From: Balwant Rathore (balwant@mahindrabt.com)
Date: Wed Feb 26 2003 - 07:43:48 EST
Hi Naka,
> my target web site doesn't sanitize any input.
> This means that PL/SQL doesn't have a sanitizing function?
> I can't use regexp in PL/SQL?
> If so, I think that PL/SQL isn't suitable for web application.
It's correct that PL/SQL doesn't have any function for sanitizing input. But
you can make your own function in PL/SQL using bind variable as input.
By using bind variables in PL/SQL Block you can sanitize any input from
client.
Bind variable’s session is open only for individual client who has requested
that session. They also provide very strong protection against SQL
Injections.
Balwant Rathore, CISSP
Security Practices Group,
Mahindra-British Telecom Ltd.
Oberoi Estate Gardens, Chandivali,
Mumbai - 400 072, India.
Tel : +91 22 56922000 Extn - 8010
Fax : +91 22 28528959
Mobile: +91 98208 03333
*********************************************************
Disclaimer
This message (including any attachments) contains
confidential information intended for a specific
individual and purpose, and is protected by law.
If you are not the intended recipient, you should
delete this message and are hereby notified that
any disclosure, copying, or distribution of this
message, or the taking of any action based on it,
is strictly prohibited.
*********************************************************
Visit us at http://www.mahindrabt.com
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7
: Sat Apr 12 2008 - 10:53:29 EDT
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>