yoorijoriinfo

  It's because we didn't finally release the resources It corresponds to a violation of the web vulnerability. ex) Connection conn = null; PreparedStatement pstmt = null; ResultSet rs = null; try { // conn , pstmt , rs code }catch(NullPointerException e){ finally{ if(rs!=null){rs.close();} if(pstmt!=null){pstmt.close();} if(conn!=null){conn.close();} } 😀 Thank you !! 감사합니다 !!

Errors or error information should not be exposed to the console or on the screen. Use simple phrases only if necessary. Error information or system information should not be printed on the console or browser, but should be logged or printed in simple phrases if necessary Example of system data information disclosure (removal target code) Syste m.out.println(e.getMessage());, System.out.println(e);, e.printStackTrace();, out.println(e.getMessage()); Wrong ex) }catch(NullPointerException e){ System.out.println("Error : "+e); } } Right ex) }catch(NullPointerException e){ logger.error("ERROR-01 NullPointerException"); OR System.out.println("ERROR-01 NullPointerException"); } } 😀 Thank you !! 고마워 !!

Throwable,Exception,RuntimeException must be that  It should not be widely held, but specific exceptions such as FileNotFoundException, SQLException, IOException, ClassNotFoundEXception, etc. should be handled  !! Wring ex) } catch(Exception e) { logger.error("ERROR-01 Exception"); } Right ex) } catch( SQLException e) { logger.error("ERROR-01 SQLException"); } 😀 Thank you!! 고마워!!