Muy interesante muy interesante Oracle White Paper sobre como escribir Pl/SQL a prueba de "SQL Injection"
Oracle White Paper
How to write SQL injection proof PL/SQL
ABSTRACT
An internet search for “SQL injection” gets about 4 million hits. The topic
excites interest and superstitious fear. This whitepaper dymystifies the topic and
explains a straightforward approach to writing database PL/SQL programs that
provably guarantees their immunity to SQL injection.
Only when a PL/SQL subprogram executes SQL that it creates at run time is
there a risk of SQL injection; and you’ll see that it’s easier than you might think
to freeze the SQL at PL/SQL compile time. Then you’ll understand that you
need the rules which prevent the risk only for the rare scenarios that do require
run-time-created SQL. It turns out that these rules are simple to state and easy to
follow.
http://www.oracle.com/technetwork/database/features/plsql/overview/how-to-write-injection-proof-plsql-1-129572.pdf
No hay comentarios:
Publicar un comentario