Pete Finnigan's Oracle Security Forum


    
      
        Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> Steven F's SQLguard - sql injection prevention pkg
        
(Message started by: Pete Finnigan on Oct 29^th, 2007, 4:45am)

Title: Steven F's SQLguard - sql injection prevention pkg
Post by Pete Finnigan on Oct 29^th, 2007, 4:45am

I'm on one of Steven Feuerstein's Oracle email lists, and received one a day or so ago with this item :

SQL Guard
You've probably heard of SQL injection: the process by which a malicious user manipulates a pgram that executes dynamic SQL so as to "inject" nasty code into your application and cause all sorts of problems.
SQL injection is a major security concern and something that all PL/SQL developers should pay attention to. That is also a hard thing to do. So I have been playing around with the idea of providing a package to help you guard against SQL injection: the sql_guard package.
I have a first version of the package built and would love to have some developers who have experience with SQL injection issues take a look at it, try it out, give me feedback.

So....does that sound like you? Are you interested in checking out sql_guard? If so, please reply to this email [sent from steven@stevenfeuerstein.com] and send a copy to steven.feuerstein@quest.com, to give you a better chance of evading my various spam filters.
Not sure whether he's raised this in/with the Oracle security community before.

Title: Re: Steven F's SQLguard - sql injection prevention
Post by Pete Finnigan on Oct 29^th, 2007, 8:22am

Hi Gary,

Thanks for the heads up. I have dropped Steven an email to ask if I can have a copy to test and provide feedback.

cheers

Pete