Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Recommendation on issuing DDL in applications

Re: Recommendation on issuing DDL in applications

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Fri, 29 Aug 2003 16:27:37 +0100
Message-ID: <ww8g2LCpD3T$EwI8@peterfinnigan.demon.co.uk> 





Security!, if your DDL is generated and not fixed then it could be
possible for someone to inject alternate DDL. i.e if you issue an alter
or create command it could be possible for someone to insert "user"
instead of table. Just a thought, you may be able to use as ammo.



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Fri Aug 29 2003 - 10:27:37 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US