Package org.h2.samples

Class SQLInjection

java.lang.Object
org.h2.samples.SQLInjection
public class SQLInjection extends Object
SQL Injection is a common security vulnerability for applications that use database. It is one of the most common security vulnerabilities for web applications today. This sample application shows how SQL injection works, and how to protect the application from it.

  • Constructor Details

    • SQLInjection

      public SQLInjection()

  • Method Details

    • main

      public static void main(String... args) throws Exception
      This method is called when executing this sample application from the command line.
      Parameters:
      args - the command line parameters
      Throws:
      Exception - on failure

    • getUser

      public static ResultSet getUser(Connection conn, String userName, String password) throws Exception
      Utility method to get a user record given the user name and password. This method is secure.
      Parameters:
      conn - the database connection
      userName - the user name
      password - the password
      Returns:
      a result set with the user record if the password matches
      Throws:
      Exception - on failure

    • changePassword

      public static String changePassword(Connection conn, String userName, String password) throws Exception
      Utility method to change a password of a user. This method is secure, except that the old password is not checked.
      Parameters:
      conn - the database connection
      userName - the user name
      password - the password
      Returns:
      the new password
      Throws:
      Exception - on failure