All Classes and Interfaces
Class
Description
Postgresql version of the
Works together with
Security
Note:
To support customization of storage table name, the
Security Note:
It is the responsibility of the user of this component to sanitize the
The
The
However, Essentials components as well as
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that the
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the
DurableQueues concept.Works together with
UnitOfWorkFactory in order to support queuing message together with business logic (such as failing to handle an Event, etc.)Security
DurableQueues allows the user of the component to override the PostgresqlDurableQueues.getSharedQueueTableName(), which is the name of the table that will contain all messages (across all QueueName's)Note:
To support customization of storage table name, the
sharedQueueTableName will be directly used in constructing SQL statements
through string concatenation, which exposes the component to SQL injection attacks.Security Note:
It is the responsibility of the user of this component to sanitize the
sharedQueueTableName
to ensure the security of all the SQL statements generated by this component.The
PostgresqlDurableQueues component will
call the PostgresqlUtil.checkIsValidTableOrColumnName(String) method to validate the table name as a first line of defense.The
PostgresqlUtil.checkIsValidTableOrColumnName(String) provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.However, Essentials components as well as
PostgresqlUtil.checkIsValidTableOrColumnName(String) does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that the
sharedQueueTableName value is only derived from a controlled and trusted source.To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide the
sharedQueueTableName value.Security
It is the responsibility of the user of this component to sanitize the
It is the responsibility of the user of this component to sanitize the
PostgresqlDurableQueuesBuilder.setSharedQueueTableName(String)
to ensure the security of all the SQL statements generated by this component.QueueEntryId ColumnMapperQueueName ColumnMapperCustom filter to extract the "queue_name" property from the Postgresql
This filter is useful when dealing with multiple
Example: if 100 messages are queued for the same
Notification.getParameter() JSON content.This filter is useful when dealing with multiple
Notification's involving the same queue.Example: if 100 messages are queued for the same
QueueName in the same UnitOfWork, then the MultiTableChangeListener will notify
the PostgresqlDurableQueues with 100 TableChangeNotification's.