Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: bind variables/injection attacks
Jake wrote:
>
> Is the usage of bind variables sufficient to prevent injection
> attacks?
>
> In other words, if I use bind variables for all inputs coming from the
> user, is there any way that I could have a problem with injection
> attacks still?
As Mark says not 100% nor is anything 100%. But I would recommend
combining the use of bind variables, always a good idea, with use
of the DBMS_ASSERT built-in package.
http://www.psoug.org/reference/dbms_assert.html
-- Daniel A. Morgan University of Washington damorgan_at_x.washington.edu (replace x with u to respond) Puget Sound Oracle Users Group www.psoug.orgReceived on Fri Oct 12 2007 - 16:16:40 CDT