How to secure Class.forName("com.mysql.jdbc.Driver)?
Question
I ran security scan on our application and one of the security issues that came up with is "Download of Code Without Integrity Check". This risk points of the line at Class.forName("com.mysql.jdbc.Driver");
I have not able to find out
- how do I secure the above line of code?
- How do I make sure parameter for
forName("")is not malicious class that I would be loading.
Note: I am using Java 1.7 on our live environment. We do not have a security policy/SecurityManager in place.
Edit: Security Scan used is Checkmarx.
1 answers
solution1
3 ACCPTED 2016-09-21 16:46:39
With recent JDBC drivers there's no need to do the Class.forName() registration anymore. Update your driver if it's old (not JDBC4 or newer), and you'll be able to remove the line altogether.
The security issue seems to refer to this which would mean that the attacker has already access to the classpath, and therefore can cause plenty of damage in other ways as well. The suggested solution of checking a checksum at that point may not be of too much help.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.