Oracle Security is easier if you design for it
View Profile | WWW | Email
Steven F's SQLguard - sql injection prevention pkg
« on: Oct 29th, 2007, 4:45am »
Quote | Modify
I'm on one of Steven Feuerstein's Oracle email lists, and received one a day or so ago with this item :
You've probably heard of SQL injection: the process by which a malicious user manipulates a pgram that executes dynamic SQL so as to "inject" nasty code into your application and cause all sorts of problems.
SQL injection is a major security concern and something that all PL/SQL developers should pay attention to. That is also a hard thing to do. So I have been playing around with the idea of providing a package to help you guard against SQL injection: the sql_guard package.
I have a first version of the package built and would love to have some developers who have experience with SQL injection issues take a look at it, try it out, give me feedback.
So....does that sound like you? Are you interested in checking out sql_guard? If so, please reply to this email [sent from email@example.com] and send a copy to firstname.lastname@example.org, to give you a better chance of evading my various spam filters.
Not sure whether he's raised this in/with the Oracle security community before.