You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by dj...@apache.org on 2006/02/08 20:43:19 UTC
svn commit: r376034 -
/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
Author: djd
Date: Wed Feb 8 11:43:18 2006
New Revision: 376034
URL: http://svn.apache.org/viewcvs?rev=376034&view=rev
Log:
DERBY-927 (partial) Clarify purpose of stripping derby.* properties from
the set of JDBC attributes passed into a connection request.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
URL: http://svn.apache.org/viewcvs/db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java?rev=376034&r1=376033&r2=376034&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java Wed Feb 8 11:43:18 2006
@@ -1643,6 +1643,16 @@
return getTR().getContextManager();
}
+ /**
+ * Filter out properties from the passed in set of JDBC attributes
+ * to remove any derby.* properties. This is to ensure that setting
+ * derby.* properties does not work this way, it's not a defined way
+ * to set such properties and could be a secuirty hole in allowing
+ * remote connections to override system, application or database settings.
+ *
+ * @return a new Properties set copied from the parameter but with no
+ * derby.* properties.
+ */
private Properties filterProperties(Properties inputSet) {
Properties limited = new Properties();