Java 7 SE, Part 4: JDBC and Security

with expert Brigitte Birze

JDBC got updated to version 4.1 in Java SE 7. This update was filled with all kinds of new features and classes. JDBC will now manage your JDBC resources, closing them automatically so you don’t leave data base connections open. You can also use the connection class to shut down the entire physical connection, with a graceful take down of threads and resources using the connection. This can be done explicitly or with a timeout that works under the covers. There has been work done in converting between Java object types and JDBC types. Both with the expansion of the permitable mappings and in the ability to explicitly specify the conversion mapping you want in a streamlined manner. Applications now have more control over 3rd party data source objects with methods to get information about the connection capabilities or to retrieve the data source’s logger and controller. JDBC also has two new classes which let you specify the third party row set classes you want to use without putting the explicit class names in your code. The Java SE 7 update pulled out all the stops in dealing with security. Updates to the Java Secure Socket Extensions or JSSE, protect your applications from the TLS renegotiation attack and the cyber block chaining attack. While new methods and a new trust manager class help keep you safe from other ‘man in the middle’ attacks. You can even disable algorithms that are considered weak, so our cryptography architecture frame work security riders will not use them. Security was front and center in the updates to RIA, our Rich Internet Applications. The Java console got a new tab that deals with RIA security. From this tab you can manage your overall security level, as well as your certificates, site exception lists and deployment rules.

Course Outline