Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Databases

Tutorial: Managing Data Access Account and Connection String

advertisement 
BCIS 3680 Enterprise Programming
Instructor: Dr. Andy Wu
Tutorial: Managing Data Access Account and
Connection String
1. Use a user account with limited privileges instead of “root” to access database
The connection string specifies all the elements you need to connect to a back‐end database. As a security precaution, you don’t want your web application to access database with more privileges than it needs to do its job. Instead of using the powerful “root” user, it is preferable to designate a user account with limited access rights and use it to access the database. For example, the following MySQL statement: GRANT SELECT, INSERT, DELETE, UPDATE ON <db_name>.* TO 'java'@'localhost'
IDENTIFIED BY 'webaccess';
creates a new user with the username “java” and the password “webaccess”. The user can only connect to databases from the “localhost” machine. It will be able to perform the essential data manipulations (SELECT, INSERT, DELETE, and UPDATE) on tables in the database with the name <db_name> (replace <db_name> with real database names when you run this command). But the user does not have any other privileges that the “root” user has. Most notably, it has none of the database administrative rights. Action for Assignment 6: Run the above command to create the user java. 2. Manage your connection string from one location
To establish a database connection in a JSP file, you need to follow the first few of the seven steps of database access. A straightforward but suboptimal practice is to duplicate those few lines of code in every page that may need database access. As a result, the connection string will show up in multiple files as a string literal. This creates a potential maintenance problem. Suppose you have 50 JSP pages containing the connection string. What if you have to modify your database name, username to access the database, password for that user, or all of the above? Then you will have to open up all those 50 pages and change all the 50 instances of the connection string. That’s a lot to do! The solution is to use application variables, which are accessible to all files in an application. You can store the connection string in an application variable. You then will be able to retrieve the connection string from this variable, instead of using string literals. To modify your connection string then takes only one edit, whether you are updating one, 50, 100, or 1000 JSP files. For a web application, you can store the application variables it uses in its web.xml file. This is the BCIS 3680 Enterprise Programming MySQL and ConStr Tutorial ‐ 1
same file you used when you needed to set up default pages and it resides in the WEB-INF subfolder of the application’s deployment folder. Just add lines similar to the following: <context-param>
<param-name>conStr</param-name>
<param-value>jdbc:mysql://localhost:3306/<db_name>?user=java</paramvalue>
</context-param>
<context-param>
<param-name>dbPassword</param-name>
<param-value>webaccess</param-value>
</context-param>
Replace <dbname> with the name of your database, e.g., casej for Justin Case. Each <context-param> (context parameter) element defines an application variable. Just like many other types of parameters, this one is also implemented as a name‐value pair. The “name” part is defined by the <param-name> child element; the “value” part, the <param-value> child element. The above lines are like saying: conStr = jdbc:mysql://localhost:3306/dvdrental?user=java and dbPassword = webaccess
You may be wondering why we have two application variables instead of one. Unlike in ASP, where you may store the entire connection string as one application variable, Tomcat has issues (caused by the wording “password”) if you try to do the same. An alternative solution would require more complicated setup that involves even the server.xml file. However, it is simpler to break up the connection string and use two application variables without the wording “password” in their values. Interestingly, the same wording in variable names is OK, e.g., “dbPassword”. To access an application variable, use the getInitParameter() method of the application object, passing the variable name as the argument, e.g., application.getInitParameter("conStr"). Once this is set up, in each JSP file, you simply access these two application variables and build your connection string. Then use it to create a connection, and go from there for data access: Class.forName("com.mysql.jdbc.Driver");
String cs = application.getInitParameter("conStr");
cs += ("&password=" + application.getInitParameter("dbPassword"));
Connection cxn = DriverManager.getConnection(cs);
Action for Assignment 6: (1) Modify the web.xml file so that it contains the two application variables as described above. (2) In the JSP files that you create/modify for this assignment, use the above code to create the JDBC connection. BCIS 3680 Enterprise Programming MySQL and ConStr Tutorial ‐ 2
Related documents
Solutions to End of Chapter Problems
Solutions to End of Chapter Problems
Document12127648 12127648
Document12127648 12127648
CS331 Advanced Data Structures – Spring 2016 Due: April 27
CS331 Advanced Data Structures – Spring 2016 Due: April 27
Traversing a string
Traversing a string
Sounds of Music Theory Examination
Sounds of Music Theory Examination
Soln MAE 518 Acoustic Radiation 1 Homework #2 Do the following
Soln MAE 518 Acoustic Radiation 1 Homework #2 Do the following
Download
advertisement