Question
Read the code snippet in the file Java and look for improvement in view of principles and concepts of secure software. Using Notepad / any
Read the code snippet in the file Java and look for improvement in view of principles and concepts of secure software. Using Notepad / any other code editor rewrite code for security improvement. Submit modified code/logic and explanation in a word file.
Below is the JAVA Code
package com.dcx.ps.dcppcp.bm.dao;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import com.dcx.restricted.ps.dcppcp.DBConnectionManager;
import com.dcx.ps.dcppcp.exception.ApplicationException;
/**
* @author: Jason Grembi
* Read this class and identify all security Vulnerabilities that are
wrong
**/
public class SecurityCheck1 {
private static final String CLASS = "SecurityCheck1";
/** A Dcppcp constant that controlls messge output */
private final static boolean DEBUG = true;
/** A variable for maintaining a single reference for an error msg
*/
private static String errorMsg;
/** A variable for maintaining a single reference for keys */
private static String keys;
/**
* This method writes debug statements when the constant is true.
*/
public static void debug(String s) {
if (DEBUG) {
System.out.println(s);
}
}
/**
* This method writes debug statements and prints a stacktrace.
*/
private static void debug(String message,Exception e) {
if (DEBUG) {
System.out.println(message);
e.printStackTrace();
}
}
private static void updateSecureData(double salary, String userId)
throws ApplicationException {
final String METHOD = "updateSecureData()";
debug(CLASS + "." + METHOD + "==>Begin");
DBConnectionManager dbConnMgr = null;
Connection conn = null;
try {
// Get Connection from DBConnectionManager.
dbConnMgr = DBConnectionManager.getInstance();
conn = dbConnMgr.getConnection();
// Get a statement from the connection
Statement stmt = conn.createStatement() ;
// Execute the Update
int rows = stmt.executeUpdate( "UPDATE Emp
SET Q_SALEMP_NO = '"+salary+"' WHERE EMP_ID = '"+userId+"'");
// Print how many rows were modified
System.out.println( rows + " Rows
modified" ) ;
// Close the statement and the connection
stmt.close() ;
conn.close() ;
} catch( SQLException se ) {
} catch( Exception e ) {
}
}
}
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Practical Issues In Database Management A Refernce For The Thinking Practitioner
Authors: Fabian Pascal
1st Edition
0201485559, 978-0201485554
