Re: Options for poorly performing SQL
From: Stephane Faroult <sfaroult_at_roughsea.com>
Date: Mon, 04 Feb 2013 16:30:10 +0100
Message-ID: <510FD402.7000009_at_roughsea.com>
Sandra
Date: Mon, 04 Feb 2013 16:30:10 +0100
Message-ID: <510FD402.7000009_at_roughsea.com>
Sandra
> They refuse to even look at the statement because
> it is dynamically created in the application using javaScript.
That's the best part. Try to read on how easily one can tweak client-side scripting, lecture somebody high enough in the hierarchy on SQL injection, and I think that your application will be changed very fast.
HTH, S Faroult
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Feb 04 2013 - 16:30:10 CET