You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by abiyi2004 <ab...@yahoo.com.INVALID> on 2021/06/02 06:31:51 UTC
Re: Apache Commons DBCP 2.8.0
Good day,
It is great news that commons dbcp version 2.9.0 is imminent.
As known, connection URL can also contain credentials via a format like so:
jdbc:oracle:thin:[<user>/<password>]@<host>[:<port>]:<SID>or
jdbc:mysql://myhost1:3306/db_name?user=root&password=mypass
For a more robust sensitive information exposure protection, does it not make sense to scrub url of possible username/password data before appending the url in the toString() method, say, in class DriverAdapterCPDS?
Regards,
Adesina
Re: Apache Commons DBCP 2.8.0
Posted by Nayana Hettiarachchi <na...@corp-gems.com>.
there seems to be lot of stress here here is some comedy folks
https://youtu.be/5muB1Fs9Oc8
On Wed, 2 Jun 2021 at 18:08 Gary Gregory <ga...@gmail.com> wrote:
> Hi Adesina,
>
> Feel free to provide a PR on GitHub ;-)
>
> Gary
>
> On Wed, Jun 2, 2021, 06:21 abiyi2004 <ab...@yahoo.com.invalid> wrote:
>
> > Good day,
> > It is great news that commons dbcp version 2.9.0 is imminent.
> > As known, connection URL can also contain credentials via a format like
> so:
> >
> > jdbc:oracle:thin:[<user>/<password>]@<host>[:<port>]:<SID>or
> >
> > jdbc:mysql://myhost1:3306/db_name?user=root&password=mypass
> > For a more robust sensitive information exposure protection, does it not
> > make sense to scrub url of possible username/password data before
> appending
> > the url in the toString() method, say, in class DriverAdapterCPDS?
> >
> > Regards,
> > Adesina
> >
>
Re: Apache Commons DBCP 2.8.0
Posted by Gary Gregory <ga...@gmail.com>.
Hi Adesina,
Feel free to provide a PR on GitHub ;-)
Gary
On Wed, Jun 2, 2021, 06:21 abiyi2004 <ab...@yahoo.com.invalid> wrote:
> Good day,
> It is great news that commons dbcp version 2.9.0 is imminent.
> As known, connection URL can also contain credentials via a format like so:
>
> jdbc:oracle:thin:[<user>/<password>]@<host>[:<port>]:<SID>or
>
> jdbc:mysql://myhost1:3306/db_name?user=root&password=mypass
> For a more robust sensitive information exposure protection, does it not
> make sense to scrub url of possible username/password data before appending
> the url in the toString() method, say, in class DriverAdapterCPDS?
>
> Regards,
> Adesina
>