Which three actions can be performed by using the DBMS_ASSERT package to prevent SQL injection?

Which three actions can be performed by using the DBMS_ASSERT package to prevent SQL
injection? (Choose three.)

Which three actions can be performed by using the DBMS_ASSERT package to prevent SQL
injection? (Choose three.)

A.
Detect a wrong user.

B.
Check input string length.

C.
Verify qualified SQL names.

D.
Validate TNS connect strings.

E.
Verify an existing schema name.

F.
Enclose string literals within double quotation marks.

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

ja

ja

C, E, F.

http://docs.oracle.com/cd/E11882_01/appdev.112/e40758/d_assert.htm#ARPLS231

Summary of DBMS_ASSERT Subprograms

Table 26-1 DBMS_APPLICATION_INFO Package Subprograms

Subprogram Description
ENQUOTE_LITERAL Function
Enquotes a string literal
ENQUOTE_NAME Function
Encloses a name in double quotes
NOOP Functions
Returns the value without any checking
QUALIFIED_SQL_NAME Function
Verifies that the input string is a qualified SQL name
SCHEMA_NAME Function
Verifies that the input string is an existing schema name
SIMPLE_SQL_NAME Function
Verifies that the input string is a simple SQL name
SQL_OBJECT_NAME Function
Verifies that the input parameter string is a qualified SQL identifier of an existing SQL object

Reply

PIERO

PIERO

WHY F ?
FOR STRING USE ENQUOTE_LITERAL that enclse the string with single quote, not double….

plese someone explain to me why F ?

Reply

Leo Yu

Leo Yu

ENQUOTE_NAME function Encloses the input string in double quotes

Reply