How to get started with CockroachDB


CockroachDB is a really interesting database system, getting the best of both RDBMS and NoSQL. It’s been developed by former Google developers, and it’s inspired by Google Spanner. However, unlike Google Spanner, which is offered as a service in Google Cloud, CockroachDB is an open-source database that can be installed on premise.

Also, CockroackDB allows you to use the PostgreSQL drivers as opposed to Spanner which only supports the gRPC protocol. So, you can practically reuse all the frameworks that have emerged in the Java ecosystem like connection pools, monitoring proxies (e.g. FlexyPool) or data access frameworks (e.g. Hibernate).

Unlike a typical RDBMS, CockroachDB is designed to be globally distributed and strongly resilient to disasters, hence its very unusual name. But what’s really exciting about CockroachDB is its non-locking timestamp ordering concurrency control mechanism which allows CockroachDB to run in Serializable isolation level, even if the database is massively distributed. Intriguing, right?

Continue reading “How to get started with CockroachDB”


How to find which statement failed in a JDBC Batch Update


Yesterday, my Danish friend, Flemming Harms, asked my a very interesting question related to when a JDBC batch update fails.

Basically, considering we are going to group several DML statements in a batch, we need a way to tell which statement is the cause of the failure. This post is going to answer this question in more detail.

Continue reading “How to find which statement failed in a JDBC Batch Update”

A beginner’s guide to SQL injection and how you should prevent it


One of my readers asked me to answer the following StackOverflow question. Right from the start, I noticed that the entity query was constructed by concatenating strings, which can expose your application to SQL Injection attacks.

Unfortunately, I’ve been seeing this problem over and over throughout my career, and not all developers are aware of the serious risk associated to SQL Injection. For this reason, this post is going to demonstrate what damage can SQL Injection do to your system.

Continue reading “A beginner’s guide to SQL injection and how you should prevent it”

How to customize the JDBC batch size for each Persistence Context with Hibernate


JDBC batching has a significant impact on reducing transaction response time. As previously explained, you can enable batching for INSERT, UPDATE and DELETE statements with just one configuration property:

<property name="hibernate.jdbc.batch_size" value="5"/>

However, this setting affects every Persistence Context, therefore every business use case inherits the same JDBC batch size. Although the hibernate.jdbc.batch_size configuration property is extremely useful, it would be great if we could customize the JDBC batch size on a per Persistence Context basis. This article demonstrates how easily you can accomplish this task.

Continue reading “How to customize the JDBC batch size for each Persistence Context with Hibernate”