Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Detect SQL injection and Prevent SQL injection.

Status
Not open for further replies.

tekpr00

IS-IT--Management
Jan 22, 2008
186
CA
Hello All,

I was wondering if anyone has a sql statement to detect SQL Injection in the database, prevent SQL Injection in the Oracle database 11gr2.

Thanks so much for your input.
 
Tekpr00,

Oracle Firewall (click this link) is a product that can (if configured properly) both detect and prevent SQL injections. As is always the case with Oracle products, prices may vary.

[santa]Mufasa
(aka Dave of Sandy, Utah, USA)
“People may forget what you say, but they will never forget how you made them feel.
 
Thanks for your suggestion SantaMufasa.
I am aware of the Oracle Audit Vault and Database Firewall (AVDF).
I was looking for a free script or shareware that could achieve the same result.
Thanks.
 
tekpr00 said:
...I was looking for a free script or shareware that could achieve the same result.
I admire your optimism.
[sunshine]

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb
 
but don't let it go unsaid that the obvious answer is to use a stored procedure interface - that guarantees that SQL injection will never occur.
Failing that, use sql statements with bind variables.

Cut it off at source, don't try to catch it once it's happened.

Regards

T
 
Thanks everyone for the input.
Stay blessed.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top