Oracle 12c Grant Role to PL/SQL Procedures
A great new security feature that can – among other things – prevent SQL injection and a multitude of other security vulnerabilities.
In 12c you can make your PL/SQL code secure using a declarative technique. Simply grant a role to the PL/SQL code and add AUTHID CURRENT_USER so that Oracle runs the code with the privileges of the invoker – not the developer (invoker rights procedures). Presto! Without code reviews and / or debugging you will have hardened your PL/SQL web application!
In this free tutorial from SkillBuilders Director of Oracle Database Services, Oracle Certified Master John Watson will demonstrate the development of a simple PL/SQL web application, demonstrate SQL injection and how to prevent it with this new feature.
This free 12c PL/SQL security training is segmented into two separate lessons:
- Lesson 1 – Code the PL/SQL Web Application (3:35) (click on video below)
- Lesson 2 – Run the Application, SQL Inject the App, Fix the App (6:03)
Date: Jul 13, 2016
NOTE: Some corporate firewalls will not allow videos hosted by YouTube.