Database Reference
In-Depth Information
if( null == stmt.getBytes(4) ) okToOverwrite = true ;
else {
It could be that we stored an entry for this inner class, but stored a null for the associated list of
connection strings. Listing 11-34 tests this. If the connection strings are null , we can overwrite this entry.
It is more likely that an empty HashMap was stored for this new inner class version as a placeholder.
We can test this by getting the list of connection strings and reading it to see if there are any entries in
the list. But first, we revisit our new f_unmask function to decrypt the connection strings list that we read
from storage for the current class name and version, as shown in Listing 11-35.
Listing 11-35. Decrypt Stored Connection Strings List for Current Version
byte[] connsBytes = stmt.getBytes(4);
stmt = ( OracleCallableStatement )conn.prepareCall(
"{? = call appsec. f_unmask (?,?,?)}" );
stmt.registerOutParameter( 1, OracleTypes.RAW );
stmt.setBytes( 2, connsBytes );
stmt.setString( 3, className );
stmt.setString( 4, classVersion );
stmt.executeUpdate();
Create an object from the decrypted list of connection strings and cast it as a HashMap . Next, test the
size of the HashMap . If the size is zero, we can overwrite this entry; however, if it is not empty, we return
without copying the old version connection strings to the new version. See Listing 11-36.
Listing 11-36. Test if Stored Connection Strings List is Empty
oins = new ObjectInputStream( new ByteArrayInputStream(
stmt.getBytes(1) ) );
Object currentConns = oins.readObject();
oins.close();
HashMap<String, String> currConnsHash =
(HashMap<String, String>)currentConns;
if( 0 == currConnsHash.size() ) okToOverwrite = true ;
}
}
if( ! okToOverwrite ) return "Current connsHash is not empty!";
If we have gotten this far, then either there was no entry in v_app_conn_registry for the current
(new) version of the application inner class, or the associated list of connection strings was null or
empty. So we are free to copy the old connection strings to the new version. But first, we will encrypt
them as in Listing 11-37, specifically for the new version, by calling our new f_mask function.
Listing 11-37. Encrypt Old Connection Strings List for New Version Before Storing
stmt = ( OracleCallableStatement )conn.prepareCall(
"{? = call appsec. f_mask (?,?,?)}" );
stmt.registerOutParameter( 1, OracleTypes.RAW );
stmt.setBytes( 2, prevConnsBytes );
stmt.setString( 3, className );
stmt.setString( 4, classVersion );
stmt.executeUpdate();
 
Previous Page
Next Page
Expert Oracle and Java Security
Search WWH ::




Custom Search
Home