Back

Oracle 12c Grant Role to PL/SQL Procedures

A great new security feature that can – among other things – prevent SQL injection and a multitude of other security vulnerabilities.

In 12c you can make your PL/SQL code secure using a declarative technique. Simply grant a role to the PL/SQL code and add AUTHID CURRENT_USER so that Oracle runs the code with the privileges of the invoker – not the developer (invoker rights procedures).  Presto!  Without code reviews and / or debugging you will have hardened your PL/SQL web application!

In this free tutorial from SkillBuilders Director of Oracle Database Services, Oracle Certified Master John Watson will demonstrate the development of a simple PL/SQL web application, demonstrate SQL injection and how to prevent it with this new feature.

This free 12c PL/SQL security training is segmented into two separate lessons:

  1. Lesson 1 – Code the PL/SQL Web Application   (3:35)
  2. Lesson 2 – Run the Application, SQL Inject the App, Fix the App   (6:03) (click on video below)

Date: Jul 13, 2016


NOTE: Some corporate firewalls will not allow videos hosted by YouTube.