| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: SQL Injection Concern
Thanks all for the suggestions. BTW, We have an upgrade on the way, but
we're still on 8i ...
A read-only table is new to me. How do I make it read only? By putting it in a read only tablespace? Or, is there another way?
Thanks,
Jon
-----Original Message-----
From: Mercadante, Thomas F [mailto:thomas.mercadante_at_labor.state.ny.us] Sent: Monday, January 10, 2005 10:48 AM To: 'jknight_at_concordefs.com'; oracle-l_at_freelists.org Subject: RE: SQL Injection Concern
Can you not control what gets put into this table? Make it read-only?
-----Original Message-----
From: Knight, Jon [mailto:jknight_at_concordefs.com]
Sent: Monday, January 10, 2005 11:33 AM
To: oracle-l_at_freelists.org
Subject: SQL Injection Concern
We've got a table listing stored programs that need to execute after various application activity. My first thought is to just use "execute immediate" on the stored program. But this will allow anyone to insert a row into our table and execute arbitrary code. I'm interested in any suggestions or solutions you've implemented to tighten up security in such a situation.
Thanks,
Jon Knight
Senior Database Analyst
2525 Horizon Lake Drive, Suite 120
Memphis, TN 38133
JKnight_at_concordefs.com
901.371.8000 - Phone 800.238.7675 - Phone 901.380.8336 - Fax www.FirstData.com
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Jan 10 2005 - 11:25:47 CST
 |
 |