Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: SQL Injection Concern
Use bind variables. That will greatly reduce or eliminate
the chance of SQL injection with 'execute immedate'.
On Mon, 10 Jan 2005 10:32:31 -0600, Knight, Jon <jknight_at_concordefs.com> wrote:
> We've got a table listing stored programs that need to execute after
> various application activity. My first thought is to just use "execute
> immediate" on the stored program. But this will allow anyone to insert a
> row into our table and execute arbitrary code. I'm interested in any
> suggestions or solutions you've implemented to tighten up security in such a
> situation.
>
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- http://www.freelists.org/webpage/oracle-lReceived on Mon Jan 10 2005 - 11:39:31 CST
![]() |
![]() |