Database connections stored in static fields will be shared between threads.
A transactional resource object such as database connection can only be associated with one transaction at a time. For this reason, a connection should not be shared between threads and should not be stored in a static field. See Section 4.2.3 of the J2EE Specification for more details.
Example 1:
public class ConnectionManager {
private static Connection conn = initDbConn();
...
}
[1] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3630.1 CAT II
[2] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 362, CWE ID 567
[3] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Insecure Interaction - CWE ID 362
[4] Standards Mapping - SANS Top 25 2010 - (SANS 2010) Insecure Interaction - CWE ID 362
[5] Java 2 Platform Enterprise Edition Specification, v1.4 Sun Microsystems