From b3526137f8e90328fec686ef3c154ac607d784e6 Mon Sep 17 00:00:00 2001
From: Pekka Helenius <fincer89@hotmail.com>
Date: Fri, 9 Oct 2020 09:32:23 +0300
Subject: [PATCH] Add SQL server security note

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>
---
 .../bookstore/model/book/BookHash.java        | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/bookstore/src/main/java/com/fjordtek/bookstore/model/book/BookHash.java b/bookstore/src/main/java/com/fjordtek/bookstore/model/book/BookHash.java
index 796fb2d..9f413fe 100644
--- a/bookstore/src/main/java/com/fjordtek/bookstore/model/book/BookHash.java
+++ b/bookstore/src/main/java/com/fjordtek/bookstore/model/book/BookHash.java
@@ -80,6 +80,25 @@ public class BookHash {
 	////////////////////
 	// Attribute setters
 
+	/*
+	 * Ignore UPDATE queries in Jakarta Persistence API context.
+	 *
+	 * Security note:
+	 *
+	 * To actually prevent UPDATE queries, bookstore database user must have
+	 * permission denial for UPDATE queries for BOOK_HASH table in SQL database
+	 * internal security policy.
+	 *
+	 * SQL server admin // Remove UPDATE permission:
+	 *
+	 * REVOKE UPDATE on <database_name>.BOOK_HASH FROM '<bookstore_user>'@'sql-server_domain-name';
+	 *
+	 * SQL server admin // Confirm changes:
+	 *
+	 * SHOW GRANTS FOR '<bookstore_user>'@'sql-server_domain-name';
+
+	 * If needed, contact your SQL server admin to configure this policy.
+	 */
 	@Column(
 			name             = "hash_id",
 			unique           = true,