Re: Security Question - how do you deal with sensitive information hardcoded in SQL statements
From: Wolfgang Breitling <breitliw_at_centrexcc.com>
Date: Mon, 2 May 2011 22:57:16 -0600
Message-Id: <0D623AC2-CA84-41EE-AA7D-7DCEECE3FF34_at_centrexcc.com>
It can't depend on the client as cursor_sharing is a database parameter. I have not seen what you describe except if cursor_sharing was turned on dynamically and the sql hadn't aged out of the shared pool since they were using bind variables and were still reused.
Date: Mon, 2 May 2011 22:57:16 -0600
Message-Id: <0D623AC2-CA84-41EE-AA7D-7DCEECE3FF34_at_centrexcc.com>
It can't depend on the client as cursor_sharing is a database parameter. I have not seen what you describe except if cursor_sharing was turned on dynamically and the sql hadn't aged out of the shared pool since they were using bind variables and were still reused.
On 2011-05-02, at 3:15 PM, Kenneth Naim wrote:
> I've dealt with many applications that use bind variable improperly mostly
> on 10g and have seen this frequently. I haven't tested it on other versions
> and it possible that it depends on the client doing the binding.
>
-- http://www.freelists.org/webpage/oracle-lReceived on Mon May 02 2011 - 23:57:16 CDT