Re: SQL Injection Prevention
From: Nigel Rivett (sqlnr_at_hotmail.com)
Date: 09/28/04
- Next message: Valery Pryamikov: "Re: SQL Injection Prevention"
- Previous message: Valery Pryamikov: "Re: SQL Injection Prevention"
- In reply to: Nigel Rivett: "Re: SQL Injection Prevention"
- Next in thread: Valery Pryamikov: "Re: SQL Injection Prevention"
- Reply: Valery Pryamikov: "Re: SQL Injection Prevention"
- Reply: Valery Pryamikov: "Re: SQL Injection Prevention"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 28 Sep 2004 08:23:10 -0700
Just noticed you said
>> in Oracle you have possibility to
Missed "possibility" on first reading. Sure you can do that in a stored
procedure but it would be a last resort and you would be very careful about
the way you implemented it and what had access to it.
You would need to compare that against someone building an sql statement to
execute the parameterised query which I guess would have the same
vulnerability.
- Next message: Valery Pryamikov: "Re: SQL Injection Prevention"
- Previous message: Valery Pryamikov: "Re: SQL Injection Prevention"
- In reply to: Nigel Rivett: "Re: SQL Injection Prevention"
- Next in thread: Valery Pryamikov: "Re: SQL Injection Prevention"
- Reply: Valery Pryamikov: "Re: SQL Injection Prevention"
- Reply: Valery Pryamikov: "Re: SQL Injection Prevention"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
