Identify two strategies against SQL injection. (Choose two.)
A.
Using parameterized queries with bind arguments.
B.
Use subprograms that are run with the definer’s right.
C.
Use RESTRICT_REFERENCE clauses in functions that use dynamic SQLs.
D.
Validate user inputs to functions that use dynamic SQLs built with concatenated values.
A, D
A ,D
A.
1.4 Avoidance Strategies Against SQL Injection Attacks
Strategy: Use bind arguments.
Description: Parameterize queries by using bind arguments.
D.
1.4 Avoidance Strategies Against SQL Injection Attacks
Strategy: Filter and sanitize input.
Description: The Oracle-supplied DBMS_ASSERT package contains a number of
functions that can be used to sanitize user input and help in guarding against SQL
injection in applications that use dynamic SQL built with concatenated input values.
In case your filtering requirements cannot be satisfied by the DBMS_ASSERT package, you may need to create your own filter.
http://download.oracle.com/oll/tutorials/SQLInjection/html/lesson1/les01_tm_avoid.htm
download.oracle.com/oll/tutorials/SQLInjection/index.htm