File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes req.getParameter Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "req.getParameter Security" Watch "req.getParameter Security" New topic
Author

req.getParameter Security

Dan Patsey
Greenhorn

Joined: Aug 25, 2006
Posts: 7
If you are using req.getParameter() in a servlet to gather data from a form... What methods could you use to guarantee that the data is coming from that form and not a malicious user who is typing the parameters in the url (ie. www.something.com/servletname?importantparameter=something)
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Never trust data coming from the web.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jeroen T Wenting
Ranch Hand

Joined: Apr 21, 2006
Posts: 1847
indeed. Reject everything that's not within strictly guarded boundaries.
Design your application in such a way that freeform strings entered can never cause harm.
Etc. etc.


42
Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2049
Originally posted by Dan Patsey:
What methods


Design strategy? security strategy? something else? What 'methods' do you mean?

Depending on what you mean, you can look at securing your entire communication by https.

[ August 26, 2006: Message edited by: Jesus Angeles ]
[ August 26, 2006: Message edited by: Jesus Angeles ]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: req.getParameter Security
 
Similar Threads
Front controller and DAO, design question!
Syntax
Doing a POST and req.getParameter - No data ?
RequestDispatcher repeating /servletname problem
Problem with IE7