White Papers

How to Write SQL Injection Proof PL/SQL

Category: Data Management, Software and Web Development

Overview An internet search for "SQL Injection" gets about 4 million hits. The topic excites interest and superstitious fear. This whitepaper dymystifies the topic and explains a straightforward approach to writing database PL/SQL programs that provably guarantees their immunity to SQL injection. Only when a PL/SQL subprogram executes SQL that it creates at run time is there a risk of SQL injection; and one will see that it's easier than one might think to freeze the SQL at PL/SQL compile time. Then one will understand that one needs the rules which prevent the risk only for the rare scenarios that do require run-time-created SQL. It turns out that these rules are simple to state and easy to follow.

By downloading you agree to our Terms and Conditions. These include information regarding use of your personal data.

Publisher: Oracle
File Format: PDF
Date Published: Sep 2, 2009
Format: White Papers
Topics: Application Servers, Database Management

Similiar White Papers

Fibre Channel and iSCSI Performance Comparison for DSS Workloads Using SQL Server 2005

For many years, large enterprises have relied on Fibre Channel (FCP) as the default Storage Area Network (SAN) protocol

Publisher: Network Appliance (NetApp) | Tags: database, ethernet, ip, tco

Software Company Creates Automated "Database Factory" Using SQL Server 2008

CyberSavvy believes in using software automation to make life easier for its customers. Its Software as a Service soluti

Publisher: Microsoft Tips | Tags: data, database, server, software

MSDN Webcast: Windows SharePoint Services and Forms Services (Level 200)

The presenter of this webcast will explore Microsoft Office InfoPath 2007 as a form tool and describe how one can host f

Publisher: Microsoft | Tags: microsoft office, office, sharepoint

MySQL Stored Procedure Programming: Error Handling

The perfect programmer, living in a perfect world, would always write programs that anticipate every possible circumstan

Publisher: O'Reilly Media | Tags: applications, business applications, server, shuttle, software

MSDN Webcast: geekSpeak: T-SQL Tips and Tricks in SQL Server 2008 With Andrew Karcher (Level 200)

This webcast is for Transact-SQL (T-SQL) lover. The presenter introduces to several new features of SQL Server 2008, inc

Publisher: Microsoft | Tags: data

Oracle White Papers

Featured white papers

The Value of Location Intelligence in the Communications Industry

Pitney Bowes

Public Services are under pressure, the challenge is to do more with less. How do you improve citizen satisfaction, increase cost efficiencies and improve service delivery? The power of location intelligence is helping many local authorities...

Download now »
Best Practices for Translating Customer Satisfaction into Revenue

Citrix Online

Today's support organisations are focused on two top-level metrics: financial results and customer satisfaction. For most, it's easy to track financial performance, but customer satisfaction is akin to speaking a foreign language...

Download now »
HP print solutions and 3M

Hewlett-Packard (HP)

The objective for 3M was to optimize office printing infrastructure at 3M locations worldwide, reduce total cost and environmental footprint. Some of the business benefits acheived by switching to HP print solutions...

Download now »