英文:
Using JDBC DriverManager.getConnection for a web application
问题
我们的团队计划迁移到Web应用程序,而不是桌面应用程序。不过,对于第一轮更新,我们不打算对后端数据库调用进行任何更改。主要是将屏幕更改迁移到React或Angular,并在Tomcat服务器上部署它。
在我们的桌面应用程序中,我们使用DriverManger.getConnection()类从数据库获取连接。
我们计划暂时不更改数据库接口,也不使用像Hibernate/JPA或JDBC模板这样的现代方法,只使用原始的JDBC代码,它将使用Spring Boot/Rest API调用进行封装。
我们的用户群非常小,大约有50人,而且我的负责人目前对使用连接池等功能不太感兴趣,尽管它们与DataSource接口一起使用。
在部署WAR文件到多个Tomcat实例时,是否安全继续使用DriverManager.getConnection()来从数据库获取连接?尽管没有使用连接池等功能,似乎也能正常工作(已在单个Tomcat实例上尝试过)。
英文:
Our team is planning to migrate to a web application instead of the desktop application. One thing though is for the first round of updates, we are not planning to make any changes to the back-end DB calls. It will mostly be the screen changes that get migrated to React or Angular and deploy it in Tomcat server.
In our desktop application we have used DriverManger.getConnection() class to get the connection from DB.
We plan to not touch the DB interface yet or use modern approaches like Hibernate / JPA or JDBC Templates and just stick with raw JDBC code for now which will be wrapped using Spring boot/Rest API calls.
We have a very small user base, like around 50 people and my lead is not very much interested in using connection pooling and stuff yet though which comes with DataSource interface.
Is it is safe to continue using DriverManager.getConnection() to get connections from DB when you deploy your war file in multiple Tomcat instances? It seems to work though and is doable (tried with single Tomcat instance), other than the fact that we don't use features like connection pooling, etc.
答案1
得分: 1
使用DataSource或DriverManager.getConnection与安全性没有直接关系。所以,是的,你可以继续使用DriverManager.getConnection,但通常不建议在Web应用程序中使用,原因是可伸缩性。
然而,你将错过以下好处:
- 连接池(需要注意并非所有
DataSource实现都提供连接池), - 简化连接配置(尽管这取决于你目前如何分配它们);在某些情况下,这可能会提高安全性,
以及根据实际数据源的使用情况,可能获得其他潜在好处,如:
- 识别和回收连接泄漏,
- 限制最大连接数等。
如果你的当前代码已经集中了连接配置,那么第一步可能是注入(或使用JNDI检索)数据源(例如,在Tomcat中配置的数据源),然后用dataSource.getConnection()替换DriverManager.getConnection(...)。
英文:
Whether to use a DataSource or DriverManager.getConnection is not directly related to security. So, yes, you can continue to use DriverManager.getConnection, it is just not generally considered a good idea to use in web applications for reasons of scalability.
However, you'll miss out on benefits like:
- connection pooling (note though that not all
DataSourceimplementations provide connection pooling), - simplifying connection configuration (though that depends on how and where you're allocating them now); in some case this could improve security,
and other potential benefits - depending on the actual data source used - like:
- identifying and reclaiming connections leaks,
- limiting the maximum number of connections, etc.
If your current code already centralizes connection configuration, then the first step could simply be injecting (or retrieving with JNDI) a data source (e.g. one configured in Tomcat), and replacing DriverManager.getConnection(...) with dataSource.getConnection().
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论