SlideShare ist ein Scribd-Unternehmen logo

SQL Injections - Oracle

Ram Kedem
Ram Kedem

This document discusses SQL injections and how to avoid them in Oracle databases. It covers using explicitly bound arguments with dynamic SQL, validating and sanitizing input, and considering the use of invoker's rights instead of definer's rights. The goals are to explain what a SQL injection is with a basic example, how to avoid them, and the differences between invoker and definer rights.

Technologie
1 von 22
SQL Injections - Oracle Ram Kedem Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Lesson Goals • What is a SQL Injection – basic example • Avoiding SQL Injections • Using Invoker and Definer Rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Avoiding SQL Injection • To immunize your code against SQL injection attacks, • Use bind arguments explicitly with dynamic SQL. • Use bind arguments automatically with static SQL. • Validate and sanitize all input concatenated to dynamic SQL (DBMS_ASSERT). • Consider using Invoker’s rights. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent
Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Invoker and Definer rights • Definer’s rights: • Programs execute with the privileges of the creating user. • A user does not require privileges on underlying objects the procedure accesses. • Only requires privilege to execute a procedure. • Invoker’s rights: • Programs execute with the privileges of the calling user. • A user requires privileges on the underlying objects the procedure accesses. • There is no need for duplication of code. A single compiled program unit can be made to use schema A's objects when invoked by User A and schema B's objects when invoked by User B. • This way, we have the option of creating a code repository in one place and sharing it with various production users. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Use Invoker's right Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com

Empfohlen

Control Flow Using SSIS
Control Flow Using SSISControl Flow Using SSIS
Control Flow Using SSISRam Kedem
 
SSAS Attributes
SSAS AttributesSSAS Attributes
SSAS AttributesRam Kedem
 
SSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesSSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesRam Kedem
 
Deploy SSIS
Deploy SSISDeploy SSIS
Deploy SSISRam Kedem
 
SSIS Incremental ETL process
SSIS Incremental ETL processSSIS Incremental ETL process
SSIS Incremental ETL processRam Kedem
 
Data mining In SSAS
Data mining In SSASData mining In SSAS
Data mining In SSASRam Kedem
 
SSIS Basic Data Flow
SSIS Basic Data FlowSSIS Basic Data Flow
SSIS Basic Data FlowRam Kedem
 
SSRS Matrix
SSRS MatrixSSRS Matrix
SSRS MatrixRam Kedem
 

Empfohlen

Control Flow Using SSIS
Control Flow Using SSISControl Flow Using SSIS
Control Flow Using SSISRam Kedem
 
SSAS Attributes
SSAS AttributesSSAS Attributes
SSAS AttributesRam Kedem
 
SSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesSSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesRam Kedem
 
Deploy SSIS
Deploy SSISDeploy SSIS
Deploy SSISRam Kedem
 
SSIS Incremental ETL process
SSIS Incremental ETL processSSIS Incremental ETL process
SSIS Incremental ETL processRam Kedem
 
Data mining In SSAS
Data mining In SSASData mining In SSAS
Data mining In SSASRam Kedem
 
SSIS Basic Data Flow
SSIS Basic Data FlowSSIS Basic Data Flow
SSIS Basic Data FlowRam Kedem
 
SSRS Matrix
SSRS MatrixSSRS Matrix
SSRS MatrixRam Kedem
 
Unite 8 carotte bâton
Unite 8 carotte bâtonUnite 8 carotte bâton
Unite 8 carotte bâtonAmélie Baillargeon
 
Growth-mindset-business-model-you
Growth-mindset-business-model-youGrowth-mindset-business-model-you
Growth-mindset-business-model-youbirgittabiz
 
Lecture6
Lecture6Lecture6
Lecture6LGS, GBHS&IC, University Of South-Asia, TARA-Technologies
 
Marknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMarknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMellstrand
 
Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016FUSADES
 
Tarea del seminario 3
Tarea del seminario 3Tarea del seminario 3
Tarea del seminario 3marisa9773
 
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...Crescando
 
Unite 9 finalite
Unite 9 finaliteUnite 9 finalite
Unite 9 finaliteAmélie Baillargeon
 
Så hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingSå hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingCrescando
 
Kona Biometric Card
Kona Biometric CardKona Biometric Card
Kona Biometric CardKona Software Lab Limited.
 
Lesson 5 security
Lesson 5 securityLesson 5 security
Lesson 5 securityRam Kedem
 
spring bed new heaven
spring bed new heavenspring bed new heaven
spring bed new heavensurabaya spring
 
Managing Knowledge and Change
Managing Knowledge and ChangeManaging Knowledge and Change
Managing Knowledge and ChangePeter Bjellerup
 
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...tdc-globalcode
 
Avvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareAvvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareRenato Savoia
 
Digital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSDigital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSAmazon Web Services
 
RWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceRWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceDATAVERSITY
 
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...Kyong-Ha Lee
 
SSIS Data Flow Tasks
SSIS Data Flow Tasks SSIS Data Flow Tasks
SSIS Data Flow Tasks Ram Kedem
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSASRam Kedem
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Ram Kedem
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic ParametersRam Kedem
 

Weitere ähnliche Inhalte

Andere mochten auch

Growth-mindset-business-model-you
Growth-mindset-business-model-youGrowth-mindset-business-model-you
Growth-mindset-business-model-youbirgittabiz
 
Marknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMarknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMellstrand
 
Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016FUSADES
 
Tarea del seminario 3
Tarea del seminario 3Tarea del seminario 3
Tarea del seminario 3marisa9773
 
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...Crescando
 
Så hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingSå hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingCrescando
 
Lesson 5 security
Lesson 5 securityLesson 5 security
Lesson 5 securityRam Kedem
 
Managing Knowledge and Change
Managing Knowledge and ChangeManaging Knowledge and Change
Managing Knowledge and ChangePeter Bjellerup
 
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...tdc-globalcode
 
Avvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareAvvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareRenato Savoia
 
Digital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSDigital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSAmazon Web Services
 
RWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceRWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceDATAVERSITY
 
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...Kyong-Ha Lee
 

Andere mochten auch (18)

Unite 8 carotte bâton
Unite 8 carotte bâtonUnite 8 carotte bâton
Unite 8 carotte bâton
 
Growth-mindset-business-model-you
Growth-mindset-business-model-youGrowth-mindset-business-model-you
Growth-mindset-business-model-you
 
Lecture6
Lecture6Lecture6
Lecture6
 
Marknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMarknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskap
 
Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016
 
Tarea del seminario 3
Tarea del seminario 3Tarea del seminario 3
Tarea del seminario 3
 
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
 
Unite 9 finalite
Unite 9 finaliteUnite 9 finalite
Unite 9 finalite
 
Så hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingSå hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketing
 
Kona Biometric Card
Kona Biometric CardKona Biometric Card
Kona Biometric Card
 
Lesson 5 security
Lesson 5 securityLesson 5 security
Lesson 5 security
 
spring bed new heaven
spring bed new heavenspring bed new heaven
spring bed new heaven
 
Managing Knowledge and Change
Managing Knowledge and ChangeManaging Knowledge and Change
Managing Knowledge and Change
 
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
 
Avvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareAvvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinare
 
Digital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSDigital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWS
 
RWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceRWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data Governance
 
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
 

Ähnlich wie SQL Injections - Oracle

SSIS Data Flow Tasks
SSIS Data Flow Tasks SSIS Data Flow Tasks
SSIS Data Flow Tasks Ram Kedem
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSASRam Kedem
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Ram Kedem
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic ParametersRam Kedem
 
Power Pivot and Power View
Power Pivot and Power ViewPower Pivot and Power View
Power Pivot and Power ViewRam Kedem
 
Working with Controllers and Actions in MVC
Working with Controllers and Actions in MVCWorking with Controllers and Actions in MVC
Working with Controllers and Actions in MVCLearnNowOnline
 
MSSQL Server - Automation
MSSQL Server - AutomationMSSQL Server - Automation
MSSQL Server - AutomationRam Kedem
 
Open source Cloud Automation Platform
Open source Cloud Automation PlatformOpen source Cloud Automation Platform
Open source Cloud Automation PlatformKishore Neelamegam
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5LearnNowOnline
 
Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2sapientindia
 
Building share point apps with angularjs
Building share point apps with angularjsBuilding share point apps with angularjs
Building share point apps with angularjsAhmed Elharouny
 
Application patterns
Application patternsApplication patterns
Application patternstomi vanek
 
SSRS Conditional Formatting
SSRS Conditional FormattingSSRS Conditional Formatting
SSRS Conditional FormattingRam Kedem
 
Couchbase usage at Symantec
Couchbase usage at SymantecCouchbase usage at Symantec
Couchbase usage at Symantecgauravchandna
 
Coordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud ContractCoordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud ContractOmri Spector
 
Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)Michael Elder
 
Deploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspectiveDeploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspectiveDialogic Inc.
 

Ähnlich wie SQL Injections - Oracle (20)

SSIS Data Flow Tasks
SSIS Data Flow Tasks SSIS Data Flow Tasks
SSIS Data Flow Tasks
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSAS
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic Parameters
 
SQL Server: Security
SQL Server: SecuritySQL Server: Security
SQL Server: Security
 
Power Pivot and Power View
Power Pivot and Power ViewPower Pivot and Power View
Power Pivot and Power View
 
Working with Controllers and Actions in MVC
Working with Controllers and Actions in MVCWorking with Controllers and Actions in MVC
Working with Controllers and Actions in MVC
 
MSSQL Server - Automation
MSSQL Server - AutomationMSSQL Server - Automation
MSSQL Server - Automation
 
Salesforce.com Training Course Agenda
Salesforce.com Training Course AgendaSalesforce.com Training Course Agenda
Salesforce.com Training Course Agenda
 
Open source Cloud Automation Platform
Open source Cloud Automation PlatformOpen source Cloud Automation Platform
Open source Cloud Automation Platform
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5
 
Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2
 
Building share point apps with angularjs
Building share point apps with angularjsBuilding share point apps with angularjs
Building share point apps with angularjs
 
Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2
 
Application patterns
Application patternsApplication patterns
Application patterns
 
SSRS Conditional Formatting
SSRS Conditional FormattingSSRS Conditional Formatting
SSRS Conditional Formatting
 
Couchbase usage at Symantec
Couchbase usage at SymantecCouchbase usage at Symantec
Couchbase usage at Symantec
 
Coordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud ContractCoordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud Contract
 
Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)
 
Deploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspectiveDeploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspective
 

Mehr von Ram Kedem

Impala use case @ edge
Impala use case @ edgeImpala use case @ edge
Impala use case @ edgeRam Kedem
 
Advanced SQL Webinar
Advanced SQL WebinarAdvanced SQL Webinar
Advanced SQL WebinarRam Kedem
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database InstanceRam Kedem
 
DDL Practice (Hebrew)
DDL Practice (Hebrew)DDL Practice (Hebrew)
DDL Practice (Hebrew)Ram Kedem
 
DML Practice (Hebrew)
DML Practice (Hebrew)DML Practice (Hebrew)
DML Practice (Hebrew)Ram Kedem
 
Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Ram Kedem
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQLRam Kedem
 
Introduction to Databases
Introduction to DatabasesIntroduction to Databases
Introduction to DatabasesRam Kedem
 
Pig - Processing XML data
Pig - Processing XML dataPig - Processing XML data
Pig - Processing XML dataRam Kedem
 
SSRS Calculated Fields
SSRS Calculated FieldsSSRS Calculated Fields
SSRS Calculated FieldsRam Kedem
 
Data Warehouse Design Considerations
Data Warehouse Design ConsiderationsData Warehouse Design Considerations
Data Warehouse Design ConsiderationsRam Kedem
 
Data Warehouse Basics
Data Warehouse BasicsData Warehouse Basics
Data Warehouse BasicsRam Kedem
 

Mehr von Ram Kedem (14)

Impala use case @ edge
Impala use case @ edgeImpala use case @ edge
Impala use case @ edge
 
Advanced SQL Webinar
Advanced SQL WebinarAdvanced SQL Webinar
Advanced SQL Webinar
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
 
DDL Practice (Hebrew)
DDL Practice (Hebrew)DDL Practice (Hebrew)
DDL Practice (Hebrew)
 
DML Practice (Hebrew)
DML Practice (Hebrew)DML Practice (Hebrew)
DML Practice (Hebrew)
 
Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQL
 
Introduction to Databases
Introduction to DatabasesIntroduction to Databases
Introduction to Databases
 
Pig - Processing XML data
Pig - Processing XML dataPig - Processing XML data
Pig - Processing XML data
 
SSRS Gauges
SSRS GaugesSSRS Gauges
SSRS Gauges
 
SSRS Calculated Fields
SSRS Calculated FieldsSSRS Calculated Fields
SSRS Calculated Fields
 
SSRS Groups
SSRS GroupsSSRS Groups
SSRS Groups
 
Data Warehouse Design Considerations
Data Warehouse Design ConsiderationsData Warehouse Design Considerations
Data Warehouse Design Considerations
 
Data Warehouse Basics
Data Warehouse BasicsData Warehouse Basics
Data Warehouse Basics
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

SQL Injections - Oracle

  • 1. SQL Injections - Oracle Ram Kedem Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 2. Lesson Goals • What is a SQL Injection – basic example • Avoiding SQL Injections • Using Invoker and Definer Rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 3. SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 4. SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 5. Avoiding SQL Injection • To immunize your code against SQL injection attacks, • Use bind arguments explicitly with dynamic SQL. • Use bind arguments automatically with static SQL. • Validate and sanitize all input concatenated to dynamic SQL (DBMS_ASSERT). • Consider using Invoker’s rights. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 6. Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent
  • 7. Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 8. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 9. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 10. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 11. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 12. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 13. Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 14. Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 15. Invoker and Definer rights • Definer’s rights: • Programs execute with the privileges of the creating user. • A user does not require privileges on underlying objects the procedure accesses. • Only requires privilege to execute a procedure. • Invoker’s rights: • Programs execute with the privileges of the calling user. • A user requires privileges on the underlying objects the procedure accesses. • There is no need for duplication of code. A single compiled program unit can be made to use schema A's objects when invoked by User A and schema B's objects when invoked by User B. • This way, we have the option of creating a code repository in one place and sharing it with various production users. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 16. Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 17. Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 18. Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 19. Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 20. Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 21. Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 22. Use Invoker's right Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com