Forbidden PL/SQL

What’s the biggest clue you can give that your database is vulnerable to SQL injection? When your list of “forbidden words” looks suspiciously like a sample of SQL / PL/SQL keywords:

I notice that they haven’t forbidden BEGINCREATE, MERGE, or TRUNCATE

Congressman Peters, your IT staff are doing it wrong.


Code I Regret: Refactoring as Penance
DATE is not a date!

Leave a Reply

Your email address will not be published / Required fields are marked *