db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sheldon Ross <sr...@simmgene.com>
Subject Criteria needs write permissions?
Date Wed, 11 Nov 2009 23:54:48 GMT
Ok so I was trying to make our site a little safer from sql injections, 
so I made a database connection that connects with a user that only has 
SELECT permissions. And edited Criteria like such

public Criteria()
    {
        this(DEFAULT_CAPACITY);
        this.setDbName("readonlydatabase");
    }

Now it seems to work for must things, but a couple queries fail with

throws java.lang.Exception java.lang.NullPointerException
    at org.apache.torque.util.SQLBuilder.processOrderBy(SQLBuilder.java:497)
    at 
org.apache.torque.util.SQLBuilder.buildQueryClause(SQLBuilder.java:302)
    at org.apache.torque.util.BasePeer.createQuery(BasePeer.java:730)

This error disappears as soon as I let the criteria use a database 
connection with write privileges.
I know the user that it connects with has select privileges on every 
public table in the database.

Does criteria need update privileges to work or something?

The query the criteria constructs work fine when I connect as the 
readonly user and run it manually.

Any thoughts?

Thanks

-- 
Sheldon Ross



---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org


Mime
View raw message