Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: bind variables/injection attacks

Re: bind variables/injection attacks

From: DA Morgan <damorgan_at_psoug.org>
Date: Fri, 12 Oct 2007 14:16:40 -0700
Message-ID: <1192223786.201597@bubbleator.drizzle.com> 





Jake wrote:


> 

> Is the usage of bind variables sufficient to prevent injection

> attacks?

> 

> In other words, if I use bind variables for all inputs coming from the

> user, is there any way that I could have a problem with injection

> attacks still?




As Mark says not 100% nor is anything 100%. But I would recommend
combining the use of bind variables, always a good idea, with use
of the DBMS_ASSERT built-in package.


http://www.psoug.org/reference/dbms_assert.html

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org


Received on Fri Oct 12 2007 - 16:16:40 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US