[Codenarc-developer] FW: [ codenarc-Feature Requests-3283605 ] new rule: avoid Direct Connection Ma
Brought to you by:
chrismair
Menu
▾
▴
[Codenarc-developer] FW: [ codenarc-Feature Requests-3283605 ] new rule: avoid Direct Connection Management
|
From: Chris M. <chr...@ea...> - 2011-04-10 23:32:08
|
Hamlet, I love the new DirectConnectionManagement rule. Great idea. What is the reasoning for making that a "security" rule? Chris -----Original Message----- From: SourceForge.net [mailto:no...@so...] Sent: Sunday, April 10, 2011 10:38 AM To: chr...@ea... Subject: [ codenarc-Feature Requests-3283605 ] new rule: avoid Direct Connection Management Feature Requests item #3283605, was opened at 2011-04-10 09:37 Message generated for change (Comment added) made by hamletdrc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1126575&aid=3283605&group_id=250145 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed Priority: 5 Private: No Submitted By: Hamlet D'Arcy (hamletdrc) >Assigned to: Hamlet D'Arcy (hamletdrc) Summary: new rule: avoid Direct Connection Management Initial Comment: * DirectConnectionManagement Rule ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <New in CodeNarc 0.14> The J2EE standard requires that applications use the container's resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard. For more information see: https://www.fortify.com/vulncat/en/vulncat/java/j2ee_badpractices_getconnection.html Example of violations: ------------------------------------------------------------------------------- DriverManager.getConnection() java.sql.DriverManager.getConnection() ------------------------------------------------------------------------------- ---------------------------------------------------------------------- >Comment By: Hamlet D'Arcy (hamletdrc) Date: 2011-04-10 09:38 Message: fixed in 0.14 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1126575&aid=3283605&group_id=250145 |
