PL or SQL : DOS attack possible

DOS-attack is possible. The invoked function pauses the execution for a given period of time. If the value of the argument is taken from an untrusted source, an attacker can disrupt the normal operation of the application.

Traditional DOS-attack in which the attacker makes a huge number of requests to the application are easy to prevent at network level. The attacks that are more dangerous are ones related to the insecure application logic allowing to disrupt its work with a small amount of specially designed requests. In particular, the application functionality where the user determines the amount of time or system resources used to process his/her request is dangerous.