SQL Injection (dbms_assert)
Using SQL injection, a hacker can pass string input to an application in hopes of gaining unauthorized access to a database. Here is a nice tutorial about this subject and how to prevent it. It shows also the use of the undocumented (in 10g not in 11g) dbms_assert Package.
Hack Oracle
There is a new interesting article about different ways to hack oracle and how to prevent this attacks.
Eight Ways to Hack Oracle Part I
- SQL Injection
- Default Passwords
- Brute Force
- Sneaking Data out the Back Door
Part II is coming soon…
