Practice exercise

  • Which method would you employ to protect the PL/SQL code against SQL injection attacks?
    1. Replace Dynamic SQLs with Static SQLs.
    2. Replace concatenated inputs in Dynamic SQL with bind arguments.
    3. Declare the PL/SQL program to be executed by its invoker's rights.
    4. Remove string type parameters from the procedure.
  • You should use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
    1. True.
    2. False.
  • Choose the impact of SQL injection attacks:
    1. Malicious string inputs can extract confidential information.
    2. Unauthorized access can drop a database.
    3. It can insert the ORDER data in to the EMPLOYEES table.
    4. A procedure executed by owners, (SYS) rights can change the password of a user.
  • Pick the correct strategies ...

Get Advanced Oracle PL/SQL Developer's Guide - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial