From Our Readers

Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Service-Oriented Architecture
Windows Server System
Virtualization
Technologies A-Z

COMMUNITY

Join OTN
Oracle ACEs
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

As Published In

From Our Readers

Your corrections, your opinions, and your requests: Here's your forum for telling us what's right and wrong in each issue of Oracle Magazine, and for letting us know what you want to read.

Shots Across the Bow

Ahoy, George. In "The Luxury of Architecture," in the January/February 2005 issue of Oracle Magazine, you wrote: "In civic architecture, keystones led to arches, and arches led to bridges and aqueducts. Before long, these same design principles enabled architects to design magnificent structures such as the Parthenon and the Sistine Chapel."

My recollection is that the Romans invented the keystone and the arch. Hence, these did not come into use until after the Greeks had built the Parthenon.

The assessment of the Mary Rose is more correct. Battle boat design went to more guns in layers on larger ships. The Spanish Armada was full of 'em.
Percy G. Wood
Percy.Wood@rm01.enmuros.cc.nm.us

On a point of historical accuracy, in "The Luxury of Architecture," the author refers to the British Navy defeating the Spanish Armada. This occurred in 1588, when there was no such thing as the British Navy or indeed a British nation. It was the English Navy that defeated the Spanish Armada.
Des Browning
des.browning@atkinsglobal.com

George Demarest responds: Thanks for the clarification. Apologies from the Colonies.

Oracle Developer Articles, Please

I'm a regular reader of Oracle Magazine, but I don't see articles related to application development with Oracle Developer. Most of the articles in your magazine are for DBAs.

Please publish more articles on using Oracle Developer, especially articles on Oracle Forms and Oracle Reports.
Amit Gupta
amit_mitu_77@yahoo.co.in

Check out "Oracle Forms in the SOA World," in this issue.

SQL Injection Rejection

In "On Injecting and Comparing," in the January/February 2005 issue of Oracle Magazine, I read about SQL injection, which emphasizes the use of bind variables instead of string concatenation, and then I saw the "Selective System Grants" question at the end of the same article. In his answer, Tom Kyte proposes to use a simple procedure that employs the same method of concatenating strings that he encourages us to avoid. Is there a different way of writing this procedure that could do the job without compromising security? If there is, can it be published, so we can learn by example?
Alex Millionshik
alex.millionschik@hospira.com

Thanks for a very interesting article, "On Injecting and Comparing," in the January/February 2005 issue of Oracle Magazine.

In reference to the last item, "Selective System Grants," if this example (the set_udump procedure) was intended to have a security flaw, I am sorry for missing the point of the article.

As I understand, you intended only to give users the possibility of altering the user_dump_dest in memory. However, learning from what you wrote earlier in the same article, it seems possible, for example, to set the utl_file_dir parameter with scope spfile and any other parameter.
Roy Jørgensen
roy.jorgensen@bouvet.no
Send Mail to the Editor

Send your opinions about what you read in Oracle Magazine, and suggestions for possible technical articles, to opubedit_us@oracle.com.

Or click on the Write the Editors link on our Web site.

Letters may be edited for length and clarity and may be published in any medium. We consider any communications we receive publishable.

Tom Kyte responds: It's ironic, isn't it? I just wrote about SQL injection, and then I did it to myself. Ouch.

In the version of the article online, the set_udump procedure has been replaced by a safer one, contributed by Roy Jørgensen.

On the Download

The article "Oracle Database 10g Release 2," in the January/February 2005 issue of Oracle Magazine, failed to provide precise information on the release schedule for Oracle Database 10g Release 2. Reading the article and the nextSTEPS box, it looks as if Oracle Database 10g Release 2 has been released and is available for download.

Please provide the expected release date of Oracle Database 10g Release 2.
Ganesh Dutt
Ganesh.Dutt@syniverse.com

The "DOWNLOAD Oracle Database 10g Release 2" link in the article was premature. Oracle Database 10g Release 2 is scheduled for release in spring 2005.

E-mail this page

Printer View

	About Oracle \| \| Careers \| Contact Us \| Site Maps \| Legal Notices \| Terms of Use \| Privacy