Which method would you employ to protect the PL/SQL code against SQL injection attacks?
Replace Dynamic SQLs with Static SQLs.
Replace concatenated inputs in Dynamic SQL with bind arguments.
Declare the PL/SQL program to be executed by its invoker's rights.
Remove string type parameters from the procedure.
You should use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
True.
False.
Choose the impact of SQL injection attacks:
Malicious string inputs can extract confidential information.
Unauthorized access can drop a database.
It can insert the
ORDER
data in to theEMPLOYEES
table.A procedure executed by owners, (
SYS
) rights can change the password of a user.
Pick the correct strategies to fight against SQL injection:
Sanitize the malicious inputs from the application layer with
DBMS_ASSERT
.Remove string concatenated inputs from the Oracle subprogram.
Dynamic SQL should be removed from the stage.
Execute a PL/SQL program with its creator...
Advanced Oracle PL/SQL Developer's Guide (Second Edition) - Second Edition
By :
Advanced Oracle PL/SQL Developer's Guide (Second Edition) - Second Edition
By:
Overview of this book
Oracle Database is one of the most popular databases and allows users to make efficient use of their resources and to enhance service levels while reducing the IT costs incurred. Oracle Database is sometimes compared with Microsoft SQL Server, however, Oracle Database clearly supersedes SQL server in terms of high availability and addressing planned and unplanned downtime. Oracle PL/SQL provides a rich platform for application developers to code and build scalable database applications and introduces multiple new features and enhancements to improve development experience.
Advanced Oracle PL/SQL Developer's Guide, Second Edition is a handy technical reference for seasoned professionals in the database development space. This book starts with a refresher of fundamental concepts of PL/SQL, such as anonymous block, subprograms, and exceptions, and prepares you for the upcoming advanced concepts. The next chapter introduces you to the new features of Oracle Database 12c, not limited to PL/SQL. In this chapter, you will understand some of the most talked about features such as Multitenant and Database In-Memory. Moving forward, each chapter introduces advanced concepts with the help of demonstrations, and provides you with the latest update from Oracle Database 12c context. This helps you to visualize the pre- and post-applications of a feature over the database releases. By the end of this book, you will have become an expert in PL/SQL programming and will be able to implement advanced concepts of PL/SQL for efficient management of Oracle Database.
Table of Contents (19 chapters)
Advanced Oracle PL/SQL Developer's Guide Second Edition
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Overview of PL/SQL Programming Concepts
Oracle 12c SQL and PL/SQL New Features
Designing PL/SQL Code
Using Collections
Using Advanced Interface Methods
Virtual Private Database
Oracle SecureFiles
Tuning the PL/SQL Code
Result Cache
Analyzing, Profiling, and Tracing PL/SQL Code
Safeguarding PL/SQL Code against SQL injection
Working with Oracle SQL Developer
Index
Customer Reviews