From 213e73bf0298c92ecc2bab298b98b55f60d0b407 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Sat, 15 Apr 2017 18:11:55 +0200
Subject: [PATCH] Making database for each user (no sharing between each other)

---
 .../java/org/owasp/webgoat/session/DatabaseUtilities.java    | 5 ++---
 webgoat-container/src/main/resources/application.properties  | 4 +---
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
index 4692528b4..da57ca356 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
@@ -7,8 +7,6 @@ import java.sql.SQLException;
 import java.util.HashMap;
 import java.util.Map;
 
-import org.springframework.beans.factory.annotation.Autowired;
-
 
 /**
  *************************************************************************************************
@@ -39,6 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired;
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @version $Id: $Id
  */
+//TODO: class we need to refactor to new structure, we can put the connection in the current session of the user
 public class DatabaseUtilities
 {
 
@@ -122,7 +121,7 @@ public class DatabaseUtilities
 	private static Connection getHsqldbConnection(String user, WebgoatContext context) throws ClassNotFoundException,
 			SQLException
 	{
-		String url = context.getDatabaseConnectionString().replaceAll("\\$\\{USER\\}", user);
+		String url = context.getDatabaseConnectionString().replace("{USER}", user);
 		return DriverManager.getConnection(url, "sa", "");
 	}
 	
diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
index 6ec69f48d..c326c44cb 100644
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@@ -26,9 +26,7 @@ webgoat.emaillist=owasp-webgoat@lists.owasp.org
 webgoat.feedback.address=webgoat@owasp.org
 webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
 webgoat.database.driver=org.hsqldb.jdbcDriver
-webgoat.database.connection.string=jdbc:hsqldb:mem:test
-# TODO_NB
-#webgoat.database.connection.string=jdbc:hsqldb:mem:${USER}
+webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en