Avoid Direct Database Connection

java.avoid_direct_database_connection

Severity

low

Resource

Api

Language

Java

Description

Improper direct management of database connections within a J2EE application.

Rationale

The J2EE standard mandates that applications utilize the container’s resource management capabilities to acquire connections to resources, typically using javax.sql.DataSource accessed through JNDI.

This rule identifies non-recommended methods of obtaining a connection, such as using JDBC DriverManager.getConnection().

Remediation

The J2EE application should use the web application container’s resource management facilities to obtain a connection to the database as shown in the following example.

References

https://cwe.mitre.org/data/definitions/245.html