Practice exercise
Which method would you employ to immunize the PL/SQL code against SQL Injection attacks?
Replace Dynamic SQLs with Static SQLs.
Replace concatenated inputs in Dynamic SQL with binds arguments.
Declare the PL/SQL program to be executed by its invoker's rights.
Removing string type parameters from the procedure.
Use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
True
False
Choose the impact of SQL injection attacks:
Malicious string inputs can extract confidential information.
Unauthorized access can drop a database.
It can insert
ORDERdata inEMPLOYEEStable.A procedure executed with owners' (
SYS) rights can change the password of a user.
Pick the correct strategies to fight against of SQL injection
Sanitize the malicious inputs from the application layer with
DBMS_ASSERT.Remove string concatenated inputs from the Oracle subprogram.
Dynamic SQL should be removed from the stage.
Execute a PL/SQL program with its creator's rights.
Statistical...
