Re: Options for poorly performing SQL

From: Stephane Faroult <sfaroult_at_roughsea.com>
Date: Mon, 04 Feb 2013 16:30:10 +0100
Message-ID: <510FD402.7000009_at_roughsea.com>

Sandra

> They refuse to even look at the statement because
> it is dynamically created in the application using javaScript.

That's the best part. Try to read on how easily one can tweak client-side scripting, lecture somebody high enough in the hierarchy on SQL injection, and I think that your application will be changed very fast.

HTH, S Faroult

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Feb 04 2013 - 16:30:10 CET

This message: [ Message body ]
Next message: Sandra Becker: "Re: Options for poorly performing SQL"
Previous message: Ric Van Dyke: "RE: Options for poorly performing SQL"
In reply to: Sandra Becker: "Options for poorly performing SQL"
Next in thread: Carlos Sierra: "Re: Options for poorly performing SQL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message