Welcome mrnkprivate01, the newest member
New user?    Register    Login
http://www.attackprevention.com Check out our new Techie Humor category!


Date Submitted: 01/21/07
Hits: 22
Rating: 00000 based on 0 votes

Dangling Cursor Snarfing: A New Class of Attack in Oracle


Added by Papergrl

Description: In Oracle, a failure to close cursors created and used by DBMS_SQL or a failure to clean up open cursors in the event of an exception can lead to a security hole. If the cursor in question has been created by higher privileged code and left hanging then it's possible for a low privileged user to snarf and use the cursor outside of the application logic that created it. This can lead to data being exposed. Ensuring that cursors are closed after use is, of course, good programming practice but, as we know, good programming practices do not always prevail. What is detailed in this document should provide a security reason as to why developers should ensure that cursors are closed properly, especially in the event of an exception.

Read the Complete Paper



Post Comment
Guest Name:

Title


Comment You may use Posting Codes in your message.

Security Image:
Type the letters and numbers shown. (This is to prevent automated submissions.)
security

Copyright 2008 AttackPrevention