Uses of Package
dk.cloudcreate.essentials.components.queue.postgresql
Packages that use dk.cloudcreate.essentials.components.queue.postgresql
-
Classes in dk.cloudcreate.essentials.components.queue.postgresql used by dk.cloudcreate.essentials.components.queue.postgresqlClassDescriptionPostgresql version of the
DurableQueuesconcept.
Works together withUnitOfWorkFactoryin order to support queuing message together with business logic (such as failing to handle an Event, etc.)
Security
DurableQueuesallows the user of the component to override thePostgresqlDurableQueues.getSharedQueueTableName(), which is the name of the table that will contain all messages (across allQueueName's)
Note:
To support customization of storage table name, thesharedQueueTableNamewill be directly used in constructing SQL statements through string concatenation, which exposes the component to SQL injection attacks.
Security Note:
It is the responsibility of the user of this component to sanitize thesharedQueueTableNameto ensure the security of all the SQL statements generated by this component.
ThePostgresqlDurableQueuescomponent will call thePostgresqlUtil.checkIsValidTableOrColumnName(String)method to validate the table name as a first line of defense.
ThePostgresqlUtil.checkIsValidTableOrColumnName(String)provides an initial layer of defense against SQL injection by applying naming conventions intended to reduce the risk of malicious input.
However, Essentials components as well asPostgresqlUtil.checkIsValidTableOrColumnName(String)does not offer exhaustive protection, nor does it assure the complete security of the resulting SQL against SQL injection threats.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
The responsibility for implementing protective measures against SQL Injection lies exclusively with the users/developers using the Essentials components and its supporting classes.
Users must ensure thorough sanitization and validation of API input parameters, column, table, and index names.
Insufficient attention to these practices may leave the application vulnerable to SQL injection, potentially endangering the security and integrity of the database.
It is highly recommended that thesharedQueueTableNamevalue is only derived from a controlled and trusted source.
To mitigate the risk of SQL injection attacks, external or untrusted inputs should never directly provide thesharedQueueTableNamevalue.Security
It is the responsibility of the user of this component to sanitize thePostgresqlDurableQueuesBuilder.setSharedQueueTableName(String)to ensure the security of all the SQL statements generated by this component.