db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thomas Fischer <fisc...@seitenbau.net>
Subject Re: Criteria needs write permissions?
Date Thu, 12 Nov 2009 06:58:41 GMT
The null ointer exception seems to come from reading the table or column
map. Can you put a breakpoint in SQLBuilder.java:497 and see whether the
table or the column cannot be found (and why it is not found)?

    Thomas

> Ok so I was trying to make our site a little safer from sql injections,
> so I made a database connection that connects with a user that only has
> SELECT permissions. And edited Criteria like such
>
> public Criteria()
>     {
>         this(DEFAULT_CAPACITY);
>         this.setDbName("readonlydatabase");
>     }
>
> Now it seems to work for must things, but a couple queries fail with
>
> throws java.lang.Exception java.lang.NullPointerException
>     at org.apache.torque.util.SQLBuilder.processOrderBy
(SQLBuilder.java:497)
>     at
> org.apache.torque.util.SQLBuilder.buildQueryClause(SQLBuilder.java:302)
>     at org.apache.torque.util.BasePeer.createQuery(BasePeer.java:730)
>
> This error disappears as soon as I let the criteria use a database
> connection with write privileges.
> I know the user that it connects with has select privileges on every
> public table in the database.
>
> Does criteria need update privileges to work or something?
>
> The query the criteria constructs work fine when I connect as the
> readonly user and run it manually.
>
> Any thoughts?
>
> Thanks
>
> --
> Sheldon Ross
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
> For additional commands, e-mail: torque-user-help@db.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscribe@db.apache.org
For additional commands, e-mail: torque-user-help@db.apache.org


Mime
View raw message