Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Slightly OT: Java in the DB
In article <0186754BC82DD511B5C600B0D0AAC4D607B0002F_at_EXCHMN3>, DENNIS
WILLIAMS <DWILLIAMS_at_LIFETOUCH.COM> writes
>Somewhere I read that using bind variables defeats SQL injection. Can anyone
>confirm that? It sure sounded simpler than all the testing that is required
>otherwise. And bind variables are good for your performance to boot.
Hi Dennis,
It does defeat SQL Injection. Take a look at the three papers I wrote on
the subject particularly for Oracle on my site at http://www.petefinniga
n.com/orasec/htm -
kind regards
Pete
-- Pete Finnigan email:pete_at_petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Tue Feb 24 2004 - 13:01:30 CST
![]() |
![]() |