Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Tracing SQL Statements Behind a Form

Re: Tracing SQL Statements Behind a Form

From: Ed_Zep <edward.mcmonagle_at_ntu.ac.uk>
Date: 14 Jul 2004 01:37:44 -0700
Message-ID: <4e489625.0407140037.64f9fe24@posting.google.com>


Hi Pete.

Thanks very much for that.

Best regards,

Ed.

Pete Finnigan <plsql_at_petefinnigan.com> wrote in message news:<SUYo$mAAKD9ARxIi_at_peterfinnigan.demon.co.uk>...
> Hi Ed,
>
> I have a paper on my site that has many many ways to setting trace for
> your own user, another user and at differing levels, you can find it at
> http://www.petefinnigan.com/ramblings/how_to_set_trace.htm - Also you
> might want to look at a paper i wrote called "Detecting SQL Injection in
> Oracle" - it covers a few ways that can be used to trap the SQl sent to
> the database from an application or person. Incluing sniffing the
> network, sql*net trace, from the SGA, trace, etc. You can find it at
> http://www.petefinnigan.com/orasec.htm
>
> Also if the application uses OCI as the lowest client level (not sure if
> forms does - i suspect it might use UPI) then there is a tool called
> OCISPY that can trap all client OCI calls including SQL. A link to it is
> on my tools page http://www.petefinnigan.com/tools.htm
>
> hth
>
> kind regards
>
> Pete
Received on Wed Jul 14 2004 - 03:37:44 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US