Hi,
> but can't the developer allow literals again?
Executing the statement SET ALLOW_LITERALS should be restricted. The
application uses another user name / password and doesn't have to
access rights to enable it. Maybe the user name / password is
configured using JNDI, so the application developper has no influence
on that. In any case, even if the developer can enable literals, I
don't think he would, because he would be afraid to be caught
cheating.
Regards,
Thomas