Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Watch for SQL Injection in Oracle

Saturday, January 24, 2004 Comments

 .NET  ArchitecturePatterns  Database Development  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook   

In my everyday life, I work with both SQL Server and Oracle databases to develop databases, schemas, stored procedures, and functions as well as the middle-tier applications that wrap the database functionality.  Along with that work, I also spend a lot of time validating input data, and dealing with other issues of secure coding.

In my upcoming security talk, I will spend some time outlining the dangers of SQL Injection, as I have mentioned before.  I have mentioned, and mostly seen, the problems that you can have with SQL Server regarding SQL Injection, but similar attacks can be done with Oracle, and many other database vendors.  I found a great article today that was mentioned on one of my security mailing lists (sign up for the SC-L mailing list at securecoding.org).  The article is An Introduction to SQL Injection Attacks for Oracle Developers.  There are some really good tips and advice in the article on countering SQL Injection in regards to Oracle databases.  This is also a great read for a general introduction to understanding this important security topic.  Get it today, and be informed.

Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook