Demo of SQL injections and recommended password handling practices. Derived from Mark's

db/ db Various improvements 1 year ago
gradle/ wrapper Various fixes: 9 months ago
src/ main Various fixes: 9 months ago
.gitignore Various fixes: 9 months ago Various improvements 1 year ago
build.gradle Various fixes: 9 months ago Various fixes: 9 months ago
gradlew Various fixes: 9 months ago
gradlew.bat Various fixes: 9 months ago
injections.txt Update injections.txt 1 year ago
schema.sql Various improvements 1 year ago

Jetty With The Works

The intention here is to have a self-contained project that has:

  • Servlet support.
  • Filter support.
  • Annotation based configuration for servlets and filters.
  • JSP support.
  • JSP fragment support.
  • An embedded H2 database.
  • An embedded Jetty server that runs the entire application from a main method.
  • Generation of a WAR file that can be deployed to Tomcat if necessary.
  • Everything can be done via Gradle.

Basically, anything that we are likely to need for COMP210 and injection flaw demos.

The example application has simple form-based authentication and path-based authorisation via a filter. It currently has intentional SQL injection flaws.


Run with:

> gradle run

The application defaults to a context path of /shop. The database is deployed in the WAR, so should be considered to be a disposable copy of the original database (the WAR is extracted into ${TEMP}, so you can actually get at the deployed database file if really necessary).

The main method will start the H2 console for the deployed database.

Generate WAR file

The WAR file is actually being used when running the embedded server, but if you only want the WAR you can use:

> gradle war

It is generated in build/libs

The application should use whatever context path it ends up with once deployed.

Database Access

The deployed DB will be opened in the H2 web console by default. As mentioned, this is a copy of the original DB that was embedded in the WAR file.

To work on the original version of the database (in the db/db directory of the project) you can run the following:

> gradle db