Repository: commons-dbcp Updated Branches: refs/heads/master 34cd3da6f -> ebd133cf7
- [DBCP-528] org.apache.commons.dbcp2.DriverManagerConnectionFactory should use a char[] instead of a String to store passwords. - [DBCP-517] Make defensive copies of char[] passwords. Project: http://git-wip-us.apache.org/repos/asf/commons-dbcp/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-dbcp/commit/ebd133cf Tree: http://git-wip-us.apache.org/repos/asf/commons-dbcp/tree/ebd133cf Diff: http://git-wip-us.apache.org/repos/asf/commons-dbcp/diff/ebd133cf Branch: refs/heads/master Commit: ebd133cf778dbee92a1fd175443253ba2bebadf3 Parents: 34cd3da Author: Gary Gregory <garydgreg...@gmail.com> Authored: Tue Nov 13 12:07:24 2018 -0700 Committer: Gary Gregory <garydgreg...@gmail.com> Committed: Tue Nov 13 12:07:24 2018 -0700 ---------------------------------------------------------------------- src/changes/changes.xml | 3 +++ .../dbcp2/DataSourceConnectionFactory.java | 2 +- .../dbcp2/DriverManagerConnectionFactory.java | 24 +++++++++++++++++--- .../TestDriverManagerConnectionFactory.java | 6 ++--- 4 files changed, 28 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 98f341c..f02828f 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -85,6 +85,9 @@ The <action> type attribute can be add,update,fix,remove. <action dev="ggregory" type="add" issue="DBCP-527" due-to="Gary Gregory"> Add getters to some classes. </action> + <action dev="ggregory" type="add" issue="DBCP-528" due-to="Gary Gregory"> + org.apache.commons.dbcp2.DriverManagerConnectionFactory should use a char[] instead of a String to store passwords. + </action> </release> <release version="2.5.0" date="2018-07-15" description="This is a minor release, including bug fixes and enhancements."> <action dev="ggregory" type="update" issue="DBCP-505" due-to="Gary Gregory"> http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java index 050c3bb..19a0c18 100644 --- a/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java +++ b/src/main/java/org/apache/commons/dbcp2/DataSourceConnectionFactory.java @@ -58,7 +58,7 @@ public class DataSourceConnectionFactory implements ConnectionFactory { public DataSourceConnectionFactory(final DataSource dataSource, final String userName, final char[] userPassword) { this.dataSource = dataSource; this.userName = userName; - this.userPassword = userPassword; + this.userPassword = Utils.clone(userPassword); } /** http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java b/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java index 24c506c..eeb1373 100644 --- a/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java +++ b/src/main/java/org/apache/commons/dbcp2/DriverManagerConnectionFactory.java @@ -42,7 +42,7 @@ public class DriverManagerConnectionFactory implements ConnectionFactory { private final String userName; - private final String userPassword; + private final char[] userPassword; private final Properties properties; @@ -87,10 +87,28 @@ public class DriverManagerConnectionFactory implements ConnectionFactory { * the user's password */ public DriverManagerConnectionFactory(final String connectionUri, final String userName, + final char[] userPassword) { + this.connectionUri = connectionUri; + this.userName = userName; + this.userPassword = Utils.clone(userPassword); + this.properties = null; + } + + /** + * Constructor for DriverManagerConnectionFactory. + * + * @param connectionUri + * a database url of the form <code>jdbc:<em>subprotocol</em>:<em>subname</em></code> + * @param userName + * the database user + * @param userPassword + * the user's password + */ + public DriverManagerConnectionFactory(final String connectionUri, final String userName, final String userPassword) { this.connectionUri = connectionUri; this.userName = userName; - this.userPassword = userPassword; + this.userPassword = Utils.toCharArray(userPassword); this.properties = null; } @@ -100,7 +118,7 @@ public class DriverManagerConnectionFactory implements ConnectionFactory { if (userName == null && userPassword == null) { return DriverManager.getConnection(connectionUri); } - return DriverManager.getConnection(connectionUri, userName, userPassword); + return DriverManager.getConnection(connectionUri, userName, Utils.toString(userPassword)); } return DriverManager.getConnection(connectionUri, properties); } http://git-wip-us.apache.org/repos/asf/commons-dbcp/blob/ebd133cf/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java b/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java index 959a47c..d053a25 100644 --- a/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java +++ b/src/test/java/org/apache/commons/dbcp2/TestDriverManagerConnectionFactory.java @@ -75,19 +75,19 @@ public class TestDriverManagerConnectionFactory { @Test(expected=SQLException.class) // thrown by TestDriver due to invalid password public void testDriverManagerWithoutPassword() throws SQLException { - final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", "user", null); + final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", "user", (char[]) null); cf.createConnection(); } @Test(expected=ArrayIndexOutOfBoundsException.class) // thrown by TestDriver due to missing user public void testDriverManagerWithoutCredentials() throws SQLException { - final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", null, null); + final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver", null, (char[]) null); cf.createConnection(); } @Test public void testDriverManagerCredentialsInUrl() throws SQLException { - final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver;user=foo;password=bar", null, null); + final DriverManagerConnectionFactory cf = new DriverManagerConnectionFactory("jdbc:apache:commons:testdriver;user=foo;password=bar", null, (char[]) null); cf.createConnection(); }
