Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10171
HistoryNov 09, 2005 - 12:00 a.m.

Oracle DBMS_ASSERT and the October 2005 CPU

2005-11-0900:00:00
vulners.com
9
JSON

Whilst there are problems with the Oracle October 2005 Critical Patch
Update, it's not all bad news…

There is a great deal of evidence in this patch that Oracle are beginning to
treat security properly. They've introduced a new package PL/SQL package
DBMS_ASSERT into the RDBMS. Whilst DBMS_ASSERT was first released as part of
the new10g Release 2 it has been packported. Oracle use this package to
sanitize user input to help prevent SQL injection. As this package has not
been documented NGSResearch have done so aqs we feel that third-party Oracle
app developers could benefit by using the package. This, and other papers,
can be found at http://www.ngssoftware.com/papers.htm .

Cheers,
The NGSResearch Team

JSON