From 6f5e7c37f7b7879dfdf78d50496a4b23b01c9721 Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Tue, 10 Jul 2007 11:46:01 +0000 Subject: [PATCH] Add infrastructure to enable setting of username and password for DB access git-svn-id: http://webgoat.googlecode.com/svn/trunk@127 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/session/DatabaseUtilities.java | 7 ++++ .../org/owasp/webgoat/session/WebSession.java | 34 +++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java index 355d413b0..182b4e7b6 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java @@ -65,7 +65,14 @@ public class DatabaseUtilities { Class.forName(s.getDatabaseDriver()); + String password = s.getDatabasePassword(); + if (password == null || password.equals("")) { return (DriverManager.getConnection(s.getDatabaseConnectionString())); + } else { + String conn = s.getDatabaseConnectionString(); + String user = s.getDatabaseUser(); + return DriverManager.getConnection(conn, user, password); + } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java index 35d09d26d..01233bc1a 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java @@ -99,6 +99,16 @@ public class WebSession /** * Description of the Field */ + public final static String DATABASE_USER = "DatabaseUser"; + + /** + * Description of the Field + */ + public final static String DATABASE_PASSWORD = "DatabasePassword"; + + /** + * Description of the Field + */ public final static int ERROR = 0; public static final String STAGE = "stage"; @@ -207,6 +217,10 @@ public class WebSession private String databaseDriver; + private String databaseUser; + + private String databasePassword; + private static Connection connection = null; private int hintNum = -1; @@ -273,6 +287,8 @@ public class WebSession isDebug = "true".equals( servlet.getInitParameter( DEBUG ) ); databaseConnectionString = servlet.getInitParameter( DATABASE_CONNECTION_STRING ); databaseDriver = servlet.getInitParameter( DATABASE_DRIVER ); + databaseUser = servlet.getInitParameter(DATABASE_USER); + databasePassword = servlet.getInitParameter(DATABASE_PASSWORD); servletName = servlet.getServletName(); this.context = context; course = new Course(); @@ -461,6 +477,24 @@ public class WebSession return ( databaseDriver ); } + /** + * Gets the databaseUser attribute of the WebSession object + * + * @return The databaseUser value + */ + public String getDatabaseUser() { + return (databaseUser); + } + + /** + * Gets the databasePassword attribute of the WebSession object + * + * @return The databasePassword value + */ + public String getDatabasePassword() { + return (databasePassword); + } + public String getRestartLink() { List parameters = new ArrayList();