere they should be used.
>
> Ken
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Mon May 02 2011 - 16:27:24 CDT

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message