[Openroad-users] SQL Injection with EA Connection
Chris Clark
Chris.Clark at ingres.com
Thu Sep 13 03:13:31 EST 2007
Pete Rabjohns wrote:
>
> Does anyone know of any back door methods to inject some SQL into a
> database connection initiated by Enterprise Access before it does any
> of it’s own SQL, or even afterwards.
>
No :-( May be a good feature request.
> , but before it returns control to the OpenROAD application?
>
This could be done with good old ING_SET, so the SQL would be ran before
OpenROAD gives control to frames/scripts. If it is host specific SQL you
would probably need to wrap it in Direct Execute Immediate 'HOST SQL'.
Modifying the application would be the more straight forward option though.
Hope that helps,
Chris
More information about the Openroad-users
mailing list