Practice exercise
Which method would you employ to protect the PL/SQL code against SQL injection attacks?
Replace Dynamic SQLs with Static SQLs.
Replace concatenated inputs in Dynamic SQL with bind arguments.
Declare the PL/SQL program to be executed by its invoker's rights.
Remove string type parameters from the procedure.
You should use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
True.
False.
Choose the impact of SQL injection attacks:
Malicious string inputs can extract confidential information.
Unauthorized access can drop a database.
It can insert the
ORDERdata in to theEMPLOYEEStable.A procedure executed by owners, (
SYS) rights can change the password of a user.
Pick the correct strategies to fight against SQL injection:
Sanitize the malicious inputs from the application layer with
DBMS_ASSERT.Remove string concatenated inputs from the Oracle subprogram.
Dynamic SQL should be removed from the stage.
Execute a PL/SQL program with its creator...
