Practice exercise
- Which method would you employ to protect the PL/SQL code against SQL injection attacks?
- Replace Dynamic SQLs with Static SQLs.
- Replace concatenated inputs in Dynamic SQL with bind arguments.
- Declare the PL/SQL program to be executed by its invoker's rights.
- Remove string type parameters from the procedure.
- You should use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
- True.
- False.
- Choose the impact of SQL injection attacks:
- Malicious string inputs can extract confidential information.
- Unauthorized access can drop a database.
- It can insert the
ORDER
data in to theEMPLOYEES
table. - A procedure executed by owners, (
SYS
) rights can change the password of a user.
- Pick the correct strategies ...
Get Advanced Oracle PL/SQL Developer's Guide - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.