edu.osu.cse.SQLprevention
Class SafeDriverManager

java.lang.Object
  extended by edu.osu.cse.SQLprevention.SafeDriverManager

public class SafeDriverManager
extends java.lang.Object

SafeDriverManager provides a method getConnection(), which returns a SafeConnection. It is part of a Java implementation of the parse tree validation technique proposed by Buehrer, Weide and Sivilotti. It is designed to eliminate SQL Injection attacks in web applications.

How To Use:
(install ZQL)
Connection Conn = SafeDriverManager.getConnection("jdbc:mysql://localhost/database1?user=user1&password=pass");
String query = SQLGuard.init() + "SELECT * FROM table where col1 = " + SQLGuard.wrap(id) ;
Statement s2 = Conn.createStatement();
RS = s2.executeQuery(query);

Copyright 2005 The Ohio State University

Version:
0.6, August 28, 2005.
Author:
Paolo Sivilotti., Greg Buehrer.

Constructor Summary
private SafeDriverManager()
           
 
Method Summary
static java.sql.Connection getConnection(java.lang.String url)
          This is the only method which does anything different than the typical DriverManager class.
(package private) static java.sql.Driver getDriver(java.lang.String url)
           
(package private) static java.util.Enumeration getDrivers()
           
(package private) static int getLoginTimeout()
           
(package private) static java.io.PrintWriter getLogWriter()
           
(package private) static void println(java.lang.String message)
           
(package private) static void registerDriver(java.sql.Driver driver)
           
(package private) static void setLoginTimeout(int seconds)
           
(package private) static void setLogWriter(java.io.PrintWriter out)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SafeDriverManager

private SafeDriverManager()
Method Detail

getConnection

public static java.sql.Connection getConnection(java.lang.String url)
                                         throws java.sql.SQLException
This is the only method which does anything different than the typical DriverManager class. It is designed to create SafeConnections.

Parameters:
url - A connection string to a database
Returns:
sc A SafeConnection, an implementation of the Connection interface, which provides a mechanism to eliminate SQL injection attacks.
Throws:
java.sql.SQLException

getDriver

static java.sql.Driver getDriver(java.lang.String url)
                          throws java.lang.Exception
Throws:
java.lang.Exception

getDrivers

static java.util.Enumeration getDrivers()

getLoginTimeout

static int getLoginTimeout()

getLogWriter

static java.io.PrintWriter getLogWriter()

println

static void println(java.lang.String message)

registerDriver

static void registerDriver(java.sql.Driver driver)
                    throws java.sql.SQLException
Throws:
java.sql.SQLException

setLoginTimeout

static void setLoginTimeout(int seconds)

setLogWriter

static void setLogWriter(java.io.PrintWriter out)