Practice exercise

  1. Which method would you employ to immunize the PL/SQL code against SQL Injection attacks?
    1. Replace Dynamic SQLs with Static SQLs.
    2. Replace concatenated inputs in Dynamic SQL with binds arguments.
    3. Declare the PL/SQL program to be executed by its invoker's rights.
    4. Removing string type parameters from the procedure.
  2. Use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
    1. True
    2. False
  3. Choose the impact of SQL injection attacks:
    1. Malicious string inputs can extract confidential information.
    2. Unauthorized access can drop a database.
    3. It can insert ORDER data in EMPLOYEES table.
    4. A procedure executed with owners' (SYS) rights can change the password of a user.
  4. Pick the correct strategies to fight against ...

Get Oracle Advanced PL/SQL Developer Professional Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial