Question: Read the code snippet in the file Java and look for improvement in view of principles and concepts of secure software. Using Notepad / any

Read the code snippet in the file Java and look for improvement in view of principles and concepts of secure software. Using Notepad / any other code editor rewrite code for security improvement. Submit modified code/logic and explanation in a word file.

Below is the JAVA Code

package com.dcx.ps.dcppcp.bm.dao;

import java.sql.Connection;

import java.sql.SQLException;

import java.sql.Statement;

import com.dcx.restricted.ps.dcppcp.DBConnectionManager;

import com.dcx.ps.dcppcp.exception.ApplicationException;

/**

* @author: Jason Grembi

* Read this class and identify all security Vulnerabilities that are

wrong

**/

public class SecurityCheck1 {

private static final String CLASS = "SecurityCheck1";

/** A Dcppcp constant that controlls messge output */

private final static boolean DEBUG = true;

/** A variable for maintaining a single reference for an error msg

*/

private static String errorMsg;

/** A variable for maintaining a single reference for keys */

private static String keys;

/**

* This method writes debug statements when the constant is true.

*/

public static void debug(String s) {

if (DEBUG) {

System.out.println(s);

}

}

/**

* This method writes debug statements and prints a stacktrace.

*/

private static void debug(String message,Exception e) {

if (DEBUG) {

System.out.println(message);

e.printStackTrace();

}

}

private static void updateSecureData(double salary, String userId)

throws ApplicationException {

final String METHOD = "updateSecureData()";

debug(CLASS + "." + METHOD + "==>Begin");

DBConnectionManager dbConnMgr = null;

Connection conn = null;

try {

// Get Connection from DBConnectionManager.

dbConnMgr = DBConnectionManager.getInstance();

conn = dbConnMgr.getConnection();

// Get a statement from the connection

Statement stmt = conn.createStatement() ;

// Execute the Update

int rows = stmt.executeUpdate( "UPDATE Emp

SET Q_SALEMP_NO = '"+salary+"' WHERE EMP_ID = '"+userId+"'");

// Print how many rows were modified

System.out.println( rows + " Rows

modified" ) ;

// Close the statement and the connection

stmt.close() ;

conn.close() ;

} catch( SQLException se ) {

} catch( Exception e ) {

}

}

}

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Information Security Risk Management ITC6315 Assignment 2 Assignment For this exercise, read the provided case study about AcmeHealth, and rate the risk exposure for each finding related to the...

Q:

can someone solve this Modern workstations typically have memory systems that incorporate two or three levels of caching. Explain why they are designed like this. [4 marks] In order to investigate...

Q:

Project Management Casebook David I. Cleland, Karen M. Bursic, Richard Puerzer, and A. Yaroslav Vlasak Library of Congress Cataloging-in-PublicationData Project management casebook /edited by David...

Q:

Predictive text entry systems are familiar on touch screens and mobile phones. This question asks you to consider how the same principles might be used in a programming editor for creating Java code....

Q:

Please help with this. Text below BCS 101 - Programming Concepts and Problem Solving This course will provide an introduction to programming logic and problem solving techniques using different...

Q:

Can someone help make this java file run? The code is probable the main issue I am having //AssignReadString public class AssignReadString { } import java.awt.image.BufferedImageFilter; import...

Q:

Can someone please help me make this run? I don't understand why it is not //AssignReadString public class AssignReadString { } import java.awt.image.BufferedImageFilter; import...

Q:

Purpose In this assessment you will demonstrate your Knowledge of the code concepts covered in Weeks 1-10 of this course, creating a program which meets specific functional requirements of an...

Q:

Purpose In this assessment you will demonstrate your Knowledge of the code concepts covered in Weeks 1-10 of this course, creating a program which meets specific functional requirements of an...

Q:

Summary Continue to develop your understanding of repetition control structures and file I/O by building a class averaging program (here "class" means a course, not an element of the Java language)....

Q:

Assume two competitors, American International Group (AIG), Inc., and Axa, SA., are locked in a bitter pricing struggle in the reinsurance business. In the pricing payoff matrix, AIG can choose a...

Q:

Hyzel Manufacturing Company produces two types of tarpaulin products for its customers, namely, Class A and Class AA. Each class of finished product uses two types of raw materials, namely, material...

Q:

a potential merger that produces synergy 1 ) should be rejected due to the projected negative cash flows 2 ) synergy will dilute the benefits of the nerger 3 ) has a net present value of 0 4 )...

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

1. Go to www.pfizer.com, the Web site for Pfizer, a company that researches, develops, manufactures, and markets leading prescription medicines for humans and animals. Identify Pfizers mission...

Q:

13. What are the advantages and disadvantages of a centralized training function?

Q:

12. How would you design a corporate university? Explain each step you would take.