Chapter 12. Safeguarding PL/SQL Code against SQL Injection Attacks
Oracle database is, undoubtedly, the uncrowned monarch of "Information Business" across the globe. Though it has narrowed the gap between the expectations and the potential, the question, "Is my information secure?" still hovers the DBMS philosophies. We often discuss the vectors of language strength, performance, storage, and data security. But code vulnerability and security share equal stake in data security. Nevertheless, the strength of SQL and PL/SQL is unquestionable, but vulnerable code writing might motivate a hacker to smuggle through the code and perform vicious manipulations in the data.
In this chapter, we will expand our bandwidth to understand PL/SQL code security. We will understand how "loose code writing" can encompass the code base injection and hence, the data. We will cover the following topics:
SQL injection
Introduction and understanding
Immunizing SQL injection attacks
Reducing the attack surface
Avoiding...