Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: SQL Injection

Re: SQL Injection

From: Dennis Williams <oracledba.williams_at_gmail.com>
Date: Wed, 22 Mar 2006 09:02:21 -0600
Message-ID: <de807caa0603220702v18775437ub6daf82a58be482b@mail.gmail.com>


Here is another paper: http://www.ii.uib.no/~moen/inf248/slides_0710.pdf

On 3/22/06, Dennis Williams <oracledba.williams_at_gmail.com> wrote:
>
> List,
>
> Here is a recent paper on how hackers can use the SQL injection technique.
>
>
> http://www.ngssoftware.com/papers/sqlinference.pdf
>
> The SQL Server example appears quite appaling, with a hacker being able to
> access the O.S. The Oracle example looks bad (select password from
> dba_users) on the surface, but an ordinary user shouldn't have that table
> and the password is encrypted anyway. Does anyone know if current versions
> of SQL Server are this vulnerable?
>
> Dennis Williams
>

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Mar 22 2006 - 09:02:21 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US