Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Slightly OT: Java in the DB

Re: Slightly OT: Java in the DB

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Tue, 24 Feb 2004 18:56:10 +0000
Message-ID: <cH6HpSAK55OABxxp@peterfinnigan.demon.co.uk> 





In article <0186754BC82DD511B5C600B0D0AAC4D607B0002F_at_EXCHMN3>, DENNIS
WILLIAMS <DWILLIAMS_at_LIFETOUCH.COM> writes


>Somewhere I read that using bind variables defeats SQL injection. Can anyone

>confirm that? It sure sounded simpler than all the testing that is required

>otherwise. And bind variables are good for your performance to boot.




Hi Dennis,



It does defeat SQL Injection. Take a look at the three papers I wrote on
the subject particularly for Oracle on my site at http://www.petefinniga
n.com/orasec/htm - 


kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------


Received on Tue Feb 24 2004 - 13:01:30 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US