You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-commits@db.apache.org by dj...@apache.org on 2006/02/08 20:43:19 UTC

svn commit: r376034 - /db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java

Author: djd
Date: Wed Feb  8 11:43:18 2006
New Revision: 376034

URL: http://svn.apache.org/viewcvs?rev=376034&view=rev
Log:
DERBY-927 (partial) Clarify purpose of stripping derby.* properties from
the set of JDBC attributes passed into a connection request.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=376034&r1=376033&r2=376034&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Wed Feb  8 11:43:18 2006
@@ -1643,6 +1643,16 @@
 		return getTR().getContextManager();
 	}
 
+	/**
+	 * Filter out properties from the passed in set of JDBC attributes
+	 * to remove any derby.* properties. This is to ensure that setting
+	 * derby.* properties does not work this way, it's not a defined way
+	 * to set such properties and could be a secuirty hole in allowing
+	 * remote connections to override system, application or database settings.
+	 * 
+	 * @return a new Properties set copied from the parameter but with no
+	 * derby.* properties.
+	 */
 	private Properties filterProperties(Properties inputSet) {
 		Properties limited = new Properties();