Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: SQL Injection
Here is another paper: http://www.ii.uib.no/~moen/inf248/slides_0710.pdf
On 3/22/06, Dennis Williams <oracledba.williams_at_gmail.com> wrote:
>
> List,
>
> Here is a recent paper on how hackers can use the SQL injection technique.
>
>
> http://www.ngssoftware.com/papers/sqlinference.pdf
>
> The SQL Server example appears quite appaling, with a hacker being able to
> access the O.S. The Oracle example looks bad (select password from
> dba_users) on the surface, but an ordinary user shouldn't have that table
> and the password is encrypted anyway. Does anyone know if current versions
> of SQL Server are this vulnerable?
>
> Dennis Williams
>
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Mar 22 2006 - 09:02:21 CST
![]() |
![]() |