Allow WebGoat to create per-user databases

This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/WebContent/WEB-INF/web.xml

@@ -145,17 +145,14 @@
       <init-param>
             <param-name>DatabaseDriver</param-name>
             <param-value>
-		    	sun.jdbc.odbc.JdbcOdbcDriver
-                <!--org.enhydra.instantdb.jdbc.idbDriver-->
+		    	org.hsqldb.jdbcDriver
             </param-value>
       </init-param>
 
       <init-param>
             <param-name>DatabaseConnectionString</param-name>
             <param-value>
-		    	<!-- insert the word PATH where you want to insert the realpath to the base of the web context-->
-                <!--jdbc:idb:PATH/database.prp-->
-				jdbc:odbc:;DRIVER=Microsoft Access Driver (*.mdb);DBQ=PATH/webgoat.mdb;PWD=webgoat"
+				jdbc:hsqldb:.
 		    </param-value>
       </init-param>
 

webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql

@@ -1,9 +1,9 @@
-DROP USER webgoat CASCADE;
-CREATE USER webgoat IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
-GRANT CONNECT, RESOURCE TO webgoat;
-GRANT CREATE PROCEDURE TO webgoat;
+DROP USER webgoat_guest CASCADE;
+CREATE USER webgoat_guest IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
+GRANT CONNECT, RESOURCE TO webgoat_guest;
+GRANT CREATE PROCEDURE TO webgoat_guest;
 
-CREATE TABLE WEBGOAT.EMPLOYEE (
+CREATE TABLE WEBGOAT_guest.EMPLOYEE (
     userid INT NOT NULL PRIMARY KEY,
     first_name VARCHAR(20),
     last_name VARCHAR(20),
@@ -24,7 +24,7 @@ CREATE TABLE WEBGOAT.EMPLOYEE (
 );
 
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
     stmt VARCHAR(32767);v_userid NUMBER;
 BEGIN
     stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
@@ -32,7 +32,7 @@ BEGIN
 END;
 /
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) AS
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) AS
     stmt VARCHAR(32767);v_userid NUMBER;
 BEGIN
     stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
@@ -40,7 +40,7 @@ BEGIN
 END;
 /
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.UPDATE_EMPLOYEE(
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE(
     v_userid IN employee.userid%type, 
     v_first_name IN employee.first_name%type, 
     v_last_name IN employee.last_name%type, 
@@ -82,7 +82,7 @@ BEGIN
 END;
 /
 
-CREATE OR REPLACE PROCEDURE WEBGOAT.UPDATE_EMPLOYEE_BACKUP(
+CREATE OR REPLACE PROCEDURE WEBGOAT_guest.UPDATE_EMPLOYEE_BACKUP(
     v_userid IN employee.userid%type, 
     v_first_name IN employee.first_name%type, 
     v_last_name IN employee.last_name%type,