Home » RDBMS Server » Server Administration » audit use of dynamic sql (DB 19.x)
audit use of dynamic sql [message #684007] Thu, 18 March 2021 07:58 Go to next message
John Watson
Messages: 8960
Registered: January 2010
Location: Global Village
Senior Member
Is there a way to capture use of dynamic SQL? That would be EXECUTE IMMEDIATE, OPEN CURSOR...FOR... , DBMS_SQL, DBMS_SYS_SQL, probably other ways as well.

Thank you for any insight.

Report message to a moderator

Re: audit use of dynamic sql [message #684009 is a reply to message #684007] Thu, 18 March 2021 09:00 Go to previous messageGo to next message
Michel Cadot
Messages: 68716
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator

Audit captures all statements static as well as dynamic ones.
You mean you want only the dynamic ones?
In this case, knowing that dynamic statement are always parse, you can query v$sql, v$sqlarea or v$sqlstats with parse_calls=execution.
As far as I know there is "dynamic or static" flag on SQL statements.

Report message to a moderator

Re: audit use of dynamic sql [message #684011 is a reply to message #684009] Thu, 18 March 2021 09:25 Go to previous messageGo to next message
Michel Cadot
Messages: 68716
Registered: March 2007
Location: Saint-Maur, France, https...
Senior Member
Account Moderator

Quote:
In this case, knowing that dynamic statement are always parse,

Correction: this is correct for EXECUTE IMMEDIATE but not for DBMS_SQL.

Report message to a moderator

Re: audit use of dynamic sql [message #684016 is a reply to message #684011] Fri, 19 March 2021 14:49 Go to previous message
John Watson
Messages: 8960
Registered: January 2010
Location: Global Village
Senior Member
Thank you for replying. Just to explain the question, this is about code reviews to detect code potentially vulnerable to SQL injection: It would be very helpful to have some means of detecting all dynamic SQL.

Report message to a moderator

Previous Topic: SYS Account locked
Next Topic: Database resources
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 08:58:02 CST 2024
.:: Forum Home :: Blogger Home :: Wiki Home :: Contact :: Privacy ::.