Java Doc for SQLInjection.java in » Database-DBMS » h2database » org » h2 » samples » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation

1.	6.0 JDK Core
2.	6.0 JDK Modules
3.	6.0 JDK Modules com.sun
4.	6.0 JDK Modules com.sun.java
5.	6.0 JDK Modules sun
6.	6.0 JDK Platform
7.	Ajax
8.	Apache Harmony Java SE
9.	Aspect oriented
10.	Authentication Authorization
11.	Blogger System
12.	Build
13.	Byte Code
14.	Cache
15.	Chart
16.	Chat
17.	Code Analyzer
18.	Collaboration
19.	Content Management System
20.	Database Client
21.	Database DBMS
22.	Database JDBC Connection Pool
23.	Database ORM
24.	Development
25.	EJB Server geronimo
26.	EJB Server GlassFish
27.	EJB Server JBoss 4.2.1
28.	EJB Server resin 3.1.5
29.	ERP CRM Financial
30.	ESB
31.	Forum
32.	GIS
33.	Graphic Library
34.	Groupware
35.	HTML Parser
36.	IDE
37.	IDE Eclipse
38.	IDE Netbeans
39.	Installer
40.	Internationalization Localization
41.	Inversion of Control
42.	Issue Tracking
43.	J2EE
44.	JBoss
45.	JMS
46.	JMX
47.	Library
48.	Mail Clients
49.	Net
50.	Parser
51.	PDF
52.	Portal
53.	Profiler
54.	Project Management
55.	Report
56.	RSS RDF
57.	Rule Engine
58.	Science
59.	Scripting
60.	Search Engine
61.	Security
62.	Sevlet Container
63.	Source Control
64.	Swing Library
65.	Template Engine
66.	Test Coverage
67.	Testing
68.	UML
69.	Web Crawler
70.	Web Framework
71.	Web Mail
72.	Web Server
73.	Web Services
74.	Web Services apache cxf 2.0.1
75.	Web Services AXIS2
76.	Wiki Engine
77.	Workflow Engines
78.	XML
79.	XML UI

Java

Java Tutorial

Illustrator Tutorials

GIMP Tutorials

C# / C Sharp

C# / CSharp Tutorial

C# / CSharp Open Source

SQL Server / T-SQL Tutorial

Oracle PL / SQL

Oracle PL/SQL Tutorial

Flash / Flex / ActionScript

VBA / Excel / Access / Word

XML

XML Tutorial

Microsoft Office PowerPoint 2007 Tutorial

Microsoft Office Excel 2007 Tutorial

Microsoft Office Word 2007 Tutorial

Java Source Code / Java Documentation » Database DBMS » h2database » org.h2.samples

Source Cross Reference

Class Diagram

Java Document (Java Doc)

java.lang .Object

org.h2.samples .SQLInjection

SQLInjection
public class SQLInjection (Code)
	SQL Injection is a common security vulnerability for applications that use database. It is one of the most common security vulnerabilities for web applications today. This sample application shows how SQL injection works, and how to protect the application from it.

Method Summary
public static String	changePassword(Connection conn, String userName, String password) Utility method to change a password of a user.
public static ResultSet	getUser(Connection conn, String userName, String password) Utility method to get a user record given the user name and password.
String	input(String prompt) Utility method to get user input from the command line.
void	limitRowAccess() Sample code to limit access only to specific rows.
void	listActiveItems() List active items.
void	listActiveItemsUsingConstants() List active items.
void	listItemsSortedInsecure() List items using a specified sort order.
void	listItemsSortedSecure() List items using a specified sort order.
void	listItemsSortedSecureParam() List items using a specified sort order.
void	loginByIdInsecure() Simulate a login using an insecure method.
void	loginByIdSecure() Simulate a login using a secure method.
void	loginByNameInsecure() Simulate a login using an insecure method.
void	loginByNameSecure() Simulate a login using a secure method.
void	loginStoredProcedureInsecure() Simulate a login using an insecure method.
public static void	main(String[] args)
void	run(String driver, String url, String user, String password) Run the test against the specified database.
void	storePasswordHashWithSalt() This method creates a one way hash from the password (using a random salt), and stores this information instead of the password.

Method Detail

changePassword
public static String changePassword(Connection conn, String userName, String password) throws Exception(Code)
	Utility method to change a password of a user. This method is secure, except that the old password is not checked. Parameters: conn - the database connection Parameters: userName - the user name Parameters: password - the password the new password

getUser
public static ResultSet getUser(Connection conn, String userName, String password) throws Exception(Code)
	Utility method to get a user record given the user name and password. This method is secure. Parameters: conn - the database connection Parameters: userName - the user name Parameters: password - the password a result set with the user record if the password matches

input
String input(String prompt) throws Exception(Code)
	Utility method to get user input from the command line. Parameters: prompt - the prompt the user input

limitRowAccess
void limitRowAccess() throws Exception(Code)
	Sample code to limit access only to specific rows.

listActiveItems
void listActiveItems() throws Exception(Code)
	List active items. The method uses the hard coded value '1', and therefore the database can not verify if the SQL statement was constructed with user input or not.

listActiveItemsUsingConstants
void listActiveItemsUsingConstants() throws Exception(Code)
	List active items. The method uses a constant, and therefore the database knows it does not contain user input.

listItemsSortedInsecure
void listItemsSortedInsecure() throws Exception(Code)
	List items using a specified sort order. The method is not secure as user input is used to construct the SQL statement.

listItemsSortedSecure
void listItemsSortedSecure() throws Exception(Code)
	List items using a specified sort order. The method is secure as the user input is validated before use. However the database has no chance to verify this.

listItemsSortedSecureParam
void listItemsSortedSecureParam() throws Exception(Code)
	List items using a specified sort order. The method is secure as a parameterized statement is used.

loginByIdInsecure
void loginByIdInsecure() throws Exception(Code)
	Simulate a login using an insecure method.

loginByIdSecure
void loginByIdSecure() throws Exception(Code)
	Simulate a login using a secure method.

loginByNameInsecure
void loginByNameInsecure() throws Exception(Code)
	Simulate a login using an insecure method.

loginByNameSecure
void loginByNameSecure() throws Exception(Code)
	Simulate a login using a secure method.

loginStoredProcedureInsecure
void loginStoredProcedureInsecure() throws Exception(Code)
	Simulate a login using an insecure method. A stored procedure is used here.

main
public static void main(String[] args) throws Exception(Code)

run
void run(String driver, String url, String user, String password) throws Exception(Code)
	Run the test against the specified database. Parameters: driver - the JDBC driver name Parameters: url - the database URL Parameters: user - the user name Parameters: password - the password

storePasswordHashWithSalt
void storePasswordHashWithSalt() throws Exception(Code)
	This method creates a one way hash from the password (using a random salt), and stores this information instead of the password.

Methods inherited from java.lang.Object

native protected Object clone() throws CloneNotSupportedException(Code)(Java Doc)
public boolean equals(Object obj)(Code)(Java Doc)
protected void finalize() throws Throwable(Code)(Java Doc)
final native public Class getClass()(Code)(Java Doc)
native public int hashCode()(Code)(Java Doc)
final native public void notify()(Code)(Java Doc)
final native public void notifyAll()(Code)(Java Doc)
public String toString()(Code)(Java Doc)
final native public void wait(long timeout) throws InterruptedException(Code)(Java Doc)
final public void wait(long timeout, int nanos) throws InterruptedException(Code)(Java Doc)
final public void wait() throws InterruptedException(Code)(Java Doc)

www.java2java.com | Contact Us

All other trademarks are property of their respective owners.