(Choose two.)

Identify two methods for immunizing PL/SQL code against SQL injection attacks. (Choose two.)

A.
Use bind arguments.

B.
Validate all input concatenated to dynamic SQL.

C.
Use dynamic SQLs constructed using concatenation of input values.

D.
Use subprograms as part of packages instead of stand-alone subprograms.

Show Hint

← Previous question

Next question →

Leave a Reply 3

Nino

A, B

Reply

PIERO

A,B

Reply

gelete

A,B

A.
6.1 Use Bind Arguments
Avoid input string concatenation.
Use bind arguments, whether automatically via static SQL or explicitly via dynamic SQL statements.

http://download.oracle.com/oll/tutorials/SQLInjection/html/lesson6/les06_tm_bindargs.htm

B.
3.3 What If You Must Use Dynamic SQL?
If you cannot avoid input concatenation, you must validate input values

download.oracle.com/oll/tutorials/SQLInjection/html/lesson3/les03_tm_options.htm

Reply