Details

CWE-245: J2EE Bad Practices: Direct Management of Connections

Description

The J2EE application directly manages connections rather than using the container's resource management facilities to obtain connections as specified in the J2EE standard. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.

Remediation

Request the connection from the container rather than attempting to access it directly.

References

CWE