Re: SQL Server for Oracle DBAs

From: joel garry <joel-garry_at_home.com>
Date: Tue, 3 Jun 2008 14:32:59 -0700 (PDT)
Message-ID: <15e53eb7-2be5-4e08-99c0-b034c750162c@b5g2000pri.googlegroups.com>

On Jun 3, 1:00�pm, "Tony Rogerson" <tonyroger..._at_torver.net> wrote:
> http://www.oracle.com/technology/oramag/oracle/05-jan/o15asktom.html
> "This is such an important topic, and not as many people are aware of it as
> I thought. Before we start with an answer, let's define the term SQL
> injection. SQL injection occurs when an application program accepts
> arbitrary SQL from an untrusted source (think "end user"), blindly adds it
> to the application's SQL, and executes it. It "

The Tom referred to in "asktom" has stated he enjoys explaining the differences between Oracle and the other db engines. I suggest you (and any other person going between engines) buy his books and study them carefully.

>
> Like I said - SQL Injection and the link you posted is all about coder
> problems; sloppy coding leads to SQL injection attacks - common to all
> databases.
>
> Seriously, if you don't know what SQL Injection is - what the hell are you
> doing teaching?
>

I must say, I've seen lots of SQL-server and mysql and php error messages on web pages, some definitely not a good idea.

--
@home.com is bogus.
"How to Break Web Software"
http://catless.ncl.ac.uk/Risks/24.34.html#subj13
word: bopho

Received on Tue Jun 03 2008 - 16:32:59 CDT

This message: [ Message body ]
Next message: Yong Huang: "Re: v$sql_bind_capture – is it buggy?"
Previous message: joel garry: "Re: Add a new row based on the condition?"
In reply to: Tony Rogerson: "Re: SQL Server for Oracle DBAs"
Next in thread: DA Morgan: "Re: SQL Server for Oracle DBAs"
Reply: DA Morgan: "Re: SQL Server for Oracle DBAs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message