Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Oracle Advanced PL/SQL Developer Professional Guide

You're reading from   Oracle Advanced PL/SQL Developer Professional Guide Master advanced PL/SQL concepts along with plenty of example questions for 1Z0-146 examination with this book and ebook

Arrow left icon
Product type Paperback
Published in May 2012
Publisher Packt
ISBN-13 9781849687225
Length 440 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Saurabh K. Gupta Saurabh K. Gupta
Author Profile Icon Saurabh K. Gupta
Saurabh K. Gupta
Arrow right icon
View More author details
Toc

Table of Contents (22) Chapters Close

Oracle Advanced PL/SQL Developer Professional Guide
Credits
Foreword
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
1. Overview of PL/SQL Programming Concepts FREE CHAPTER 2. Designing PL/SQL Code 3. Using Collections 4. Using Advanced Interface Methods 5. Implementing VPD with Fine Grained Access Control 6. Working with Large Objects 7. Using SecureFile LOBs 8. Compiling and Tuning to Improve Performance 9. Caching to Improve Performance 10. Analyzing PL/SQL Code 11. Profiling and Tracing PL/SQL Code 12. Safeguarding PL/SQL Code against SQL Injection Attacks Answers to Practice Questions Index

Chapter 12, Safeguarding PL/SQL Code against SQL Injection Attacks


Question No.

Answer

Explanation

1

a, b, and c

Dynamic SQL is more prone to injective attacks. Static SQL must be preferred in major cases. In other cases, dynamic SQL must use bind variables.

2

a

If the SQL query identifiers are fixed for all the executions of a subprogram, static SQL can be used in the program.

3

a and d

SQL injection can lead to the leakage of confidential information and perform unauthorized activities.

4

a

The inputs from the application layer must be verified for purity before using in the application.

5

b

Statistical code analysis is used only for logical flow of the code but doesn't provide confirmation on the code vulnerability.

6

a

Fuzzing is a rough testing method to measure the resistivity and scalability of the program, which can discover the vulnerable areas of the code.

7

c and d

The DBMS_ASSERT.SQL_OBJECT_NAME subprogram validates the object contained in the current schema. The SIMPLE_SQL_NAME and QUALIFIED_SQL_NAME functions are used to verify the sanity of the SQL names.

8

b

The quoted identifier is used in queries enclosed within double quotes. Its meaning in the context is entirely different from the unquoted identifier.

9

b

ENQUOTE_LITERAL encloses a given string with single quotes.

10

a, c, and d

The Oracle keywords which implement dynamic SQL in the code are the most vulnerable areas in a PL/SQL code.

11

a and c

AUTHID CURRENT_USER eliminates the chances of SQL injection by executing a PL/SQL program with the rights of its invokers and not of the creator.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image