存儲在靜態字段中的數據庫連接會被不同的線程共享。
對于與事務相關聯的資源對象(比如數據庫連接),一次只能與一個事務相關聯。出于這個原因,一個連接不應該被多個線程共享,并且不應該存儲在靜態字段中。要獲取更多詳細信息,請參見 J2EE 規范中的第 4.2.3 節。
例 1:
public class ConnectionManager {
private static Connection conn = initDbConn();
...
}
[1] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3630.1 CAT II
[2] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP3630.1 CAT II
[3] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 362, CWE ID 567
[4] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Insecure Interaction - CWE ID 362
[5] Standards Mapping - SANS Top 25 2010 - (SANS 2010) Insecure Interaction - CWE ID 362
[6] Java 2 Platform Enterprise Edition Specification, v1.4 Sun Microsystems