katzyn
commented
1 year ago This class doesn't have @WebListener annotation, so it isn't actually used by web applications and you shouldn't care about it.
@grandinj
Do we really need these DbStarter and JakartaDbStarter in main sources? They look like code examples.
grandinj
Hello, While I was trying to implement h2database for my personal project one function seemed to be vulnerable. According to my CI tool it states that JakartaDbStarter.java has issue of CWE-798: Use of Hardcoded Credentials : Do not hardcode credentials in code.
on the line: String url = getParameter(servletContext, "db.url", "jdbc:h2:~/test"); the jdbc:h2:~/test is considered to be credentials.
is it okay to use this?