Abstract
You need to design your system to minimize the paths to get to data, keeping only the paths that are needed. As the number of paths to your data increases, your attack surface increases. You also need to separate your data from your code. People have been putting all their code and data in one common schema for more than 30 years now, which is a problem. Additionally, a common problem is when application servers connect to the database as the schema owner. Your secure design and coding practices should always separate data from code and use the PL/SQL features that enforce secure access paths to the data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This depends on the privileges of the user executing the SQL injection code. If the user is connected as the application owner, then all bets are off. If the user has the dba or select catalog role, then all bets are off.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Osama Mustafa, Robert P. Lockard
About this chapter
Cite this chapter
Mustafa, O., Lockard, R.P. (2019). Secure Coding and Design. In: Oracle Database Application Security. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5367-0_6
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5367-0_6
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5366-3
Online ISBN: 978-1-4842-5367-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books