smaller corrections

Doc/Ref/Fig/jdbcSniffing.fig

@@ -294,8 +294,9 @@ Single
 	1 1 1.00 60.00 120.00
 	 3330 3735 3330 4410
 2 5 0 1 0 -1 740 -1 20 0.000 0 0 -1 0 0 5
-	0 /ma/goik/Downloads/hacker.png
-	 2520 2475 4246 2475 4246 3676 2520 3676 2520 2475
+	0 hacker.jpg
+	 2520 2385 4320 2385 4320 3609 2520 3609 2520 2385
 4 0 0 800 0 18 12 0.0000 4 150 600 990 1350 Server\001
 4 0 0 780 0 18 12 0.0000 4 150 540 6255 1350 Client\001
 4 0 0 760 0 18 12 0.0000 4 150 645 3330 4995 TCP/IP\001
+4 0 0 740 0 18 12 0.0000 4 150 735 2970 2205 Intruder\001

Doc/course.xml

@@ -27,6 +27,48 @@
   <chapter xml:id="prerequisites">
     <title>Prerequisites</title>
 
+    <section xml:id="resources">
+      <title>Lecture resources</title>
+
+      <para>A <uri xlink:href="https://www.virtualbox.org">Virtualbox</uri>
+      based virtual machine is available at <uri
+      xlink:href="ftp://mirror.mi.hdm-stuttgart.de/ubuntu/VirtualBox/lubuntu.vdi">ftp://mirror.mi.hdm-stuttgart.de/ubuntu/VirtualBox/lubuntu.vdi</uri>.
+      It contains all (??) related tools from the <uri
+      xlink:href="http://www.mi.hdm-stuttgart.de">CSM</uri> department's
+      lecture room Linux installation:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Eclipse J2EE version with <productname>Database developer
+          tools</productname>, <productname>git</productname>,
+          <trademark>Oxygenxml</trademark>, and <productname>svn</productname>
+          plugins installed.</para>
+        </listitem>
+
+        <listitem>
+          <para>A running <productname>Mysql</productname> server
+          preconfigured with user <quote><code>hdmuser</code></quote>,
+          password <quote><code>XYZ</code></quote> and database
+          <quote><code>hdm</code></quote>.</para>
+        </listitem>
+
+        <listitem>
+          <para><productname>Xmlmind</productname> editor for visually editing
+          technical documents based on <uri
+          xlink:href="http://docbook.org/tdg5/index.html">docbook</uri> or
+          <uri
+          xlink:href="http://en.wikipedia.org/wiki/Darwin_Information_Typing_Architecture">DITA</uri>.</para>
+        </listitem>
+
+        <listitem>
+          <para>Based on the <uri
+          xlink:href="http://lubuntu.net">Lubuntu</uri> fork of <uri
+          xlink:href="http://www.ubuntu.com">Ubuntu</uri> for resource saving
+          reasons with respect to be used in a virtualized environment.</para>
+        </listitem>
+      </itemizedlist>
+    </section>
+
     <section xml:id="tools">
       <title>Tools</title>
 
@@ -178,7 +220,7 @@ java version "1.7.0_07"
         <para>We start by installing the <productname>mysql</productname>
         server:</para>
 
-        <programlisting>root@goiki:~# aptitude install mysql-server-5.5
+        <programlisting>root@goiki:~# aptitude install mysql-server
 The following NEW packages will be installed:
   libdbd-mysql-perl{a} libdbi-perl{a} libnet-daemon-perl{a} libplrpc-perl{a} 
   mysql-client-5.5{a} mysql-server-5.5 
@@ -698,18 +740,19 @@ SimpleInsert.username=hdmuser</programlisting>
                 </informalfigure>
 
                 <para>The wizard also generates a class
-                <classname>sda.jdbc.intro.v1.JdbcProperties</classname> to
-                actually access our properties:</para>
+                <classname>sda.jdbc.intro.v1.DbProps</classname> to actually
+                access our properties:</para>
 
                 <programlisting language="java">package sda.jdbc.intro.v1;
 ...
-public class JdbcProperties {
-   private static final String BUNDLE_NAME = "sda.jdbc.intro.v1.jdbc";
+public class DbProps {
+   private static final String BUNDLE_NAME = "sda.jdbc.intro.v1.database";
 
    private static final ResourceBundle RESOURCE_BUNDLE = ResourceBundle
          .getBundle(BUNDLE_NAME);
 
-   private JdbcProperties() {}
+   private DbProps() {
+   }
 
    public static String getString(String key) {
       try {
@@ -2152,7 +2195,7 @@ INSERT INTO Person VALUES ('Pete', 'p@rr.com')
           linkend="figJdbcSimpleWrite"/> may be rewritten using
           <classname>java.sql.PreparedStatement</classname> objects:</para>
 
-          <programlisting language="java">package sda.jdbc.prepare;
+          <programlisting language="java">sda.jdbc.intro.v1;
 ...
 public class SimpleInsert {
    
@@ -2230,9 +2273,8 @@ public class SimpleInsert {
                   <para>Due to our separation of GUI and persistence handling
                   we only need to re-implement
                   <classname>sda.jdbc.intro.sqlinject.PersistenceHandler</classname>.
-                  We have to replace
-                  <classname>java.util.Statement</classname> by
-                  <classname>java.util.PreparedStatement</classname>
+                  We have to replace <classname>java.sql.Statement</classname>
+                  by <classname>java.sql.PreparedStatement</classname>
                   instances. A possible implementation is
                   <classname>sda.jdbc.intro.v1.prepare.PersistenceHandler</classname>.
                   We may now safely enter offending strings like:</para>
@@ -2986,8 +3028,8 @@ public class InsertPerson extends JFrame {
                     <para>Password fields need special treatment:
                     <code>getText()</code> is superseded by
                     <code>getPassword()</code>. In order to avoid casts from
-                    <classname>javax.swing.JTextField.JTextField</classname>
-                    to <classname>javax.swing.JPasswordField</classname> we
+                    <classname>javax.swing.JTextField</classname> to
+                    <classname>javax.swing.JPasswordField</classname> we
                     simply keep an extra reference.</para>
                   </callout>
 

ws/eclipse/Jdbc/src/sda/jdbc/intro/v1/SimpleInsert.java

@@ -2,8 +2,8 @@ package sda.jdbc.intro.v1;
 
 import java.sql.Connection;
 import java.sql.DriverManager;
+import java.sql.PreparedStatement;
 import java.sql.SQLException;
-import java.sql.Statement;
 
 public class SimpleInsert {
    
@@ -15,12 +15,15 @@ public class SimpleInsert {
             DbProps.getString("PersistenceHandler.username"),
             DbProps.getString("PersistenceHandler.password"));
       
-      // Step 2: Create a Statement instance
-      final Statement stmt = conn.createStatement();
+      // Step 2: Create a PreparedStatement instance
+      final PreparedStatement pStmt = conn.prepareStatement("INSERT INTO Person VALUES(?, ?)");
       
-      // Step 3: Execute the desired INSERT
-      final int updateCount = stmt.executeUpdate(
-               "INSERT INTO Person VALUES('Jim', 'jim@foo.org')");
+      // Step 3a: Fill in desired attribute values
+      pStmt.setString(1, "Jim");
+      pStmt.setString(2, "jim@foo.org");
+      
+      // Step 3b: Execute the desired INSERT
+      final int updateCount = pStmt.executeUpdate();
       
       // Step 4: Give feedback to the enduser
       System.out.println("Successfully inserted " + updateCount + " dataset(s)");