commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: [DBCP] getConnection with credentials unsupported
Date Fri, 21 Feb 2003 20:38:51 GMT


On Fri, 21 Feb 2003, ARPON Martín            TECSIS wrote:

> Date: Fri, 21 Feb 2003 12:57:04 -0300
> From: ARPON Martín            TECSIS <MARPON@TECSIS.COM>
> Reply-To: Jakarta Commons Developers List <commons-dev@jakarta.apache.org>
> To: "'commons-dev@jakarta.apache.org'" <commons-dev@jakarta.apache.org>
> Subject: [DBCP] getConnection with credentials unsupported
>
> I see from PoolingDataSource that getConnection(String uname, String passwd)
> is not implemented and throws UnsupportedOperationException.
>
> The problem with this is that it prevents using Sun 's RowSet
> implementation, at least, CachedRowSet
> (http://developer.java.sun.com/developer/Books/JDBCTutorial/chapter5.html)
>
> This code doesn 't work when "jdbc/coffeesDB" gets a dbcp.PoolingDataSource:
>
>
>   CachedRowSet crset = new CachedRowSet();
>   crset.setCommand("SELECT * FROM COFFEES");
>   crset.setDataSourceName("jdbc/coffeesDB");
>   crset.execute();
>
>
> >From what I see, RowSets with DataSources appear to always call
> getConnection(username, password), even when crset.setUsername() and
> crset.setPassword() haven 't been used.
>
> Changing the code like this works:
>
>  public Connection getConnection(String uname, String passwd) throws
> SQLException {
>         //throw new UnsupportedOperationException();
> 		return getConnection();
>     }
>
> My question is: are there any plans to implement this method? Or, is there
> any chance to get a standard connection instead of throwing and exception ?
>

I would be -1 on such a patch.  This would create security vulnerabilities
for people who believed that the returned connection really did have only
the privileges of the specified username and password.

> Regards,
>
> Martin
>
> If you wish to reply,  please CC me because I 'm not subscribed. Thanks.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-dev-help@jakarta.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message