Ok so I was trying to make our site a little safer from sql injections,
so I made a database connection that connects with a user that only has
SELECT permissions. And edited Criteria like such
public Criteria()
{
this(DEFAULT_CAPACITY);
this.setDbName("readonlydatabase");
}
Now it seems to work for must things, but a couple queries fail with
throws java.lang.Exception java.lang.NullPointerException
at org.apache.torque.util.SQLBuilder.processOrderBy(SQLBuilder.java:497)
at
org.apache.torque.util.SQLBuilder.buildQueryClause(SQLBuilder.java:302)
at org.apache.torque.util.BasePeer.createQuery(BasePeer.java:730)
This error disappears as soon as I let the criteria use a database
connection with write privileges.
I know the user that it connects with has select privileges on every
public table in the database.
Does criteria need update privileges to work or something?
The query the criteria constructs work fine when I connect as the
readonly user and run it manually.
Any thoughts?
Thanks
--
Sheldon Ross
---------------------------------------------------------------------
To unsubscribe, e-mail: torque-user-unsubscr...@db.apache.org
For additional commands, e-mail: torque-user-h...@db.apache.org
