SlideShare uma empresa Scribd logo

SQL Injections - Oracle

Ram Kedem
Ram Kedem

This document discusses SQL injections and how to avoid them in Oracle databases. It covers using explicitly bound arguments with dynamic SQL, validating and sanitizing input, and considering the use of invoker's rights instead of definer's rights. The goals are to explain what a SQL injection is with a basic example, how to avoid them, and the differences between invoker and definer rights.

Tecnologia
1 de 22
SQL Injections - Oracle Ram Kedem Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Lesson Goals • What is a SQL Injection – basic example • Avoiding SQL Injections • Using Invoker and Definer Rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Avoiding SQL Injection • To immunize your code against SQL injection attacks, • Use bind arguments explicitly with dynamic SQL. • Use bind arguments automatically with static SQL. • Validate and sanitize all input concatenated to dynamic SQL (DBMS_ASSERT). • Consider using Invoker’s rights. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent
Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Invoker and Definer rights • Definer’s rights: • Programs execute with the privileges of the creating user. • A user does not require privileges on underlying objects the procedure accesses. • Only requires privilege to execute a procedure. • Invoker’s rights: • Programs execute with the privileges of the calling user. • A user requires privileges on the underlying objects the procedure accesses. • There is no need for duplication of code. A single compiled program unit can be made to use schema A's objects when invoked by User A and schema B's objects when invoked by User B. • This way, we have the option of creating a code repository in one place and sharing it with various production users. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
Use Invoker's right Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com

Recomendados

Control Flow Using SSIS
Control Flow Using SSISControl Flow Using SSIS
Control Flow Using SSISRam Kedem
 
SSAS Attributes
SSAS AttributesSSAS Attributes
SSAS AttributesRam Kedem
 
SSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesSSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesRam Kedem
 
Deploy SSIS
Deploy SSISDeploy SSIS
Deploy SSISRam Kedem
 
SSIS Incremental ETL process
SSIS Incremental ETL processSSIS Incremental ETL process
SSIS Incremental ETL processRam Kedem
 
Data mining In SSAS
Data mining In SSASData mining In SSAS
Data mining In SSASRam Kedem
 
SSIS Basic Data Flow
SSIS Basic Data FlowSSIS Basic Data Flow
SSIS Basic Data FlowRam Kedem
 
SSRS Matrix
SSRS MatrixSSRS Matrix
SSRS MatrixRam Kedem
 

Recomendados

Control Flow Using SSIS
Control Flow Using SSISControl Flow Using SSIS
Control Flow Using SSISRam Kedem
 
SSAS Attributes
SSAS AttributesSSAS Attributes
SSAS AttributesRam Kedem
 
SSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesSSAS Cubes & Hierarchies
SSAS Cubes & HierarchiesRam Kedem
 
Deploy SSIS
Deploy SSISDeploy SSIS
Deploy SSISRam Kedem
 
SSIS Incremental ETL process
SSIS Incremental ETL processSSIS Incremental ETL process
SSIS Incremental ETL processRam Kedem
 
Data mining In SSAS
Data mining In SSASData mining In SSAS
Data mining In SSASRam Kedem
 
SSIS Basic Data Flow
SSIS Basic Data FlowSSIS Basic Data Flow
SSIS Basic Data FlowRam Kedem
 
SSRS Matrix
SSRS MatrixSSRS Matrix
SSRS MatrixRam Kedem
 
Unite 8 carotte bâton
Unite 8 carotte bâtonUnite 8 carotte bâton
Unite 8 carotte bâtonAmélie Baillargeon
 
Growth-mindset-business-model-you
Growth-mindset-business-model-youGrowth-mindset-business-model-you
Growth-mindset-business-model-youbirgittabiz
 
Lecture6
Lecture6Lecture6
Lecture6LGS, GBHS&IC, University Of South-Asia, TARA-Technologies
 
Marknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMarknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMellstrand
 
Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016FUSADES
 
Tarea del seminario 3
Tarea del seminario 3Tarea del seminario 3
Tarea del seminario 3marisa9773
 
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...Crescando
 
Unite 9 finalite
Unite 9 finaliteUnite 9 finalite
Unite 9 finaliteAmélie Baillargeon
 
Så hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingSå hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingCrescando
 
Kona Biometric Card
Kona Biometric CardKona Biometric Card
Kona Biometric CardKona Software Lab Limited.
 
Lesson 5 security
Lesson 5 securityLesson 5 security
Lesson 5 securityRam Kedem
 
spring bed new heaven
spring bed new heavenspring bed new heaven
spring bed new heavensurabaya spring
 
Managing Knowledge and Change
Managing Knowledge and ChangeManaging Knowledge and Change
Managing Knowledge and ChangePeter Bjellerup
 
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...tdc-globalcode
 
Avvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareAvvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareRenato Savoia
 
Digital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSDigital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSAmazon Web Services
 
RWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceRWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceDATAVERSITY
 
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...Kyong-Ha Lee
 
SSIS Data Flow Tasks
SSIS Data Flow Tasks SSIS Data Flow Tasks
SSIS Data Flow Tasks Ram Kedem
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSASRam Kedem
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Ram Kedem
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic ParametersRam Kedem
 

Mais conteúdo relacionado

Destaque

Growth-mindset-business-model-you
Growth-mindset-business-model-youGrowth-mindset-business-model-you
Growth-mindset-business-model-youbirgittabiz
 
Marknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMarknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMellstrand
 
Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016FUSADES
 
Tarea del seminario 3
Tarea del seminario 3Tarea del seminario 3
Tarea del seminario 3marisa9773
 
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...Crescando
 
Så hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingSå hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingCrescando
 
Lesson 5 security
Lesson 5 securityLesson 5 security
Lesson 5 securityRam Kedem
 
Managing Knowledge and Change
Managing Knowledge and ChangeManaging Knowledge and Change
Managing Knowledge and ChangePeter Bjellerup
 
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...tdc-globalcode
 
Avvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareAvvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareRenato Savoia
 
Digital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSDigital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSAmazon Web Services
 
RWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceRWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceDATAVERSITY
 
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...Kyong-Ha Lee
 

Destaque (18)

Unite 8 carotte bâton
Unite 8 carotte bâtonUnite 8 carotte bâton
Unite 8 carotte bâton
 
Growth-mindset-business-model-you
Growth-mindset-business-model-youGrowth-mindset-business-model-you
Growth-mindset-business-model-you
 
Lecture6
Lecture6Lecture6
Lecture6
 
Marknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskapMarknadskommunikation i ett förändrat medielandskap
Marknadskommunikation i ett förändrat medielandskap
 
Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016Agenda semana global de emprendimiento 2016
Agenda semana global de emprendimiento 2016
 
Tarea del seminario 3
Tarea del seminario 3Tarea del seminario 3
Tarea del seminario 3
 
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
B2B Inbound Summit: 5 steg till en Content Marketing-plan som fungerar i prak...
 
Unite 9 finalite
Unite 9 finaliteUnite 9 finalite
Unite 9 finalite
 
Så hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketingSå hjälper du dina kunder att köpa med smart content marketing
Så hjälper du dina kunder att köpa med smart content marketing
 
Kona Biometric Card
Kona Biometric CardKona Biometric Card
Kona Biometric Card
 
Lesson 5 security
Lesson 5 securityLesson 5 security
Lesson 5 security
 
spring bed new heaven
spring bed new heavenspring bed new heaven
spring bed new heaven
 
Managing Knowledge and Change
Managing Knowledge and ChangeManaging Knowledge and Change
Managing Knowledge and Change
 
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
TDC2016POA | Trilha BigData - Orquestrando Hadoop, Cassandra e MongoDB com o ...
 
Avvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinareAvvocati: le sanzioni e il procedimento disciplinare
Avvocati: le sanzioni e il procedimento disciplinare
 
Digital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWSDigital Media Ingest and Storage Options on AWS
Digital Media Ingest and Storage Options on AWS
 
RWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data GovernanceRWDG Webinar: Achieving Data Quality Through Data Governance
RWDG Webinar: Achieving Data Quality Through Data Governance
 
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
HadoopXML: A Suite for Parallel Processing of Massive XML Data with Multiple ...
 

Semelhante a SQL Injections - Oracle

SSIS Data Flow Tasks
SSIS Data Flow Tasks SSIS Data Flow Tasks
SSIS Data Flow Tasks Ram Kedem
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSASRam Kedem
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Ram Kedem
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic ParametersRam Kedem
 
Power Pivot and Power View
Power Pivot and Power ViewPower Pivot and Power View
Power Pivot and Power ViewRam Kedem
 
Working with Controllers and Actions in MVC
Working with Controllers and Actions in MVCWorking with Controllers and Actions in MVC
Working with Controllers and Actions in MVCLearnNowOnline
 
MSSQL Server - Automation
MSSQL Server - AutomationMSSQL Server - Automation
MSSQL Server - AutomationRam Kedem
 
Open source Cloud Automation Platform
Open source Cloud Automation PlatformOpen source Cloud Automation Platform
Open source Cloud Automation PlatformKishore Neelamegam
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5LearnNowOnline
 
Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2sapientindia
 
Building share point apps with angularjs
Building share point apps with angularjsBuilding share point apps with angularjs
Building share point apps with angularjsAhmed Elharouny
 
Application patterns
Application patternsApplication patterns
Application patternstomi vanek
 
SSRS Conditional Formatting
SSRS Conditional FormattingSSRS Conditional Formatting
SSRS Conditional FormattingRam Kedem
 
Couchbase usage at Symantec
Couchbase usage at SymantecCouchbase usage at Symantec
Couchbase usage at Symantecgauravchandna
 
Coordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud ContractCoordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud ContractOmri Spector
 
Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)Michael Elder
 
Deploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspectiveDeploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspectiveDialogic Inc.
 

Semelhante a SQL Injections - Oracle (20)

SSIS Data Flow Tasks
SSIS Data Flow Tasks SSIS Data Flow Tasks
SSIS Data Flow Tasks
 
Data Mining in SSAS
Data Mining in SSASData Mining in SSAS
Data Mining in SSAS
 
Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014Deploy SSRS Project - SQL Server 2014
Deploy SSRS Project - SQL Server 2014
 
SSRS Basic Parameters
SSRS Basic ParametersSSRS Basic Parameters
SSRS Basic Parameters
 
SQL Server: Security
SQL Server: SecuritySQL Server: Security
SQL Server: Security
 
Power Pivot and Power View
Power Pivot and Power ViewPower Pivot and Power View
Power Pivot and Power View
 
Working with Controllers and Actions in MVC
Working with Controllers and Actions in MVCWorking with Controllers and Actions in MVC
Working with Controllers and Actions in MVC
 
MSSQL Server - Automation
MSSQL Server - AutomationMSSQL Server - Automation
MSSQL Server - Automation
 
Salesforce.com Training Course Agenda
Salesforce.com Training Course AgendaSalesforce.com Training Course Agenda
Salesforce.com Training Course Agenda
 
Open source Cloud Automation Platform
Open source Cloud Automation PlatformOpen source Cloud Automation Platform
Open source Cloud Automation Platform
 
What's new in Silverlight 5
What's new in Silverlight 5What's new in Silverlight 5
What's new in Silverlight 5
 
Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2Redefining Perspectives edition 12 and 13 session 2
Redefining Perspectives edition 12 and 13 session 2
 
Building share point apps with angularjs
Building share point apps with angularjsBuilding share point apps with angularjs
Building share point apps with angularjs
 
Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2Community day _aws_ci_cd_v0.2
Community day _aws_ci_cd_v0.2
 
Application patterns
Application patternsApplication patterns
Application patterns
 
SSRS Conditional Formatting
SSRS Conditional FormattingSSRS Conditional Formatting
SSRS Conditional Formatting
 
Couchbase usage at Symantec
Couchbase usage at SymantecCouchbase usage at Symantec
Couchbase usage at Symantec
 
Coordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud ContractCoordinating Micro-Services with Spring Cloud Contract
Coordinating Micro-Services with Spring Cloud Contract
 
Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)Enterprise Cloud with IBM & Chef (ChefConf 2013)
Enterprise Cloud with IBM & Chef (ChefConf 2013)
 
Deploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspectiveDeploying WebRTC successfully – A web developer perspective
Deploying WebRTC successfully – A web developer perspective
 

Mais de Ram Kedem

Impala use case @ edge
Impala use case @ edgeImpala use case @ edge
Impala use case @ edgeRam Kedem
 
Advanced SQL Webinar
Advanced SQL WebinarAdvanced SQL Webinar
Advanced SQL WebinarRam Kedem
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database InstanceRam Kedem
 
DDL Practice (Hebrew)
DDL Practice (Hebrew)DDL Practice (Hebrew)
DDL Practice (Hebrew)Ram Kedem
 
DML Practice (Hebrew)
DML Practice (Hebrew)DML Practice (Hebrew)
DML Practice (Hebrew)Ram Kedem
 
Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Ram Kedem
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQLRam Kedem
 
Introduction to Databases
Introduction to DatabasesIntroduction to Databases
Introduction to DatabasesRam Kedem
 
Pig - Processing XML data
Pig - Processing XML dataPig - Processing XML data
Pig - Processing XML dataRam Kedem
 
SSRS Calculated Fields
SSRS Calculated FieldsSSRS Calculated Fields
SSRS Calculated FieldsRam Kedem
 
Data Warehouse Design Considerations
Data Warehouse Design ConsiderationsData Warehouse Design Considerations
Data Warehouse Design ConsiderationsRam Kedem
 
Data Warehouse Basics
Data Warehouse BasicsData Warehouse Basics
Data Warehouse BasicsRam Kedem
 

Mais de Ram Kedem (14)

Impala use case @ edge
Impala use case @ edgeImpala use case @ edge
Impala use case @ edge
 
Advanced SQL Webinar
Advanced SQL WebinarAdvanced SQL Webinar
Advanced SQL Webinar
 
Managing oracle Database Instance
Managing oracle Database InstanceManaging oracle Database Instance
Managing oracle Database Instance
 
DDL Practice (Hebrew)
DDL Practice (Hebrew)DDL Practice (Hebrew)
DDL Practice (Hebrew)
 
DML Practice (Hebrew)
DML Practice (Hebrew)DML Practice (Hebrew)
DML Practice (Hebrew)
 
Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)Exploring Oracle Database Architecture (Hebrew)
Exploring Oracle Database Architecture (Hebrew)
 
Introduction to SQL
Introduction to SQLIntroduction to SQL
Introduction to SQL
 
Introduction to Databases
Introduction to DatabasesIntroduction to Databases
Introduction to Databases
 
Pig - Processing XML data
Pig - Processing XML dataPig - Processing XML data
Pig - Processing XML data
 
SSRS Gauges
SSRS GaugesSSRS Gauges
SSRS Gauges
 
SSRS Calculated Fields
SSRS Calculated FieldsSSRS Calculated Fields
SSRS Calculated Fields
 
SSRS Groups
SSRS GroupsSSRS Groups
SSRS Groups
 
Data Warehouse Design Considerations
Data Warehouse Design ConsiderationsData Warehouse Design Considerations
Data Warehouse Design Considerations
 
Data Warehouse Basics
Data Warehouse BasicsData Warehouse Basics
Data Warehouse Basics
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

SQL Injections - Oracle

  • 1. SQL Injections - Oracle Ram Kedem Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 2. Lesson Goals • What is a SQL Injection – basic example • Avoiding SQL Injections • Using Invoker and Definer Rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 3. SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 4. SQL Injection – Basic Example Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 5. Avoiding SQL Injection • To immunize your code against SQL injection attacks, • Use bind arguments explicitly with dynamic SQL. • Use bind arguments automatically with static SQL. • Validate and sanitize all input concatenated to dynamic SQL (DBMS_ASSERT). • Consider using Invoker’s rights. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 6. Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent
  • 7. Explicitly bind arguments with dynamic SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 8. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 9. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 10. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 11. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 12. Automatic bind variables with static SQL Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 13. Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 14. Avoiding SQL Injection using DBMS_ASSERT Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 15. Invoker and Definer rights • Definer’s rights: • Programs execute with the privileges of the creating user. • A user does not require privileges on underlying objects the procedure accesses. • Only requires privilege to execute a procedure. • Invoker’s rights: • Programs execute with the privileges of the calling user. • A user requires privileges on the underlying objects the procedure accesses. • There is no need for duplication of code. A single compiled program unit can be made to use schema A's objects when invoked by User A and schema B's objects when invoked by User B. • This way, we have the option of creating a code repository in one place and sharing it with various production users. Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 16. Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 17. Definer’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 18. Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 19. Invoker’s rights Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 20. Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 21. Change Password Procedure Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com
  • 22. Use Invoker's right Copyright 2014 © Ram Kedem. All rights reserved. Not to be reproduced without written consent Ramkedem.com