| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Hiding the names of Web Toolkit procedures in Browser Address boxes
Hi Melanie
you could use synonyms to hide the real names of the procedures if this is a suitable alternative to showing procedure names but it doesn't alter the fact that someone could then just call these synonyms if the goal is SQL injection. You might be interested in the three papers I wrote for security focus on SQL injection in Oracle - see http://www.pet efinnigan.com/orasec.htm for the links - they are near the top of the page. Is the concern to hide the fact that it is a web toolkit based site?
kind regards
Pete
--
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Pete Finnigan
INET: oracle_list_at_peterfinnigan.demon.co.uk
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services ---------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Mon Oct 13 2003 - 16:19:25 CDT
 |
 |