diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java
index e9c072be3..c712d50cc 100644
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java
@@ -6,6 +6,7 @@ import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
+import java.sql.Statement;
import java.util.HashMap;
import java.util.Map;
@@ -92,21 +93,26 @@ public class DatabaseUtilities
}
}
- public static Connection makeConnection(String user, WebgoatContext context)
+ private static Connection makeConnection(String user, WebgoatContext context)
throws ClassNotFoundException, SQLException
{
- Class.forName(context.getDatabaseDriver());
+ Class.forName(context.getDatabaseDriver());
- String password = context.getDatabasePassword();
- String conn = context.getDatabaseConnectionString();
- if (password == null || password.equals("")) {
- return (DriverManager.getConnection(conn));
- } else {
- String userPrefix = context.getDatabaseUser();
- return DriverManager.getConnection(conn, userPrefix + "_" + user, password);
- }
+ if (context.getDatabaseConnectionString().contains("hsqldb"))
+ return getHsqldbConnection(user, context);
+
+ String userPrefix = context.getDatabaseUser();
+ String password = context.getDatabasePassword();
+ String url = context.getDatabaseConnectionString();
+ return DriverManager.getConnection(url, userPrefix + "_" + user, password);
}
+ private static Connection getHsqldbConnection(String user, WebgoatContext context)
+ throws ClassNotFoundException, SQLException
+ {
+ String url = context.getDatabaseConnectionString().replaceAll("\\$\\{USER\\}", user);
+ return DriverManager.getConnection(url, "sa", "");
+ }
/**
* Description of the Method
*
@@ -162,4 +168,5 @@ public class DatabaseUtilities
"Query Successful; however no data was returned from this query."));
}
}
+
}
diff --git a/ webgoat/main/project/WebContent/WEB-INF/web.xml b/ webgoat/main/project/WebContent/WEB-INF/web.xml
index 5bf4fe126..f5e0b5151 100755
--- a/ webgoat/main/project/WebContent/WEB-INF/web.xml
+++ b/ webgoat/main/project/WebContent/WEB-INF/web.xml
@@ -151,8 +151,12 @@
DatabaseConnectionString
+
- jdbc:hsqldb:.
+ jdbc:hsqldb:${USER}
diff --git a/ webgoat/main/project/WebContent/webgoat.jsp b/ webgoat/main/project/WebContent/webgoat.jsp
index bf2d5bfaa..45aef327b 100644
--- a/ webgoat/main/project/WebContent/webgoat.jsp
+++ b/ webgoat/main/project/WebContent/webgoat.jsp
@@ -31,10 +31,11 @@
|
- Bruce Mayhew
- Laurence Casey
- David Anderson
+ Bruce Mayhew
+ Laurence Casey
+ David Anderson
Eric Sheridan
+ Rogan Dawes
|
Aspect Security
|