Friday, February 24, 2012

JDBC: DatabaseMetaData.getURL() returns jdbc:sqljdbc://

Hi,

I'm using:

Microsoft SQL Server 9.00.1399
Microsoft SQL Server 2005 JDBC Driver 1.0.809.102

Executing the DatabaseMetaData.getURL() method when database is connected returns "jdbc:sqljdbc://". The documentation for getURL() specifies that this URL is returned only when accessing pre SQL Server 2005 versions while when connected to 2005 it should return the correct URL
(ex: jdbc:sqlserver://192.168.1.105:1223;databaseName=test)

My question is why I don't get the correct URL as I connect to a 2005 database?

(Another related question is why a proper URL is not returned even when connected to a pre 2005 database?)

Regards

Roger

Minq Software
Author of DbVisualizer (http://www.dbvis.com/products/dbvis)

I don't know where did you get the documentation saying that getURL() will return more than "jdbc:sqljdbc://" for SQL Server 2005. According to our spec, it is the correct behavior.

Thanks

Bei

|||I read the following:

http://msdn2.microsoft.com/en-us/library/ms379009.aspx

But you're right and I was wrong that this behavior includes SQL Server 2005 as well.

Big question then is why it returns "jdbc:sqljdbc://"? Why does it return jdbc:sqljdbc to start with and secondly why doesn't it return the complete URL as specified at connect? (Beta versions of the driver returned the URL correctly (as I see it) but using the latest driver it works as above).

Regards

Roger
|||

It is for security reason. We don't want to leak sensitive information.

Thanks
Bei

|||Bei,

> It is for security reason. We don't want to leak sensitive information.

Can you please explain what security reasons there might be? We've tried JDBC drivers from 20+ vendors for all major databases and all of them returns the URL as it was specified during connect.

Second question is why jdbc:sqljdbc:// was choosed over the more intuitive jdbc:sqlserver://?

Regards

Roger

|||

Roger,

The fact that it is returning "jdbc:sqljdbc://" is obviously a bug, I have filed this internally but if you want to you can file it directly under http://lab.msdn.microsoft.com/productfeedback/default.aspx

The reasoning behind returning something other than the URL that the user passed in boils down to two issues.

1) We can't return password information with this method. This is considered a security bug and would not pass internal Microsoft security reviews. This may sound strange but there are good reasons behind it and it is consistent with all the drivers microsoft has shipped recently.

2) Here are some of the ways in which you can create a connection:

DriverManager.getConnection(url)
DriverManager.getConnection(url, info)
DriverManager.getConnection(url, user, password)
DataSource.getConnection()
DataSource.getConnection(username, password)

What would you expect getUrl to return in each of these cases? How usefull will what you are returning be without password information?

When we asked ourselves this questions it became clear that doing the work to return all values minus the password did not make a lot of sense.

If you have a scenario where having this information is important I would be happy to work with you to get this integrated with our next driver release. Sorry there is nothing I can do about the password information.

Hope this makes sense,

Angel

|||Angel,

Thanks for getting back to me.

Good to hear that you agree that the jdbc:sqljdbc:// is a bug.

When it comes to the URL in general it is supposed to return the URL, not URL + userid/password, just only the URL. If user or password is passed as arguments in the URL these should be removed. I strongly recommend that you check drivers from other vendors.

Thanks!

Regards

Roger

No comments:

Post a Comment