Oracle Community

The social network for Oracle people

Stew Stryker

SQL Injection prevention tutorial

Posted by Stew Stryker on May 16, 2008 at 10:21am

Previous Post View Blog Posts

[This isn't specifically about Apex, but definitely applies.]

First, if you haven't read about the recently-published SQL exploit vulnerability, you should here:

http://www.computerworld.com/action/article.do?command=viewArticleB...

and David's paper on Lateral SQL Injection is available at:

http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf

Second, I did a little scouting and found a tutorial from Oracle that explains the vulnerabilities and where you need to guard against them. There's even a little video that steps you through the scenarios and how you should guard against them. Definitely worth the time.

http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm

Lastly, here's a little graphic from the tutorial that gives you the quick point:

Tags: injection, sql

1 Comment

Dimitri Gielis Comment by Dimitri Gielis on June 3, 2008 at 2:33pm
Hi Stew,

I tried to add you on apexblogs.info but it seems that your blog is not standard atom. I'll try to interprete it in the next days and adapt my procedure.

Nice blog.

See you at ODTUG,
Dimitri

Add a Comment

You need to be a member of Oracle Community to add comments!

Join this network

RSS

About Oracle Community

Eddie Awad Eddie Awad created this social network on Ning.

Create your own social network!

Latest Activity

Francis Pouler Francis Pouler's profile changed 50 minutes ago
Francis Pouler Francis Pouler joined Oracle Community. Leave a Comment for Francis Pouler. 58 minutes ago
Rajeeb Dutta Rajeeb Dutta left a comment for DEVendra Gulve 1 hour ago
Rajkumar Singh Rajkumar Singh joined Oracle Community. Leave a Comment for Rajkumar Singh. 2 hours ago
Umesh Joshi and DEVendra Gulve are now friends
Umesh Joshi DEVendra Gulve
2 hours ago
DEVendra Gulve DEVendra Gulve left a comment for Umesh Joshi 2 hours ago
Umesh Joshi Umesh Joshi joined Oracle Community. Leave a Comment for Umesh Joshi. 2 hours ago
DEVendra Gulve DEVendra Gulve added the blog post 'Data flow for Order - to - Cash cycle' 3 hours ago
Ram K Ram K joined the group Oracle Contractors 5 hours ago
Ram K Ram K joined Oracle Community. Leave a Comment for Ram K. 5 hours ago
TongucY TongucY commented on the event Blogger Meetup - Oracle OpenWorld 2008 6 hours ago
TongucY TongucY decided to attend the event Blogger Meetup - Oracle OpenWorld 2008 6 hours ago
Chris Muir Chris Muir commented on the event Blogger Meetup - Oracle OpenWorld 2008 6 hours ago
Chris Muir Chris Muir decided to attend the event Blogger Meetup - Oracle OpenWorld 2008 6 hours ago
DEVendra Gulve DEVendra Gulve's profile changed 6 hours ago
DEVendra Gulve DEVendra Gulve left a comment for Rajeeb Dutta 6 hours ago

Oracle Community Badge

Spread the word. Get your own Oracle Community badge for your website or MySpace page. (Get Code)

Get More Badges

© 2008   Created by Eddie Awad on Ning.   Create your own social network

Report an Issue  |  Feedback  |  Privacy  |  Terms of Service