Search This Blog

Monday, January 06, 2014

Actions can be performed by using the DBMS_ASSERT package to prevent SQL injection

  1. Prefix all calls to DBMS_ASSERT with the SYS schema name.
  2. Escape single quotes when you use the ENQUOTE_LITERAL procedure.
  3. Define and raise exceptions explicitly to handle DBMS_ASSERT exceptions.
  4. Verify qualified SQL names.
  5. Verify an existing schema name.
  6. Enclose string literals within double quotation marks.

No comments: