Detect SQL injection and Prevent SQL injection.

[tekpr00]

Hello All,

I was wondering if anyone has a sql statement to detect SQL Injection in the database, prevent SQL Injection in the Oracle database 11gr2.

Thanks so much for your input.

 

[SantaMufasa]

Tekpr00,

Oracle Firewall (click this link) is a product that can (if configured properly) both detect and prevent SQL injections. As is always the case with Oracle products, prices may vary.

Mufasa
(aka Dave of Sandy, Utah, USA)
“People may forget what you say, but they will never forget how you made them feel.

 

[tekpr00]

Thanks for your suggestion SantaMufasa.
I am aware of the Oracle Audit Vault and Database Firewall (AVDF).
I was looking for a free script or shareware that could achieve the same result.
Thanks.

 

[LKBrwnDBA]

...I was looking for a free script or shareware that could achieve the same result.

I admire your optimism.


----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[Thargy]

but don't let it go unsaid that the obvious answer is to use a stored procedure interface - that guarantees that SQL injection will never occur.
Failing that, use sql statements with bind variables.

Cut it off at source, don't try to catch it once it's happened.

Regards

T

 

[tekpr00]

Thanks everyone for the input.
Stay blessed.