• Post Reply Bookmark Topic Watch Topic
  • New Topic

Good practice or not? Using DB Column name to map back to HTML & Java object names  RSS feed

 
Steven Mac
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was wanting to see what the opinion or practice is when naming objects in the HTML that will eventually be loaded and stored into the DB.

Lets say in my DB I have a column named DESCRIPTION in my table. Would you recommend or not using the field name to assign to a HTML field for mapping purposes by naming the HTML field (say a text box) input size="30" name="DESCRIPTION" (using the DB column name)

I then have a Java Object that contains getters/setters for DESCRIPTION (i.e. myObjBean.setDESCRIPTION("xxxx"); ) to receive the HTML information in the servlet that then makes the call to the DB to store.

I can see from a programming perspective how to map the relationships from GUI to DB makes it easy for tracking purposes, but does this open concern in regards to security that potentially if someone viewed html source, they could get all the field names that map back to your DB. They wouldn't know exactly what table, but would have info on the columns then.

What has been some of your approaches to handle this without losing the ability to track what maps back to your DB?

I guess what I have seen too are some websites encoding or scrambling their text if the source is viewed. Anyone know what tool is used to do something like that on the server/servlet side? That may then protect any sensitive information/names on the HTML objects.

Thanks for any feedback.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65833
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I name them what makes the most sense. If that happens to match some back-end consideration like a column name, fine. If not, also fine.

I would not use a name that doesn't make sense (or use all uppercase, ever) just to match a column name.

If the knowledge of a column name causes any level of vulnerability in your database, you've got some bigger security problems than what you name fields will solve.
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 36453
459
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Steven,
How would they know they have a list of columns to your database? Using the same name could be coincidence from their point of view.

Just to be sure, you aren't using that HTML name when building your SQL, right? Because that would be SQL injection and very bad.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!