It is kinda nutty to treat a code injection attack on a base utility on the utility rather than on the poorly-programmed vectors.
I just published a maintenance release of PL-jrxml2pdf with some bugfixes.
Dynamic SQL by itself is not sufficient for a SQL Injection Attack
Facing a particularly difficult problem, we must resist the urge to flee to our favorite toolset.
Some days before ZeroTurnaround has released XRebel , a new tool to recognized problems in your web applications, when you make your developer test.
This was promising, so I give it a short try for Oracle ADF applications. For this blog I use the Summit ADF application, delivered by Oracle, but I have tried with our own application too. Test is done in JDeveloper 12.1.2.
After the download there are some easy steps of setup to do:
After quite a long time without any bigger enhancements i had a little time to implement a new major feature in PL-jrxml2pdf.
You can now use variables e.g. for the calculation of aggregates.
Variables can be used either at report-level or at subdataset-level (e.g. for the usage in tables).
For reset-type and increment-type you can use