SQL injections

SQL injection issues occur when an SQL query is built using input from an untrusted source. This could allow an attacker to modify an SQL statement or to execute dangerous SQL commands. While the User Management Interface web service avoids building SQL statements from arbitrary input, it is important that web service client developers validate and encode all data that is passed in the SOAP request to the User Management Interface web service API. To adhere to defense in depth security principles, any client side inputs that allow free form text should also be checked for SQL statements.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2019 Oracle and/or its affiliates. All rights reserved.