Practice exercise
- Which method would you employ to immunize the PL/SQL code against SQL Injection attacks?
- Replace Dynamic SQLs with Static SQLs.
- Replace concatenated inputs in Dynamic SQL with binds arguments.
- Declare the PL/SQL program to be executed by its invoker's rights.
- Removing string type parameters from the procedure.
- Use static SQL to avoid SQL injection when all Oracle identifiers are known at the time of code execution.
- True
- False
- Choose the impact of SQL injection attacks:
- Malicious string inputs can extract confidential information.
- Unauthorized access can drop a database.
- It can insert
ORDER
data inEMPLOYEES
table. - A procedure executed with owners' (
SYS
) rights can change the password of a user.
- Pick the correct strategies to fight against ...
Get Oracle Advanced PL/SQL Developer Professional Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.