CWE-245

J2EE Bad Practices: Direct Management of Connections

Variant

Draft

Description

The J2EE application directly manages connections, instead of using the container's connection management facilities.

The J2EE standard forbids the direct management of connections. It requires that applications use the container's resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.

Parent Weaknesses (ChildOf)

CWE-695: Use of Low-Level Functionality...

Common Consequences

Scope

Other

Impact

Quality Degradation

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-245

J2EE Bad Practices: Direct Management of Connections

Description

Relationships

Common Consequences

Applicable Platforms