edu.osu.cse.SQLprevention
Class SafeDriverManager
java.lang.Object
edu.osu.cse.SQLprevention.SafeDriverManager
public class SafeDriverManager
- extends java.lang.Object
SafeDriverManager provides a method getConnection(), which returns a SafeConnection.
It is part of a Java implementation of the parse tree validation
technique proposed by Buehrer, Weide and Sivilotti.
It is designed to eliminate SQL Injection
attacks in web applications.
How To Use:
(install ZQL)
Connection Conn = SafeDriverManager.getConnection("jdbc:mysql://localhost/database1?user=user1&password=pass");
String query = SQLGuard.init() + "SELECT * FROM table where col1 = " + SQLGuard.wrap(id) ;
Statement s2 = Conn.createStatement();
RS = s2.executeQuery(query);
Copyright 2005 The Ohio State University
- Version:
- 0.6, August 28, 2005.
- Author:
- Paolo Sivilotti., Greg Buehrer.
Method Summary |
static java.sql.Connection |
getConnection(java.lang.String url)
This is the only method which does anything different than the
typical DriverManager class. |
(package private) static java.sql.Driver |
getDriver(java.lang.String url)
|
(package private) static java.util.Enumeration |
getDrivers()
|
(package private) static int |
getLoginTimeout()
|
(package private) static java.io.PrintWriter |
getLogWriter()
|
(package private) static void |
println(java.lang.String message)
|
(package private) static void |
registerDriver(java.sql.Driver driver)
|
(package private) static void |
setLoginTimeout(int seconds)
|
(package private) static void |
setLogWriter(java.io.PrintWriter out)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SafeDriverManager
private SafeDriverManager()
getConnection
public static java.sql.Connection getConnection(java.lang.String url)
throws java.sql.SQLException
- This is the only method which does anything different than the
typical DriverManager class. It is designed to create SafeConnections.
- Parameters:
url
- A connection string to a database
- Returns:
- sc
A SafeConnection, an implementation of the Connection interface,
which provides a mechanism to eliminate SQL injection attacks.
- Throws:
java.sql.SQLException
getDriver
static java.sql.Driver getDriver(java.lang.String url)
throws java.lang.Exception
- Throws:
java.lang.Exception
getDrivers
static java.util.Enumeration getDrivers()
getLoginTimeout
static int getLoginTimeout()
getLogWriter
static java.io.PrintWriter getLogWriter()
println
static void println(java.lang.String message)
registerDriver
static void registerDriver(java.sql.Driver driver)
throws java.sql.SQLException
- Throws:
java.sql.SQLException
setLoginTimeout
static void setLoginTimeout(int seconds)
setLogWriter
static void setLogWriter(java.io.PrintWriter out)